[Samba] wbinfo -u / getent passwd not working

Fri Jul 10 10:28:45 UTC 2020

On 10.07.20 12:18, L.P.H. van Belle via samba wrote:
> Just thing i notised. 
> 
>>        idmap config * : range = 1000-2000 
> This might give conflicts. 
> Output of `cat /etc/adduser.conf |grep "[G-U]ID" `
> These ranges should not overlap. 

I think that should not be the problem, i have multiple servers, with
the samba config that works. and only 1 or 2 local users.

> 
> After how may days/hours did it stop working? 

I would say 2 days?

I do not understand why wbinfo -g work but wbinfo -u do not.
> 
> 
> Greetz, 
> 
> Louis
> 
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
>> basti via samba
>> Verzonden: vrijdag 10 juli 2020 12:10
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] wbinfo -u / getent passwd not working
>>
>> Hello,
>> i try to setup a linux laptop for homeoffice with login for ad users.
>> The last few days it work like expected.
>>
>> today wbinfo -u return no user, getent passwd <username> also.
>>
>> wbinfo -a "SAMDOM\user"
>> Enter SAMDOM\user's password:
>> plaintext password authentication succeeded
>> Enter SAMDOM\user's password:
>> challenge/response password authentication succeeded
>>
>> wbinfo -D SAMDOM also works.
>>
>> laptop smb.conf:
>>
>> [global]
>>        security = ADS
>>        workgroup = SAMDOM
>>        realm = SAMDOM.EXAMPLE.COM
>>
>>        log file = /var/log/samba/%m.log
>>        log level = 1
>>
>>        winbind refresh tickets = Yes
>>        dedicated keytab file = /etc/krb5.keytab
>>        kerberos method = secrets and keytab
>>        winbind use default domain = yes
>>
>>        load printers = no
>>        printing = bsd
>>        printcap name = /dev/null
>>        disable spoolss = yes
>>
>>        # Default ID mapping configuration for local BUILTIN accounts
>>        # and groups on a domain member. The default (*) domain:
>>        # - must not overlap with any domain ID mapping configuration!
>>        # - must use an read-write-enabled back end, such as tdb.
>>        idmap config * : backend = tdb
>>        idmap config * : range = 1000-2000
>>
>>        # idmap config for the SAMDOM domain
>>        # alf has uid 1006
>>        idmap config SAMDOM:backend = ad
>>        idmap config SAMDOM:schema_mode = rfc2307
>>        idmap config SAMDOM:range = 2001-999999
>>
>>        template homedir = /home/%U
>>        template shell = /bin/bash
>>
>>        client use spnego = yes
>>        client ntlmv2 auth = yes
>>        encrypt passwords = yes
>>        restrict anonymous = 2
>>
>>        # fix dfs error's in log ?
>>        host msdfs = no
>>
>>        # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>>        winbind offline logon = yes
>>        winbind cache time = 15768000
>>
>>        winbind enum users = yes
>>        winbind enum groups = yes
>>
>> cat /etc/krb5.conf
>> [libdefaults]
>>     default_realm = SAMDOM.EXAMPLE.COM
>>     dns_lookup_realm = false
>>     dns_lookup_kdc = true
>>
>>
>> -- 
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>>
> 
> 