samba - Aug 2016 - WINBIND: UID and GID false mappings on domain member

Hi @ALL

Trying to migrate to Samba AD after 12 lucky years with samba NT-domain +
server profiles and homes in a small research institute.

I decided to provision a new domain and create the users and groups using
samba-tool with most of its parameters.
I decided against classicupgrade, because I didn't get all posix attributes
automatically set and I cannot do LDAP kung-fu.

Intention is to administer most of it with samba-tool and Co, not Windows
RSAT.
In the NT domain I set till now all rights trough the Unix-rights, UID and
GID.

Even if I'm willing to recreate users and groups accordingly to the old UID
and GID (not that many), I am _desperately_ needing to transfer the data
with its original ownership.

I've set an "_ONLY_ DOMAIN CONTROLLER" and a first "DOMAIN
MEMBER" as file
server.

Mostly all is good, ntp, dns, kinit are working, the member server could
join the dc, authentication works.

WHAT I DO NOT GET CORRECTLY are the UID and GID of users and groups on the
domain member (PARTIALLY DEPENDING if I have the lines with "idmap config
*:..." or not ??? - see below)

And yes, I red in the last _weeks_ most of the docs and Q&A I could find.
I've said I'm desperate...

Please see the configs and the tests. May the force be with you :)

Many thanks in advance!

Environment: Ubuntu Server 16.04.1 + Samba 4.3.9

### DOMAIN CONTROLLER
root at hg-dc1:/etc/samba# cat smb.conf
# Global parameters
[global]
        workgroup = HUMGEN
        realm = HUMGEN.0ZONE
        netbios name = HG-DC1
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc

        idmap_ldb:use rfc2307 = yes
        dns-nameservers 127.0.0.1

        tls enabled  = yes
        tls keyfile  = tls/myKey.pem
        tls certfile = tls/myCert.pem
        tls cafile   = 

# [netlogon] is on the member server and defined in the user's object

# I let sysvol here, as I don't understand it's role
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

### DOMAIN MEMBER
root at hg004:/etc/samba# cat smb.conf
netbios name = HG004
server string = Fileserver HG004 - Samba 4.3.9-Ubuntu
security = ADS
workgroup = HUMGEN
realm = HUMGEN.0ZONE
server role = member server

server services = -dnsupdate -dns

interfaces = bond0, lo
bind interfaces only = yes

domain master = no
local master = no
preferred master = no
domain logons = no

encrypt passwords = yes

log file = /var/log/samba/%m.log
log level = passdb:5 auth:10 winbind:10

syslog only = no
# syslog 0=LOG_ERR, 1=LOG_WARNING, 2=LOG_NOTICE, 3=LOG_INFO
syslog = 0

# Default idmap config used for BUILTIN and local accounts/groups
idmap config *:backend = tdb
idmap config *:range = 2000-4000

# idmap config for domain HUMGEN
idmap config HUMGEN:backend = ad
idmap config HUMGEN:schema_mode = rfc2307
idmap config HUMGEN:range = 5000-30000
idmap config HUMGEN:default = yes

# Use settings from AD for login shell and home directory
winbind use default domain = yes
winbind nss info = rfc2307
winbind enum users = yes
winbind enum groups = yes

# no logon with cached credentials
winbind offline logon = no

winbind refresh tickets = yes
kerberos method = secrets and keytab
dedicated keytab file = /etc/krb5.keytab

wins server = hg-dc1.humgen.0zone

socket options = TCP_NODELAY IPTOS_LOWDELAY

# no templates. They are coming from LDAP in Active Directory
template homedir template shell 
# They are also coming from LDAP in Active Directory
logon script logon path logon drive logon home 
# case sensitive: auto=NO for Windows and maybe YES for CIFS
case sensitive = no
preserve case = Yes
short preserve case = Yes

# don't show the shares
browseable = no

map to guest = never

# default. Speeds transfers up. There are also others oplocks params
oplocks = yes
veto oplock files = /*.mdb/*.MDB/*.mde/*.MDE/*.mdw/*.MDW/*.ldb/*.LDB

