[Samba] getent not returning users/groups
Gregory Sloop
gregs at sloop.net
Mon Feb 28 16:14:57 UTC 2022
Rowland - I think you didn't read the last para Roy posted in his OP. (late yesterday, at least in my TZ)
---
...the AD users are still *known* to the operating system as will be demonstrated by appending an AD user's name or group to the getent command.
For example on my system getent passwd roy produces:
roy at pi4b:~$ getent passwd roy
roy:*:11601:10513:roy:/home/MICROLYNX/roy:/bin/bash
---
So, I don't actually think he was wrong in his initial post.
(Though I'd agree it was easy to read the first couple of paras and think he had it wrong.)
---
Can we all agree that without the winbind enum line, you can't just do a getent group/passwd and get a full listing of all the group/user records in AD, but you CAN get individual records by specifying them?
And as the wiki says (or should/may have said before it was hosed) the enum lines should generally only be used for troubleshooting/debugging since they place more load on the DC's - especially for large AD data-sets.
:)
> On Mon, 2022-02-28 at 15:42 +0000, spindles seven wrote:
>> I must be missing something here. If what you say above is true,
>> then why does the WiKi advise adding the "winbind enum" lines to the
>> smb.conf in order for the getent commands to show all AD users and
>> groups?
> It didn't (it seems to have been removed in the pruning of required
> information), it said to only to use them for testing purposes.
>
>> Also your other answer in this thread seems to contradict this as
>> well. I certainly cannot get the list to include AD users and
>> groups without the enum lines.
> I doubt I said that and if you must have the 'enum' lines in smb.conf
> for your Unix domain member to work, then you have something
> exceedingly strangely wrong with your set up.
>> So what settings "when set up correctly" allow getent to display all
>> users and groups (without the 'enum' lines)?
> None, because you do not need them:
> rowland at devstation:~$ getent passwd | grep rowland
> rowland at devstation:~$
> Just running the output of 'getent passwd' through grep with my name,
> produces no output.
> rowland at devstation:~$ getent passwd rowland
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> Yet adding my name to the getent command does.
> rowland at devstation:~$ cat /etc/passwd | grep rowland
> rowland at devstation:~$
> My name is not in /etc/passwd
> rowland at devstation:~$ cat /etc/samba/smb.conf | grep 'enum'
> rowland at devstation:~$
> I do not have the 'enum' lines in smb.conf, yet everything works.
> Rowland
More information about the samba
mailing list