I've came across what appears to be a bug, but I wanted to get some feedback on the list before reporting it to make sure I'm not doing something stupid. I'm using 3.2.7.
I see that when I do "getent passwd", I get an entry like this: testuser:*:1000:20:Test User:/home/poo/testuser:/bin/bash But when I do "getent passwd testuser", I get this: testuser:*:1000:100:Test User:/home/poo/testuser:/bin/bash It seems that when doing getent passwd username, the primary group is the user's gidNumber attribute in active directory (which is correct). However when doing getent passwd to retrieve a full list of users, it uses the windows primary group (set via primaryGroupID) instead. This is bad since it's inconsistent, but also bad in our environment since Domain Users doesn't have a gidNumber setup. This means any user with the windows primary group set as the default doesn't come up when doing a "getent passwd". In active directory, for each UNIX user the uidNumber, gidNumber, and loginShell attributes are set. The groups that are used in UNIX have gidNumber set. The home directory attribute is not set, since that is different per platform (the MACs use /Users instead of /home, and I wanted each platform to use their own default). Below is my smb.conf: [global] log level = 3 log file = /var/log/samba/smbd.log security = ads workgroup = EXAMPLE realm = EXAMPLE.COM server signing = auto allow trusted domains = no winbind use default domain = yes winbind enum users = Yes winbind enum groups = Yes winbind nested groups = Yes template shell = /bin/sh template homedir = /home/poo/%U winbind nss info = rfc2307 idmap backend = ad -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba