[Samba] wbinfo -u lists ADS users without domain,
getent passwd returns only local users
Thomas Leavitt
tleavitt at unameits.com
Tue Jun 3 18:09:42 GMT 2008
I'm using Samba/Winbind for single-sign on in a network where Active
Directory is the authoritative authentication source. The active
directory server is Windows 2003 with Services for Unix installed so
that the schema is extended and the management interface has a "Unix
Attributes" tab.
wbinfo -u produces a list of users, without a DOMAIN+ prefix.
getent passwd lists only local users
although
getent passwd username produces the proper info. Same behavior for
groups.
Could SELinux interference be the problem? This happens even after I
completely disable it, leave the domain, and then rejoin the domain and
restart everything.
Everything is "working", but this strikes me as incorrect behavior.
Here's a dump of my samba config
[global]
workgroup = BLAH
realm = BLAHHQ.BLAH-INC.COM
server string = Samba Server Version %v
security = ADS
auth methods = winbind
password server = BLAH-DC-02.BLAHHQ.BLAH-INC.COM
BLAH-DC-04.BLAHHQ.BLAH-INC.COM
idmap domains = BLAHHQ.BLAH-INC.COM
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = sfu
idmap config BLAHHQ.BLAH-INC.COM:range = 10000-40000
idmap config BLAHHQ.BLAH-INC.COM:backend = ad
idmap config BLAHHQ.BLAH-INC.COM:default = yes
idmap config BLAHHQ.BLAH-INC.COM:schema_mode = sfu
[homes]
comment = Home Directories
valid users = BLAHHQ.BLAH-INC.COM+%S
read only = No
browseable = No
nsswitch.conf lists "files winbind"
There's nothing particularly exotic going on here, as far as I can tell
(other than the hassle created by SELinux). What am I missing? If y'all
need more info, please tell me.
Regards,
Thomas Leavitt
More information about the samba
mailing list