[Samba] getent does not get remote users

Arno Hahma arno at jyu.fi
Wed Mar 3 09:31:17 GMT 2004

I have a samba 3.0.2a -server running Linux, which I try to set up to 
authenticate users from a NT4 PDC using winbindd. Now, everything works 
to the point, where I try to list users with "getent passwd". Getent 
only gets the local unix-users and has no clue about the NT4 -users. 
Also, home directories for the NT4 -users are not created and no logs 
whatsoever are left behind by the
PAM module pam_mkhomedir, although I added the debug -switch to it.

Otherwise, the system works: the shared secret is ok, wbinfo -u shows 
all NT4 -users correctly,
and the NT4 -users can even create a samba -mount, provided the mounted 
directory has
world rwx -permissions (such as the /tmp below in the smb.conf). This 
means the authentication works ok, but the unix box is just not aware 
of any winbindd users, even though samba is.

Any clues, where to look for the problem? And yes, I did search through 
winbindd how-tos and
this mailing list archives and tried all the tricks there. I also do 
not have any local users
by the same names as the NT4 has them, thus, no conflicts here. Samba 
has been compiled
with all necessary support (PAM, winbind etc. ) to support this scheme. 
has been edited to include winbind. ldconfig has been run to include 
the winbind shared modules.  No nscd or any other NSS services are 
running. What can still be wrong?

PAM configuration file "samba":

# pam_smbpass.so authenticates against the smbpasswd file
auth       required     pam_smbpass.so nodelay
account    required     /lib/security/pam_stack.so 
session    required     /lib/security/pam_stack.so 
password   required     pam_smbpass.so nodelay 

The service -lines were edited according to the instructions in 
smb.conf comments
to include system-auth-winbind:

# $Header: 
/home/cvsroot/gentoo-x86/net-fs/samba/files/system-auth-winbind,v 1.1
  2002/05/06 19:57:08 woodchip Exp $

auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok 
auth        sufficient    /lib/security/pam_winbind.so
auth        required      /lib/security/pam_deny.so

account     sufficient    /lib/security/pam_winbind.so
account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok 
md5 shadow
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_mkhomedir.so 
skel=/etc/skel/ umask=0022 debug
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

My smb.conf looks like:

# Global parameters
         dos charset = 850
         unix charset = UTF8
         workgroup = TESTWG
         server string = %h Samba Server %v
         interfaces =
         security = DOMAIN
         map to guest = Bad User
         log level = 2
         log file = /var/log/samba3/log.%m
         max log size = 500
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
         printcap name = cups
         local master = No
         dns proxy = No
         remote announce =
         remote browse sync =
         idmap uid = 10000-20000
         idmap gid = 10000-20000
         winbind separator = _
         printer admin = '@Domain Admins'
         hosts allow = 192.168.1., 192.168.2., 192.168.3., 127.
         hosts deny = ALL
         map acl inherit = Yes
         printing = cups

         comment = Home dirs
         read only = No
         browseable = No

         comment = Printers
         path = /var/spool/samba
         create mask = 0700
         guest ok = Yes
         printable = Yes
         print command = lpr-cups -P %p %s # using cups own drivers (use 
generic PostScript on clients).
         browseable = No

         path = /var/lib/samba/printers
         write list = @adm, root
         guest ok = Yes

         comment = temporary files
         path = /tmp
         guest ok = Yes


More information about the samba mailing list