[Samba] getent passwd/getent passwd username inconsistencies

Nick forums at 2thebatcave.com
Sun Jan 18 22:55:13 GMT 2009

I've came across what appears to be a bug, but I wanted to get some feedback
on the list before reporting it to make sure I'm not doing something
stupid.  I'm using 3.2.7.

I see that when I do "getent passwd", I get an entry like this:
testuser:*:1000:20:Test User:/home/poo/testuser:/bin/bash

But when I do "getent passwd testuser", I get this:
testuser:*:1000:100:Test User:/home/poo/testuser:/bin/bash

It seems that when doing getent passwd username, the primary group is the
user's gidNumber attribute in active directory (which is correct).  However
when doing getent passwd to retrieve a full list of users, it uses the
windows primary group (set via primaryGroupID) instead.  This is bad since
it's inconsistent, but also bad in our environment since Domain Users
doesn't have a gidNumber setup.  This means any user with the windows
primary group set as the default doesn't come up when doing a "getent

In active directory, for each UNIX user the uidNumber, gidNumber, and
loginShell attributes are set.  The groups that are used in UNIX have
gidNumber set.  The home directory attribute is not set, since that is
different per platform (the MACs use /Users instead of /home, and I wanted
each platform to use their own default).

Below is my smb.conf:
        log level = 3
        log file = /var/log/samba/smbd.log
        security = ads
        workgroup = EXAMPLE
        realm = EXAMPLE.COM
        server signing = auto
        allow trusted domains = no
        winbind use default domain = yes
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind nested groups = Yes
        template shell = /bin/sh
        template homedir = /home/poo/%U
        winbind nss info = rfc2307
        idmap backend = ad

More information about the samba mailing list