On Sun, Jun 4, 2023 at 11:56?AM Rowland Penny via samba <
samba at lists.samba.org> wrote:> Not really, wbinfo reads directly from AD, getent goes via nsswitch.
>
> For getent to work using the 'ad' idmap backend, a few things have
to
> fall into place:
>
> You have to set the correct relevant lines in smb.conf.
>
> You have have to give the Domain Users group a gidNUmber, or if using
> 'idmap config WORKGROUP : unix_primary_group = yes', that the
relevant
> group has a gidNumber.
>
> You give the user a uidNumber and if using 'unix_primary_group' the
> relevant groups gidNumber
>
> All Numbers used for the uidNumber & gidNumber attributes must be
inside
> the range you set for the 'WORKGROUP' in smb.conf
>
> Usually when a user doesn't get a UID, one of the above isn't
correct.
>
I think I have all the settings configured properly, plus it works with
4.16, but not 4.17. 4.17 is working for Christian though.
smb.conf
[global]
security = ads
workgroup = EXAMPLEAD
realm = AD.EXAMPLE.COM
local master = no
idmap config *:backend = tdb
idmap config *:range = 100000-199999
idmap config EXAMPLEAD:backend = ad
idmap config EXAMPLEAD:schema_mode = rfc2307
idmap config EXAMPLEAD:range = 512-99999
idmap config EXAMPLEAD:unix_nss_info = yes
idmap config EXAMPLEAD:unix_primary_group = yes
winbind use default domain = yes
winbind refresh tickets = yes
winbind offline logon = yes
winbind nss info = rfc2307
kerberos method = system keytab
dedicated keytab file = /etc/krb5.keytab
create krb5 conf = no
map to guest = Bad User
samba-tool user show dale
primaryGroupID: 513
uid: dale
uidNumber: 10000
gidNumber: 513
samba-tool group show "Domain Users"
gidNumber: 513
Thanks,
Dale