# allow no local caching of data on the client
csc policy = disable

hide unreadable = yes
hide dot files = no

reset on zero vc = yes

[netlogon]
    path = /mnt/SRVDATA_crypt/samba/netlogon
    read only = yes

[homes]
    comment = %u's Home Directory
    path = /mnt/SRVDATA_crypt/samba/home/%S
    browsable = no
    read only = no
    valid users = %S

# server profiles are inside the user's home on the domain member and
defined in the user's object in AD
;[profiles]

### TEST USER
root at hg-dc1:/etc/samba# ldbsearch -H /var/lib/samba/private/sam.ldb
'(cn=test)'
# record 1
dn: CN=test,CN=Users,DC=humgen,DC=0zone
cn: test
sn:: VGVzdOKAiC0tZ2l2ZW4tbmFtZT1XYW50IFRv
title: Test Pilot
description: Want to Test
physicalDeliveryOfficeName: Bldg. 11, 12th floor, Room 1234
telephoneNumber: 12345
initials: WT.
instanceType: 4
whenCreated: 20160728135850.0Z
displayName:: IFdULiBUZXN04oCILS1naXZlbi1uYW1lPVdhbnQgVG8uSNCreated: 3803
department:: SW5zdGl0dXRl
company:: VU5J
wWWHomePage: institute.uni.de
name: test
objectGUID: af9cf66f-d5c7-4d7f-980f-c4c87a5765e5
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
primaryGroupID: 513
objectSid: S-1-5-21-1231847632-1110290357-1532217621-1108
accountExpires: 9223372036854775807
logonCount: 0
sAMAccountName: test
sAMAccountType: 805306368
userPrincipalName: test at humgen.0zone
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=humgen,DC=0zone
mail: test at humgen.0zone
uid: test
uidNumber: 9439
gidNumber: 5001
gecos: Want to Test
loginShell: /bin/bash
msSFU30NisDomain: humgen
msSFU30Name: test
unixUserPassword: ABCD!efgh12345$67890
objectClass: top
objectClass: posixAccount
objectClass: person
objectClass: organizationalPerson
objectClass: user
userAccountControl: 512
pwdLastSet: 131142705100000000
scriptPath: \\hg004.humgen.0zone\netlogon\login.bat
homeDirectory: \\hg004.humgen.0zone\%USERNAME%
homeDrive: U
profilePath: \\hg004.humgen.0zone\%USERNAME%\winprofile
unixHomeDirectory: //hg004.humgen.0zone/test/linhome
lastLogonTimestamp: 131153950658668290
whenChanged: 20160811131745.0Z
uSNChanged: 3847
lastLogon: 131154694735501500
distinguishedName: CN=test,CN=Users,DC=humgen,DC=0zone

### TEST GROUP
root at hg-dc1:/etc/samba# ldbsearch -H /var/lib/samba/private/sam.ldb
'(cn=hg_allg)' 
# record 1
dn: CN=hg_allg,CN=Users,DC=humgen,DC=0zone
objectClass: top
objectClass: group
cn: hg_allg
description: All Users of HumGen
instanceType: 4
whenCreated: 20160801120752.0Z
whenChanged: 20160801120752.0Z
uSNCreated: 3835
uSNChanged: 3835
name: hg_allg
objectGUID: 7acc757d-3164-471c-a101-c8f8ed5d8339
objectSid: S-1-5-21-1231847632-1110290357-1532217621-1113
sAMAccountName: hg_allg
sAMAccountType: 268435456
groupType: -2147483646
objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=humgen,DC=0zone
msSFU30Name: hg_allg
msSFU30NisDomain: humgen
gidNumber: 5001
distinguishedName: CN=hg_allg,CN=Users,DC=humgen,DC=0zone

###
# on the domain controller
###

root at hg-dc1:/etc/bind# wbinfo --user-info test
HUMGEN\test:*:9439:100: WT. Test --given-name=Want
To:/home/HUMGEN/test:/bin/false

root at hg-dc1:/etc/bind# wbinfo --group-info hg_allg
HUMGEN\hg_allg:x:5001:

