[Samba] New AD user not appearing in getent

Rowland Penny rpenny at samba.org
Fri Mar 8 12:56:28 UTC 2024 

On Fri, 8 Mar 2024 13:25:49 +0100
Luciano Mannucci via samba <samba at lists.samba.org> wrote:

> On Fri, 8 Mar 2024 12:00:08 +0000
> Rowland Penny via samba <samba at lists.samba.org> wrote:
> 
> > but the only thing apparent is that you appear to be running an EOL
> > version of Samba.
> Yes I know.
> Upgrading means stoppping 64 users. I'll do that ASAP.
> 
> > Please post the smb4.conf.
> grep -v '#' /usr/local/etc/smb4.conf
> [global]
> 	security = ADS
> 	netbios name = HERMES
> 	server string = "HERR_MESS"
> 	password server = 192.168.132.2 *
> 	workgroup = MCS2003
>         idmap config * : backend = tdb
>         idmap config * : range = 10000-11000
> 	idmap config MCS2003 : backend = rid
> 	idmap config MCS2003 : range = 800-8004
> 	winbind enum users = yes
> 	winbind enum groups = yes
> 	template homedir = /dati/mailbox/%U
> 	template shell = /bin/tcsh
> 	os level = 2
> 	time server = Yes
> 	unix extensions = Yes
> 	encrypt passwords = Yes
> 	map to guest = Bad User
> 	log level = 1 auth:10 winbind:2
> 	log file = /var/log/samba/users/%m.log
> 	wins support = No
> 
> 	server min protocol = SMB2
> 	server max protocol = SMB3_11
> 	realm = MCS2003.IT
> 	winbind refresh tickets = yes
> 	winbind use default domain = yes
> 	client use spnego = yes
> 	client ntlmv2 auth = yes
> 	usershare allow guests = No
> 	allow trusted domains = no
> 	mangled names = no
> [homes]
> comment = Home Directory for %S
> 	vfs objects = zfsacl
>         path = /dati/mailbox/%S
>         browseable = yes
>         guest ok = no
>         read only = No
> 	writable = yes
>         create mask = 0644
>         directory mask = 0755
>         preserve case = yes
>         short preserve case = yes
> 
>

Lots of default lines there, but almost nothing that could be the cause.

Try running 'net cache flush' and see if that helps.

If it doesn't, then it might have something to do with this line from
your smb4.conf:

idmap config MCS2003 : range = 800-8004

You are using the 'rid' idmap config backend and the Unix IDs are
calculated using this formula:

ID = RID + LOW_RANGE_ID

Which from your smb4.conf becomes:

ID = RID + 800

Which means that if the users RID is over 7204, then your user will be
ignored by Samba because the ID will be greater than 8004.

In the short term, you can raise the upper limit, but if you get enough
users, then you are going to hit the low range you set for the default
range '10000'.

Rowland

More information about the samba mailing list