[Samba] getent and wbinfo not returning expected results?

Fri Sep 16 21:39:00 GMT 2005

> > If 'wbinfo -u' returns the domain user list, but 'getent 
> > passwd' does not, 
> > this means that NSS is not working. It has nothing to do with PAM.

Taking a cue from above, I edited nsswitch.conf to reflect your recommended
nsswitch.conf settings as follows:

passwd: files winbind      
group: files winbind      
hosts: files winbind dns
networks: files
shells: files

wbinfo -u, wbinfo -g, getent passwd, and getent group now properly presents
local & domain users!!!!!!!!!!!!!! Egads! I need to be careful with what I
leave in nsswitch.conf! I'm so thrilled to get the enumeration stuff working
now!

One more thing: The getent passwd produces as follows:

aries-root@/usr/local/lib/OLD: /usr/local/sbin/getent passwd
root:$1$nKq6XJlA$znAgh1MrkzByxA6/HDuah1:0:0:Charlie &:/root:/bin/csh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin
operator:*:2:5:System &:/:/usr/sbin/nologin
bin:*:3:7:Binaries Commands and Source:/:/usr/sbin/nologin
tty:*:4:65533:Tty Sandbox:/:/usr/sbin/nologin
kmem:*:5:65533:KMem Sandbox:/:/usr/sbin/nologin
games:*:7:13:Games pseudo-user:/usr/games:/usr/sbin/nologin
news:*:8:8:News Subsystem:/:/usr/sbin/nologin
man:*:9:9:Mister Man Pages:/usr/share/man:/usr/sbin/nologin
sshd:*:22:22:Secure Shell Daemon:/var/empty:/usr/sbin/nologin
smmsp:*:25:25:Sendmail Submission
User:/var/spool/clientmqueue:/usr/sbin/nologin
mailnull:*:26:26:Sendmail Default User:/var/spool/mqueue:/usr/sbin/nologin
bind:*:53:53:Bind Sandbox:/:/usr/sbin/nologin
proxy:*:62:62:Packet Filter pseudo-user:/nonexistent:/usr/sbin/nologin
_pflogd:*:64:64:pflogd privsep user:/var/empty:/usr/sbin/nologin
uucp:*:66:66:UUCP
pseudo-user:/var/spool/uucppublic:/usr/local/libexec/uucp/uucico
pop:*:68:6:Post Office Owner:/nonexistent:/usr/sbin/nologin
www:*:80:80:World Wide Web Owner:/nonexistent:/usr/sbin/nologin
nobody:*:65534:65534:Unprivileged user:/nonexistent:/usr/sbin/nologin
dougs:$1$EKEN2gSO$kXpBoFW5qfpDq3KF0ODT91:1001:1001:Doug
Sampson:/home/dougs:/bin/sh
beckyr:$1$deELUVIF$rHMoGndIAUOqUTfLFQnxR.:1002:1002:Becky
Ryan:/home/beckyr:/bin/sh
alfredos:$1$SxjkDe4a$wib3bY8ugKZy.gRPnjJ2r0:1003:1003:Alfredo
Sierra:/home/alfredos:/bin/sh
michaelm:$1$bSVPy645$N02/WIbak.fLIxShs3JcT1:1004:1004:Michael
MacAulay:/home/michaelm:/bin/sh
DSP-adrianp:x:15000:15000:Adrian Pearson:/usr/home/DSP/adrianp:/bin/bash
DSP-alfredo:x:15001:15000:Alfredo Sierra:/usr/home/DSP/alfredo:/bin/bash
DSP-barry:x:15002:15000:Barry Howland:/usr/home/DSP/barry:/bin/bash
DSP-becky:x:15003:15000:Rebecca L. Ryan:/usr/home/DSP/becky:/bin/bash
DSP-benb:x:15004:15000:Ben Bahan:/usr/home/DSP/benb:/bin/bash
<...snip...>

whereas getent group produces the following:

aries-root@/usr/local/lib/OLD: /usr/local/sbin/getent group
wheel:*:0:root,dougs
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
uucp:*:66:
dialer:*:68:
network:*:69:
www:*:80:
nogroup:*:65533:
nobody:*:65534:
dougs:*:1001:
beckyr:*:1002:
alfredos:*:1003:
michaelm:*:1004:
production:*:10000:dougs,beckyr,alfredos,michaelm
DSP-CUSTSVC:x:15001:DSP-Barry,DSP-denise,DSP-susan,DSP-heatherq,DSP-GIGI,DSP
-moniqueb,DSP-TAMI,DSP-ChrisM,DSP-Leigh,DSP-Maryann,DSP-JoeS
DSP-Domain
Admins:x:15002:DSP-DSPAdmin,DSP-Tom,DSP-root,DSP-Robot,DSP-smtp2pop3,DSP-DSP
ADMIN1,DSP-Doug,DSP-Tom2
DSP-Domain Guests:x:15003:
<...snip...>
DSP-Dynamics:x:15005:DSP-Jared,DSP-Tom,DSP-Kris,DSP-Tom2
DSP-FINANCE:x:15006:DSP-DANNIS,DSP-GIGI,DSP-TAMI,DSP-Tom2,DSP-Tom,DSP-Doug,D
SP-dahmian,DSP-Jared,DSP-Holly,DSP-Lynne,DSP-boe
DSP-Management:x:15007:DSP-DANNIS,DSP-Joe,DSP-GIGI,DSP-TAMI,DSP-TJ,DSP-Tom,D
SP-Becky,DSP-Barry,DSP-Maryann,DSP-Tom2,DSP-Jon,DSP-Jared
DSP-MARKETING:x:15008:DSP-JoeS,DSP-GIGI,DSP-Becky,DSP-Barry,DSP-Leslie

Why is the prepended domain username in lower case in getent passwd but not
with getent group? Will this create problems?

~Doug