###
# on the member server
###
root at hg004:/etc/samba# wbinfo -u
administrator
dns-hg-dc1
krbtgt
guest
test

root at hg004:/etc/samba# wbinfo -g
allowed rodc password replication group
enterprise read-only domain controllers
denied rodc password replication group
read-only domain controllers
group policy creator owners
ras and ias servers
domain controllers
enterprise admins
domain computers
cert publishers
dnsupdateproxy
domain admins
domain guests
schema admins
domain users
dnsadmins
hg_allg

root at hg004:/etc/samba# wbinfo --group-info hg_allg
hg_allg:x:5001: # correct

root at hg004:/etc/samba# wbinfo --user-info test
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user test
### ?!?!?! PROBLEM

root at hg004:/etc/samba# wbinfo -n test
S-1-5-21-1231847632-1110290357-1532217621-1108 SID_USER (1)

root at hg004:/etc/samba# wbinfo --sid-to-uid
S-1-5-21-1231847632-1110290357-1532217621-1108
9439 # correct

root at hg004:/etc/samba# getent passwd
#... only local users, NO USER test - PROBLEM

root at hg004:/etc/samba# getent group
#... local and domain groups - correct
hg_allg:x:5001:

###
# if I comment or delete:
# idmap config *:backend = tdb
# idmap config *:range = 2000-4000
# I get all I want - with false UID and GID
###

root at hg004:/home/iroot# getent passwd test
test:*:4294967295:4294967295:Want to
Test://hg004.humgen.0zone/test/linhome:/bin/bash

root at hg004:/etc/samba# getent group hg_allg
hg_allg:x:4294967295:

###
# Thank you for enduring this to its bitter end.
###



--
View this message in context:
http://samba.2283325.n4.nabble.com/WINBIND-UID-and-GID-false-mappings-on-domain-member-tp4706553.html
Sent from the Samba - General mailing list archive at Nabble.com.

On Fri, 12 Aug 2016 07:33:27 -0700 (PDT)
rawi via samba <samba at lists.samba.org> wrote:
> Hi @ALL
> 
> Trying to migrate to Samba AD after 12 lucky years with samba
> NT-domain + server profiles and homes in a small research institute.
> 
> I decided to provision a new domain and create the users and groups
> using samba-tool with most of its parameters.
> I decided against classicupgrade, because I didn't get all posix
> attributes automatically set and I cannot do LDAP kung-fu.
> 
> Intention is to administer most of it with samba-tool and Co, not
> Windows RSAT.
> In the NT domain I set till now all rights trough the Unix-rights,
> UID and GID.
> 
> Even if I'm willing to recreate users and groups accordingly to the
> old UID and GID (not that many), I am _desperately_ needing to
> transfer the data with its original ownership.
> 
> I've set an "_ONLY_ DOMAIN CONTROLLER" and a first
"DOMAIN MEMBER" as
> file server.
> 
> Mostly all is good, ntp, dns, kinit are working, the member server
> could join the dc, authentication works.
> 
> WHAT I DO NOT GET CORRECTLY are the UID and GID of users and groups
> on the domain member (PARTIALLY DEPENDING if I have the lines with
> "idmap config *:..." or not ??? - see below)
Have you added uidNumber & gidNumber attributes to the user &
groupobjects in AD ?
> 
> And yes, I red in the last _weeks_ most of the docs and Q&A I could
> find. I've said I'm desperate...
> 
> Please see the configs and the tests. May the force be with you :)
> 
> Many thanks in advance!
> 
> Environment: Ubuntu Server 16.04.1 + Samba 4.3.9
> 
> ### DOMAIN CONTROLLER
> root at hg-dc1:/etc/samba# cat smb.conf
> # Global parameters
> [global]
>         workgroup = HUMGEN
>         realm = HUMGEN.0ZONE
>         netbios name = HG-DC1
>         server role = active directory domain controller
>         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc
> 
>         idmap_ldb:use rfc2307 = yes
>         dns-nameservers 127.0.0.1
I take it you are using bind9 as the nameserver and you have set it up
correctly ?
In which case you will have a line similar to this in
named.conf.options:
	forwarders { 8.8.8.8; 8.8.4.4; };

