Could this be yet another reason to use sssd instead of winbind? sssd does use the account gidNumber
testuser primaryGroupID: 513 uidNumber: 3001106 gidNumber: 20513 getent passwd testuser testuser:*:3001106:20513:testuser:/home/DOMAIN/testuser:/bin/bash Rowland On 23 July 2013 13:54, Jonathan Buzzard <jonat...@buzzard.me.uk> wrote: > On Tue, 2013-07-23 at 11:25 +0200, steve wrote: > > On Tue, 2013-07-23 at 10:05 +0100, Jonathan Buzzard wrote: > > > > > > > > It's probably still not working for him because he needs to clear the > > > now poluted cache/database that winbind has created from previous > > > attempts. Using net cache flush might work. Personally I would stop > > > samba delete the tdb files and start it again, redo the domain join and > > > try it. > > > > Just thought about nscd too. On some distros it's default. . . > > Another thought. The primary windows group of the account has to have > unix attributes. For reasons I cannot fathom the gidNumber attribute of > the account is not used by winbind and instead the primaryGroupID is > used. If this group does not have a GID set then the lookup fails! > > I guess best practice is to keep the GID of the primaryGroupID and the > gidNumber of the user the same but I don't understand why it is the way > it is. > > JAB. > > -- > Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk > Fife, United Kingdom. > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba