Winbind is not able to use rfc2307 attributes to forge users information on system side. If we fill rfc2307 attributes such as uidNumber, gidNumber or homeDirectory we generally want to be able to use them on (linux) system side. Some configuration file should be added to give us possibility to use them. Example: On some DC I use winbind to retrieve users from AD: DC:~# grep winbind /etc/nsswitch.conf passwd: files winbind shadow: files winbind group: files winbind When checking some user using "id" linux command I get: DC:~# id some.user uid=10321(DOMAIN1.AD\some.user) gid=100(users) groupes=100(users),3000031(DOMAIN1.AD\cid 018),3000009(BUILTIN\users) And user line is: DC:~# getent passwd some.user DOMAIN1.AD\some.user:*:10321:100:some user:/home/DOMAIN1.AD/some.user:/bin/false So: Login = sAMAccountName UID = uidNumber GID = some forged GID corresponding to "Domain Users" (I expect) Gecos = displayName homeDir = something forged using short domain name + sAMAccountName shell = /bin/false When in AD rfc2307 attributes are: uidNumber: 10321 gidNumber: 8321 (this group does not exist) gecos: not filled loginShell: /bin/bash homeDirectory: /home/some.user For some reason (orders coming from bosses most generally) default options chosen by Samba team for winbind behaviour could not suit our needs. Having some configuration file somewhere to modify that behaviour would be great. Cheers, mathias
Hi, sorry but there is no bug here. RFC2307 support is well documented in many locations, e.g. here: https://wiki.samba.org/index.php/RFC2307_backend See also manpages idmap_ad(8) and idmap_rfc2307(8).