[Samba] Noob question: user moved to a OU dissapear from getent, but groups don't

Daniel Carrasco Marín danielmadrid19 at gmail.com
Tue Apr 21 11:34:48 MDT 2015 

Thanks for your reply.

I've migrated the domain copying all files in /var/lib/samba and /etc/samba
from original domain to new domain, I've edit the smb file to change the
"passdb backend" line to match the old server (because original is
localhost and give me an error connecting), and then I run this command:

samba-tool domain classicupgrade --dbdir=/home/user/samba --use-xattrs=yes
--realm=casa.red --dns-backend=BIND9_DLZ /home/user/smb.conf

After all the progress i change the bind config file to add the samba file
(matching with the Bind Version 9.9).

When I connect to new domain all users and groups are in "Users" folder,
then if i move all groups to new OU "getent group" works perfect, but if i
move some users to new OU then it dissapear from "getent passwd". I've done
some test and is strange because I've 100 users:

   - I've moved some users and have dissapear from getent (88 users).
   - Later i've move some other users and the result was 94 users.
   - Later without touch anything it goes back to 100 users.
   - Later again i've move another user and has changed to ~74 users (i
   don't remember the exact number).
   - And now it's back to 100 users and for now is not changing...

Maybe is a problem of cache, but i don't know why the cache wasn't be
updated after all i did. Even i've purged the winbind package and deleted
the cache files to install a clean version of winbind and the problem
persist...

Is an AD, but if I use the smb.conf provided by classicupgrade then getent
don't show the AD users/groups (it don't have any info about Winbind).
Maybe I should create a hybrid adding only the Winbind entries?
Anyway, tomorrow i'll try because i've to revert again to the backup image
and is late.

Greetings!!



2015-04-21 18:56 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:

> On 21/04/15 17:45, Daniel Carrasco Marín wrote:
>
>> Hi, first of all i'm sorry for my english.
>>
>> I'm triyng to migrate a Samba 3.6 domain to Samba 4 and I've a question
>> about OU and Winbind:
>>
>
> How are you trying to migrate the domain ?
>
>
>> OU affects to something more besides GPO in AD and Winbind?. Because I've
>> moved all users to an OU and all less one (strangely) have dissapear from
>> "getent passwd" and the other SO tools.
>> If i run "wbinfo -u" all users are showed but I've tried a lot of things
>> like:
>>
>>     - Reboot
>>     - Restart Winbind and Samba daemons
>>     - Stop daemons, clear winbind cache and start daemons again.
>>     - Move the users back to "Users" folder and repeat the above steps.
>>
>>
>> But none of above has worked. Finally i've restored the server to an old
>> state to make it work again.
>>
>> I've done something wrong?. I've to configure something to make the
>> winbind
>> read the OU?
>>
>> Now i've moved some disabled users to a new OU and have dissapear from
>> getent, then the problem still there.
>>
>>
>> Here's my samba cfg:
>>
>> [global]
>>          workgroup = CASA
>>          realm = casa.red
>>          netbios name = PDC.CASA.RED
>>          server string = %h server
>>          server role = active directory domain controller
>>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
>> winbind, ntp_signd, kcc, dnsupdate
>>          idmap_ldb:use rfc2307 = yes
>>          preferred master = Yes
>>          domain master = Yes
>>          wins support = Yes
>>          encrypt passwords = yes
>>
>>
>>          # Winbind para mostrar grupos y usuarios del dominio en Linux
>>          winbind nss info = rfc2307
>>          winbind enum users = Yes
>>          winbind enum groups = Yes
>>          winbind use default domain = Yes
>>          winbind refresh tickets = Yes
>>          winbind nested groups = No
>>          winbind separator = +
>>          winbind normalize names = yes
>>
>>          idmap config CASA : backend  = ad
>>          idmap config * : backend = tdb
>>          idmap config * : range =  1000-20000000
>>
>>          # Desactivar Cups en este servidor
>>          printcap name = /etc/printcap
>>          load printers = no
>>
>>          name resolve order = wins hosts lmhosts bcast
>>
>>
>> ¡¡Thanks!!
>>
>
> What do you think you have ?
> An AD DC or a member server ?
> If it is  an AD DC, please put the smb.conf back to what it was, just
> after the upgrade (provided you ran the classicupgrade)
> If it is supposed to be a member server, remove the 'service role' &
> 'server services' lines.
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list