[Samba] getent group empty response

Daniel Müller mueller at tropenklinik.de
Thu Sep 18 04:28:24 MDT 2014 

This could be a reason with 3.6 on:
" https://wiki.samba.org/index.php/Samba_3.6_Features_added/changed"

As part of the changes, the default idmap configuration has been changed to be more coherent with the per-domain configuration. The parameters "idmap uid", "idmap gid" and "idmap range" are now deprecated in favour of the systematic "idmap config * : range" and "idmap config * : backend" parameters. The reason for this change is that the old options only provided an incomplete and hence deceiving backwards compatibility, which was a source of many problems with upgrades. By introducing this change in configuration, it should be brought to the conciousness of the users that even the simple id mapping is not working exactly as in Samba 3.0 versions any more.

EDV Daniel Müller

Leitung EDV
Tropenklinik Paul-Lechler-Krankenhaus
Paul-Lechler-Str. 24
72076 Tübingen 
Tel.: 07071/206-463, Fax: 07071/206-499
eMail: mueller at tropenklinik.de
Internet: www.tropenklinik.de




-----Ursprüngliche Nachricht-----
Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] Im Auftrag von Deniz Eren
Gesendet: Donnerstag, 18. September 2014 11:47
An: samba at lists.samba.org
Betreff: Re: [Samba] getent group empty response

That's correct "getent group" on samba client does not give any output but "getent group <groupname>" gives. Replication between w2008 does not exist.
I have tested "password server =" parameter as you have requested and it didn't solve my problem, "getent group" still returns empty.

2014-09-18 11:43 GMT+03:00 Rowland Penny <rowlandpenny at googlemail.com>:

> On 18/09/14 09:36, Daniel Müller wrote:
>
>> If both w2008 are replicating. There should be no problem. Of course 
>> samba elects one of the ADS to serve for group and users.
>> But  I think you should point:
>> password server = *
>>
>
> Or just remove the line as the above line is the default.
>
> Rowland
>
>
>  EDV Daniel Müller
>>
>> Leitung EDV
>> Tropenklinik Paul-Lechler-Krankenhaus Paul-Lechler-Str. 24
>> 72076 Tübingen
>> Tel.: 07071/206-463, Fax: 07071/206-499
>> eMail: mueller at tropenklinik.de
>> Internet: www.tropenklinik.de
>>
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org]
>> Im
>> Auftrag von Deniz Eren
>> Gesendet: Donnerstag, 18. September 2014 10:24
>> An: samba at lists.samba.org
>> Betreff: [Samba] getent group empty response
>>
>>  On 18/09/14 07:56, Deniz Eren wrote:
>>>
>>>> * We have two domain controllers, one parent(DOMAIN.COM
>>>> <http://DOMAIN.COM> <http://domain.com/ <http://domain.com/>>)
>>>>
>>> *>>* and one child(CHILD.DOMAIN.COM <http://CHILD.DOMAIN.COM>
>> <http://child.domain.com/ <http://child.domain.com/>>). When two domain
>> *>>* controllers are up "getent group" returns group names correctly. But
>> when
>> *>>* child domain controller is down "getent group" returns empty. My
>> samba
>> *>>* version is "3.6.22". I have added my smb.conf I couldn't find any
>> *>>* parameters affecting this problem. Am I missing something in
>> smb.conf?
>> Or
>> *>>* is there a workaround to solve this problem?
>> *>>>>>>* smb.conf
>> *>>* -------------------------------
>> *>>* [global]
>> *>>*     netbios name = BUILD2
>> *>>*     realm = DOMAIN.COM <http://DOMAIN.COM> <http://domain.com/
>> <http://domain.com/>>
>> *>>*     workgroup = DOMAIN
>> *>>*     security = ads
>> *>>*     encrypt passwords = yes
>> *>>*     password server = 10.0.0.59
>> *>>*     log level = 1
>> *>>*     log file = /var/log/samba.log
>> *>>*     ldap ssl = no
>> *>>*     idmap uid = 10000-20000
>> *>>*     idmap gid = 10000-20000
>> *>>>>*     winbind separator = /
>> *>>*     winbind enum users = yes
>> *>>*     winbind enum groups = yes
>> *>>*     winbind use default domain = yes
>> *>>>>*     domain master = no
>> *>>*     local master = no
>> *>>*     preferred master = no
>> *>>>>*     template shell = /sbin/nologin
>> *>>>>*     getwd cache = yes
>> *>>*     winbind cache time = 3000
>> *>>*     ldap connection timeout = 10
>> *>>*     ldap timeout = 120
>> *>>* -------------------------------
>> *>>>>* This issue is like mine "
>> *>>* https://lists.samba.org/archive/samba/2010-June/156813.html
>> <https://lists.samba.org/archive/samba/2010-June/156813.html>".
>> *>Hi, the smb.conf you have posted seems to be for a client, Just what is
>>
>>> it pointed at, an NT4 style PDC, a Samba4 AD DC or what? I think that
>>> you are going to have to give us a bit more info.
>>>
>>> Rowland
>>>
>> It is pointed to Windows 2008r2 Server serving as AD Domain PDC whose name
>> is DOMAIN.COM. Also another Windows2008r2 Server exists with name
>> CHILD.DOMAIN.COM which is child domain of DOMAIN.COM.
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list