On 13/02/2023 19:42, Vaughan, Robert J via samba wrote:
> Yeah the link is correctly setup, since it is not compiled Samba
>
> Ok, I found in this link ..
>
>
https://urldefense.com/v3/__https://wiki.samba.org/index.php/Troubleshooting_Samba_Domain_Members*getent_not_Finding_Domain_Users_and_Groups__;Iw!!BlOwZnr7TA!m6mzFHwttP65JGum376WS2CNwHA07YrBUeN_Xf6Ah3bGe6qI_pN-AHW6VhG90T8dV9IgG4M7c2ihG5dk$
>
> I had to change these lines to 'Yes' ..
>
> winbind enum groups = Yes
> winbind enum users = Yes
>
> Now, it works, but it's really slow (and I think I have heard you
saying not to enable this before)
>> Ah, I think light dawns
>> Were you running 'getent passwd' rather than 'getent passwd
AUSERNAME' ?
Yes, I am used to getting that output with getent on my UNIX LDAP system. As
long as I can get it from wbinfo I suppose that works too.
>> To get all the users shown, you need 'winbind enum users =
yes', but it
>> isn't required and, as you have found out, it just slows things
down.
So, I don't think giving a gidNumber to 'domain users' did anything
useful for me. All the AD users using UNIX or SAMBA have uidNumber and
gidNumber set (along with homedir and shell) and the UNIX groups are all in AD
too now. I don't plan to use the standard AD groups (or ones created by
Windows admins) for UNIX or SAMBA purposes. Perhaps if I wasn't planning on
assigning UID/GID using POSIX attributes or creating my own groups the
'domain users' becomes useful?
Thanks,
Robert Vaughan
----------------------------------------------------------------------
This is an e-mail from General Dynamics Land Systems. It is for the intended
recipient only and may contain confidential and privileged information. No one
else may read, print, store, copy, forward or act in reliance on it or its
attachments. If you are not the intended recipient, please return this message
to the sender and delete the message and any attachments from your computer.
Your cooperation is appreciated.