So remove 'dns-nameservers 127.0.0.1' from smb.conf, I don't
recognise
it, so I suppose Samba won't either, there is the setting 'dns
forwarder' but this is only used with the internal DNS server and you
wouldn't use '127.0.0.1'
> 
>         tls enabled  = yes
>         tls keyfile  = tls/myKey.pem
>         tls certfile = tls/myCert.pem
>         tls cafile   = 
> 
> # [netlogon] is on the member server and defined in the user's object
I suggest you put it back
 
> # I let sysvol here, as I don't understand it's role
I suggest you find out, it is rather important, I will give you a hint,
GPOs
> [sysvol]
>         path = /var/lib/samba/sysvol
>         read only = No
> 
> ### DOMAIN MEMBER
> root at hg004:/etc/samba# cat smb.conf
> netbios name = HG004
> server string = Fileserver HG004 - Samba 4.3.9-Ubuntu
> security = ADS
> workgroup = HUMGEN
> realm = HUMGEN.0ZONE
> server role = member server
> 
> server services = -dnsupdate -dns
You do not need these lines on a domain member
> 
> interfaces = bond0, lo
> bind interfaces only = yes
>

From here:
 
> domain master = no
> local master = no
> preferred master = no
> domain logons = no
> 
> encrypt passwords = yes
>
To here, can be removed.
 
> log file = /var/log/samba/%m.log
> log level = passdb:5 auth:10 winbind:10
> 
> syslog only = no
> # syslog 0=LOG_ERR, 1=LOG_WARNING, 2=LOG_NOTICE, 3=LOG_INFO
> syslog = 0
> 
> # Default idmap config used for BUILTIN and local accounts/groups
> idmap config *:backend = tdb
> idmap config *:range = 2000-4000
> 
> # idmap config for domain HUMGEN
> idmap config HUMGEN:backend = ad
> idmap config HUMGEN:schema_mode = rfc2307
> idmap config HUMGEN:range = 5000-30000
> idmap config HUMGEN:default = yes
> 
> # Use settings from AD for login shell and home directory
> winbind use default domain = yes
> winbind nss info = rfc2307
> winbind enum users = yes
> winbind enum groups = yes
> 
> # no logon with cached credentials
> winbind offline logon = no
> 
> winbind refresh tickets = yes
> kerberos method = secrets and keytab
> dedicated keytab file = /etc/krb5.keytab
> 
Again remove lines, from here:
> wins server = hg-dc1.humgen.0zone
> 
> socket options = TCP_NODELAY IPTOS_LOWDELAY
> 
> # no templates. They are coming from LDAP in Active Directory
> template homedir > template shell > 
> # They are also coming from LDAP in Active Directory
> logon script > logon path > logon drive > logon home > 
To here.
> # case sensitive: auto=NO for Windows and maybe YES for CIFS
> case sensitive = no
> preserve case = Yes
> short preserve case = Yes
> 
> # don't show the shares
> browseable = no
> 
> map to guest = never
> 
> # default. Speeds transfers up. There are also others oplocks params
> oplocks = yes
> veto oplock files = /*.mdb/*.MDB/*.mde/*.MDE/*.mdw/*.MDW/*.ldb/*.LDB
> 
> # allow no local caching of data on the client
> csc policy = disable
> 
> hide unreadable = yes
> hide dot files = no
> 
> reset on zero vc = yes
>
Remove these next lines and put them back on the DC:
 
> [netlogon]
>     path = /mnt/SRVDATA_crypt/samba/netlogon
>     read only = yes
>
 
