samba - Jan 2014 - getent passwd & getent group returning UID and GID using Winbind 4.1.x series samba

Just to make sure that I'm on the right path to get this working the way I
would like.

I have a linux file server that has used LDAP the user and group information in
the past.  I would like to migrate (recreate) the same users and groups in the
samba4 AD DC, adding the UID and GID attributes.  So that I don't have to
change the UID and GID permissions on the file servers.

The migration plan would be to setup the new samba 4 server, get staff to reset
their password on the new server.  Then upgrade samba on the file servers, point
winbind to the new samba server and the migration at the server level would be
done.   Users systems not all mobile and not members of the existing domains -
so the scripts they use to connect to the shares would just need to make use of
the new domain name in the share connection strings.

The problems I'm having now are that wbinfo -I username seems to return some
mapped version of the AD user ID and group ID and not the UID and GID.

Account was created with:
sudo samba-tool user add <username> --uid-number=5000 gid-number=5000
home-directory=/exports/users/<usersname> login-shell=/bin/bash

Domain was provisioned with:
sudo /usr/bin/samba-tool domain provision --use-rfc2307 -interactive

Domain member server smb.conf
   idmap config DOM : backend = ad
   idmap config DOM : schema_mode = rfc2307
   idmap config DOM : range = 500-2000
   idmap_ldb : use rfc2307 = yes

   winbind enum users  = yes
   winbind enum groups = yes


What am I missing?  Linux authentication works but the user information is
incorrect (wrong uid and gid)

Thanks
                Derek

On Tue, 2014-01-14 at 03:12 +0000, Werthmuller, Derek
wrote:
> Just to make sure that I'm on the right path to get this working the
way I would like.
> 
> I have a linux file server that has used LDAP the user and group
information in the past.  I would like to migrate (recreate) the same users and
groups in the samba4 AD DC, adding the UID and GID attributes.  So that I
don't have to change the UID and GID permissions on the file servers.
> 
> The migration plan would be to setup the new samba 4 server, get staff to
reset their password on the new server.  Then upgrade samba on the file servers,
point winbind to the new samba server and the migration at the server level
would be done.   Users systems not all mobile and not members of the existing
domains - so the scripts they use to connect to the shares would just need to
make use of the new domain name in the share connection strings.
> 
> The problems I'm having now are that wbinfo -I username seems to return
some mapped version of the AD user ID and group ID and not the UID and GID.
> 
> Account was created with:
> sudo samba-tool user add <username> --uid-number=5000 gid-number=5000
home-directory=/exports/users/<usersname> login-shell=/bin/bash
> 
> Domain was provisioned with:
> sudo /usr/bin/samba-tool domain provision --use-rfc2307 -interactive
> 
> Domain member server smb.conf
>    idmap config DOM : backend = ad
>    idmap config DOM : schema_mode = rfc2307
>    idmap config DOM : range = 500-2000
>   
> 
>    winbind enum users  = yes
>    winbind enum groups = yes
> 
> 
> What am I missing?  idmap_ldb : use rfc2307 = yes
idmap config *:backend = tdb
idmap config *:range =2001-2100

lose:
 idmap_ldb : use rfc2307 = yes
(It's the wrong syntax anyway)

May get you close. Or use sssd if not.
HTH
Steve