I've came across what appears to be a bug, but I wanted to get some feedback
on the list before reporting it to make sure I'm not doing something
stupid. I'm using 3.2.7.
I see that when I do "getent passwd", I get an entry like this:
testuser:*:1000:20:Test User:/home/poo/testuser:/bin/bash
But when I do "getent passwd testuser", I get this:
testuser:*:1000:100:Test User:/home/poo/testuser:/bin/bash
It seems that when doing getent passwd username, the primary group is the
user's gidNumber attribute in active directory (which is correct). However
when doing getent passwd to retrieve a full list of users, it uses the
windows primary group (set via primaryGroupID) instead. This is bad since
it's inconsistent, but also bad in our environment since Domain Users
doesn't have a gidNumber setup. This means any user with the windows
primary group set as the default doesn't come up when doing a "getent
passwd".
In active directory, for each UNIX user the uidNumber, gidNumber, and
loginShell attributes are set. The groups that are used in UNIX have
gidNumber set. The home directory attribute is not set, since that is
different per platform (the MACs use /Users instead of /home, and I wanted
each platform to use their own default).
Below is my smb.conf:
[global]
log level = 3
log file = /var/log/samba/smbd.log
security = ads
workgroup = EXAMPLE
realm = EXAMPLE.COM
server signing = auto
allow trusted domains = no
winbind use default domain = yes
winbind enum users = Yes
winbind enum groups = Yes
winbind nested groups = Yes
template shell = /bin/sh
template homedir = /home/poo/%U
winbind nss info = rfc2307
idmap backend = ad