> [homes]
>     comment = %u's Home Directory
>     path = /mnt/SRVDATA_crypt/samba/home/%S
>     browsable = no
>     read only = no
>     valid users = %S
> 
> # server profiles are inside the user's home on the domain member and
> defined in the user's object in AD
> ;[profiles]
> 
> ### TEST USER
> root at hg-dc1:/etc/samba# ldbsearch -H /var/lib/samba/private/sam.ldb
> '(cn=test)'
> # record 1
> dn: CN=test,CN=Users,DC=humgen,DC=0zone
> cn: test
> sn:: VGVzdOKAiC0tZ2l2ZW4tbmFtZT1XYW50IFRv
> title: Test Pilot
> description: Want to Test
> physicalDeliveryOfficeName: Bldg. 11, 12th floor, Room 1234
> telephoneNumber: 12345
> initials: WT.
> instanceType: 4
> whenCreated: 20160728135850.0Z
> displayName:: IFdULiBUZXN04oCILS1naXZlbi1uYW1lPVdhbnQgVG8> uSNCreated:
3803
> department:: SW5zdGl0dXRl
> company:: VU5J
> wWWHomePage: institute.uni.de
> name: test
> objectGUID: af9cf66f-d5c7-4d7f-980f-c4c87a5765e5
> badPwdCount: 0
> codePage: 0
> countryCode: 0
> badPasswordTime: 0
> lastLogoff: 0
> primaryGroupID: 513
> objectSid: S-1-5-21-1231847632-1110290357-1532217621-1108
> accountExpires: 9223372036854775807
> logonCount: 0
> sAMAccountName: test
> sAMAccountType: 805306368
> userPrincipalName: test at humgen.0zone
> objectCategory:
> CN=Person,CN=Schema,CN=Configuration,DC=humgen,DC=0zone mail:
> test at humgen.0zone uid: test
> uidNumber: 9439
> gidNumber: 5001
> gecos: Want to Test
> loginShell: /bin/bash
> msSFU30NisDomain: humgen
> msSFU30Name: test
> unixUserPassword: ABCD!efgh12345$67890
> objectClass: top
> objectClass: posixAccount
You do not need and should not add the POSIX objectclasses
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> userAccountControl: 512
> pwdLastSet: 131142705100000000
> scriptPath: \\hg004.humgen.0zone\netlogon\login.bat
> homeDirectory: \\hg004.humgen.0zone\%USERNAME%
> homeDrive: U
> profilePath: \\hg004.humgen.0zone\%USERNAME%\winprofile
> unixHomeDirectory: //hg004.humgen.0zone/test/linhome
> lastLogonTimestamp: 131153950658668290
> whenChanged: 20160811131745.0Z
> uSNChanged: 3847
> lastLogon: 131154694735501500
> distinguishedName: CN=test,CN=Users,DC=humgen,DC=0zone
> 
> ### TEST GROUP
> root at hg-dc1:/etc/samba# ldbsearch -H /var/lib/samba/private/sam.ldb
> '(cn=hg_allg)' 
> # record 1
> dn: CN=hg_allg,CN=Users,DC=humgen,DC=0zone
> objectClass: top
> objectClass: group
> cn: hg_allg
> description: All Users of HumGen
> instanceType: 4
> whenCreated: 20160801120752.0Z
> whenChanged: 20160801120752.0Z
> uSNCreated: 3835
> uSNChanged: 3835
> name: hg_allg
> objectGUID: 7acc757d-3164-471c-a101-c8f8ed5d8339
> objectSid: S-1-5-21-1231847632-1110290357-1532217621-1113
> sAMAccountName: hg_allg
> sAMAccountType: 268435456
> groupType: -2147483646
> objectCategory: CN=Group,CN=Schema,CN=Configuration,DC=humgen,DC=0zone
> msSFU30Name: hg_allg
> msSFU30NisDomain: humgen
> gidNumber: 5001
> distinguishedName: CN=hg_allg,CN=Users,DC=humgen,DC=0zone
> 
> ###
> # on the domain controller
> ###
> 
> root at hg-dc1:/etc/bind# wbinfo --user-info test
> HUMGEN\test:*:9439:100: WT. Test --given-name=Want
> To:/home/HUMGEN/test:/bin/false
> 
> root at hg-dc1:/etc/bind# wbinfo --group-info hg_allg
> HUMGEN\hg_allg:x:5001:
> 
> ###
> # on the member server
> ###
> root at hg004:/etc/samba# wbinfo -u
> administrator
> dns-hg-dc1
> krbtgt
> guest
> test
> 
> root at hg004:/etc/samba# wbinfo -g
> allowed rodc password replication group
> enterprise read-only domain controllers
> denied rodc password replication group
> read-only domain controllers
> group policy creator owners
> ras and ias servers
> domain controllers
> enterprise admins
> domain computers
> cert publishers
> dnsupdateproxy
> domain admins
> domain guests
> schema admins
> domain users
> dnsadmins
> hg_allg
> 
> root at hg004:/etc/samba# wbinfo --group-info hg_allg
> hg_allg:x:5001: # correct
> 
> root at hg004:/etc/samba# wbinfo --user-info test
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user test
> ### ?!?!?! PROBLEM
> 
> root at hg004:/etc/samba# wbinfo -n test
> S-1-5-21-1231847632-1110290357-1532217621-1108 SID_USER (1)
> 
> root at hg004:/etc/samba# wbinfo --sid-to-uid
> S-1-5-21-1231847632-1110290357-1532217621-1108
> 9439 # correct
> 
> root at hg004:/etc/samba# getent passwd
> #... only local users, NO USER test - PROBLEM
> 
> root at hg004:/etc/samba# getent group
> #... local and domain groups - correct
> hg_allg:x:5001:
> 
> ###
> # if I comment or delete:
> # idmap config *:backend = tdb
> # idmap config *:range = 2000-4000
> # I get all I want - with false UID and GID
> ###
> 
> root at hg004:/home/iroot# getent passwd test
> test:*:4294967295:4294967295:Want to
> Test://hg004.humgen.0zone/test/linhome:/bin/bash
> 
> root at hg004:/etc/samba# getent group hg_allg
> hg_allg:x:4294967295:
> 
> ###
> # Thank you for enduring this to its bitter end.
> ###
> 
> 
> 
Have you given 'Domain Users' a gidNumber inside the range 5000-30000 ?

