Winbind is not able to use rfc2307 attributes to forge users information on system side.
If we fill rfc2307 attributes such as uidNumber, gidNumber or homeDirectory we generally want to be able to use them on (linux) system side. Some configuration file should be added to give us possibility to use them.
On some DC I use winbind to retrieve users from AD:
DC:~# grep winbind /etc/nsswitch.conf
passwd: files winbind
shadow: files winbind
group: files winbind
When checking some user using "id" linux command I get:
DC:~# id some.user
uid=10321(DOMAIN1.AD\some.user) gid=100(users) groupes=100(users),3000031(DOMAIN1.AD\cid 018),3000009(BUILTIN\users)
And user line is:
DC:~# getent passwd some.user
Login = sAMAccountName
UID = uidNumber
GID = some forged GID corresponding to "Domain Users" (I expect)
Gecos = displayName
homeDir = something forged using short domain name + sAMAccountName
shell = /bin/false
When in AD rfc2307 attributes are:
gidNumber: 8321 (this group does not exist)
gecos: not filled
For some reason (orders coming from bosses most generally) default options chosen by Samba team for winbind behaviour could not suit our needs. Having some configuration file somewhere to modify that behaviour would be great.
Hi, sorry but there is no bug here. RFC2307 support is well documented in many locations, e.g. here:
See also manpages idmap_ad(8) and idmap_rfc2307(8).