On 13/02/2023 16:50, Vaughan, Robert J via samba wrote:> On 12/02/2023 16:40, Vaughan, Robert J via samba wrote:
>> Hi all
>>
>> In the idmap_config_ad wiki, it states ..
>>
>> If you use the winbind 'ad' backend, you must add a gidNumber
attribute to the Domain Users group in AD.
>>
>> Can someone explain this?
>>
>
>>> Yes
>
>>> Every users primaryGroupID attribute is set to 513, the RID for
Domain
>>> Users. Unless Domain Users has a gidNumber attribute, then no users
are
>>> shown by getent passwd & id via winbind.
>
>>> Rowland
>
> Ok, so I went and added a gidNumber to 'Domain Users'
>
> and 'id' does show that number next to 'domain users' as
one of my groups
>
> But 'getent passwd' still only returns local users, no AD users
>
> 'wbinfo -u' does return the list of AD users (but not unix local
users)
>
>
> Thanks,
>
> Robert Vaughan
>
OK, I think you need to post your smb.conf
Rowland
----------------------------------------------------------------------
This is an e-mail from Rowland Penny. I do not care who reads it and it
contains no confidential or privileged information. Everyone may read,
print, store, copy, forward or act in reliance on it or its attachments.
If you are not the intended recipient, please do what you like with
this message. Your cooperation is appreciated.