Rowland

Thank you Rowland for looking into this!

>> WHAT I DO NOT GET CORRECTLY are the UID and GID of users and groups 
>> on the domain member (PARTIALLY DEPENDING if I have the lines with 
>> "idmap config *:..." or not ??? - see below)
> «  [hide part of quote]
> 
> Have you added uidNumber & gidNumber attributes to the user & 
> groupobjects in AD ? 
Not myself, I simply provisioned with --use-rfc2307

> I take it you are using bind9 as the nameserver and you have set it up 
> correctly ? 
> In which case you will have a line similar to this in 
> named.conf.options: 
>         forwarders { 8.8.8.8; 8.8.4.4; }; 
> 
> So remove 'dns-nameservers 127.0.0.1' from smb.conf, I don't
recognise
> it, so I suppose Samba won't either, there is the setting 'dns 
> forwarder' but this is only used with the internal DNS server and you 
> wouldn't use '127.0.0.1' 
Well, I simplified the tale:
I wanted to have only one domain for all, samba and the rest. Not a
subdomain for samba.
I have all in bind9 and dhcp. So I looked samba's dnsupdates the first time,
took the dns records and put them fixed in bind9. All the rest records of
the clients will be generated (included list) from a script. In DHCP I have
mostly static assignments.
Then I deleted dnsupdate from samba's roles. It works good, forward and
reverse.

>  > # [netlogon] is on the member server and defined in the user's
object
> 
> I suggest you put it back
I will. In my eyes is netlogon a share, like each other and the DC shouldn't
share files.
I thought, it would have been enough to have the netlogon pointer to the
file server - in the user's LDAP object.

>> objectClass: posixAccount
> «  [hide part of quote]
> 
> You do not need and should not add the POSIX objectclasses 
I didn't. I used samba-tool to add the user and the group. And I tried to
use the most of the parameters of "user add", to learn and see what
happens.
So samba-tool did it.

> Have you given 'Domain Users' a gidNumber inside the range
5000-30000 ?
No, Domain Users has no GID.
Until now it was unimportant to me. All my users are in the group
"hg_allg"
with GID 5001. As primary group in unix passwd in the old NT domain.

Oh, I remember something awkward...

Till couple of days ago, I got the users UID but NOT THE GROUP's GID. THIS
ALWAYS without the lines "idmap config *:..."
I could login from a joined Windows 8.1, I got the logon script running
(from the domain member), but the home was not bound to the HOMEDIR. This
could happen, because at that time the UID came correctly and matched the
old UID of the user.

I got today a kernel update.... and the situation changed, like I said...
Now I get GID but no UID.

Somehow spooky...

rawi




--
View this message in context:
http://samba.2283325.n4.nabble.com/WINBIND-UID-and-GID-false-mappings-on-domain-member-tp4706553p4706560.html
Sent from the Samba - General mailing list archive at Nabble.com.