[Samba] idmap ad question

Vaughan, Robert J vaughar2 at gdls.com
Mon Feb 13 22:53:18 UTC 2023 

On 13/02/2023 19:42, Vaughan, Robert J via samba wrote:

> Yeah the link is correctly setup, since it is not compiled Samba
> 
> Ok, I found in this link ..
> 
> https://urldefense.com/v3/__https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members*getent_not_Finding_Domain_Users_and_Groups__;Iw!!BlOwZnr7TA!m6mzFHwttP65JGum376WS2CNwHA07YrBUeN_Xf6Ah3bGe6qI_pN-AHW6VhG90T8dV9IgG4M7c2ihG5dk$ 
> 
> I had to change these lines to 'Yes' ..
> 
>          winbind enum groups = Yes
>          winbind enum users = Yes
> 
> Now, it works, but it's really slow (and I think I have heard you saying not to enable this before)

>> Ah, I think light dawns

>> Were you running 'getent passwd' rather than 'getent passwd AUSERNAME' ?

Yes, I am used to getting that output with getent on my UNIX LDAP system.  As long as I can get it from wbinfo I suppose that works too.

>> To get all the users shown, you need 'winbind enum users = yes', but it 
>> isn't required and, as you have found out, it just slows things down.

So, I don't think giving a gidNumber to 'domain users' did anything useful for me.  All the AD users using UNIX or SAMBA have uidNumber and gidNumber set (along with homedir and shell) and the UNIX groups are all in AD too now.  I don't plan to use the standard AD groups (or ones created by Windows admins) for UNIX or SAMBA purposes.  Perhaps if I wasn't planning on assigning UID/GID using POSIX attributes or creating my own groups the 'domain users' becomes useful?

Thanks,

Robert Vaughan

----------------------------------------------------------------------
This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information.  No one else may read, print, store, copy, forward or act in reliance on it or its attachments.  If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.

More information about the samba mailing list