[Samba] Samba 3.6.0: unable to list Active Directoy users

David Touzeau david at touzeau.eu
Fri Aug 12 02:23:26 MDT 2011

Dear all

I have upgraded my Samba from 3.5.x to a newest 3.6.0 version.
My Samba is connected to an Active Directory 2008 R2

the "getent passwd" did not display any ActiveDirectoy Domains users.
the "net ads group" display correctly the ActiveDirectory groups :

net ads group
Opérateurs d’impression
Opérateurs de sauvegarde
Utilisateurs du Bureau à distance
Opérateurs de configuration réseau
Utilisateurs de l’Analyseur de performances
Utilisateurs du journal de performances
Utilisateurs du modèle COM distribué
Opérateurs de chiffrement
Lecteurs des journaux d’événements
Accès DCOM service de certificats
Ordinateurs du domaine

I think there is a misconfiguration in my setup but did not find any
Where i'm wrong ?

	workgroup = TOUZEAU
	netbios name = bdc2
	server string = %h server
	disable netbios =no
	max protocol = SMB2
	name resolve order =host lmhosts wins bcast
	dns proxy = No
	wins support = No
	min protocol = NT1
	syslog = 3
	log level = 10
	log file = /var/log/samba/log.%m
	debug timestamp = yes

#	Enable symbolics links -----------------------------------
	follow symlinks = yes
	wide links = yes
	unix extensions = no

	usershare allow guests = no
	usershare max shares = 100
	usershare owner only = true
	usershare path=/var/lib/samba/usershares/data

#Guest access
	guest account = nobody
	map to guest = Bad Password
	template homedir = /home/%U
	template shell = /bin/false
	enable privileges = yes
	os level = 40
	ldap passwd sync = no

#WINBINDD *******************************************************
	security = ADS

	idmap config TOUZEAU:backend = ad
	idmap config TOUZEAU:readonly = yes
	idmap config TOUZEAU:schema_mode = rfc2307
	idmap config * : range = 16777216-33554431
	client use spnego = No
	client use spnego principal = No
	encrypt passwords = Yes
	client ntlmv2 auth = Yes
	client lanman auth = No
	winbind normalize names = Yes
	winbind separator = /
	winbind use default domain = No
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind nested groups = Yes
	winbind nss info = rfc2307
	winbind offline logon = true
	winbind cache time = 5
	winbind refresh tickets = true
	kerberos method = system keytab
	allow trusted domains = Yes
	server signing = mandatory
	client signing = mandatory
	lm announce = No
	ntlm auth = No
	lanman auth = No
	preferred master = No

printing = bsd

#	VISTA/Windows7 compatibility
#	ACLs settings
	nt acl support=yes
	map acl inherit=yes
	acl check permissions=yes
	inherit permissions=no
	inherit acls=no
	acl map full control=yes
	dos filemode=yes
	force unknown acl user = no

# LDAP settings -----------------------------------
	ldap delete dn = no
	passdb backend = ldapsam:ldap://
	ldap admin dn = cn=Manager,dc=my-domain,dc=com
	ldap suffix = dc=my-domain,dc=com
	ldap group suffix = dc=organizations
	ldap user suffix =  dc=organizations
	ldap machine suffix = ou=Computer,dc=samba,dc=organizations
	ldap delete dn = yes
	ldap ssl  = off
	ldap idmap suffix =

More information about the samba mailing list