[Samba] getent passwd does not list trusted users

timothy mcdaniel timnboys at gmail.com
Mon Jun 6 12:28:03 MDT 2011 

I have been looking at
http://samba.2283325.n4.nabble.com/Trusted-domain-users-unwantedly-mapping-onto-local-domain-users-td3005928.html
and I think that if you add this in your nsswitch.conf like it says in the
website above:
if you already have the passwd: files ldap and group: files ldap in your
nsswitch.conf then just add winbind to the end of the lines of the passwd
and group lines. just like it is shown below: If you need any more help just
email me back, and I will try to help you.

*passwd*: files ldap winbind
  group: files ldap winbind

> ---------- Forwarded message ----------
> From: Gaiseric Vandal <gaiseric.vandal at gmail.com>
> To: Samba <samba at lists.samba.org>
> Date: Mon, 06 Jun 2011 12:04:14 -0400
> Subject: [Samba] getent passwd does not list trusted users
> I am running Samba 3.5.5 on Solaris 10.  This is the latest Sun/Oracle
> provided build.  I have an ldap backend for everything (unix+samba accounts,
> idmapping for domain trusts.)  The Samba server is a PDC for a domain we can
> call "SAMBA."    Each samba account is tied to a unix account.
>
> I have a one-way  domain trust setup with a Windows 2003 domain which we
> can call "WIN2003."  SAMBA trusts WIN2003.   "getent passwd" and "getent
> group" seem to fundamentally be working (depending on syntax)  BUT "getent
> passwd" does NOT list trusted users.
>
>
> On the solaris machine:
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
> "wbinfo -u"  and "wbinfo -g"    lists all users in this domain + the
> WIN2003 domain.   For the SAMBA users, the domain name is stripped out.
>
>
>  "getent passwd" -  lists all "unix" users (in ldap or /etc/passwd.)
>        It does not list the samba users -  which is the expected and
> desired behaviour.
>        I had expected it to list users from the WIN2003 domain.
>
>
> "getent group"  -  lists all "unix" groups  (in ldap or /etc/passwd)
>        It does not listed the SAMBA groups - which is the expected and
> desired behaviour.
>        It does list WIN2003 groups-  which is  also the expected and
> desired behaviour.
>
>
> "getent passwd SAMBA\\user" -  shows uid, gid, home directory, shell
> "getent passwd WIN2003\\user" -  shows uid, gid, home directory, shell
>
> "getent group SAMBA\\group" -  shows gid, members
> "getent group WIN2003\\group" -  shows gid, members
>
>
> "id SAMBA\\user" -  shows uid and gid
> "id  WIN2003 \\user" -  shows uid and gid
>
>
> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>
> I can use chown and other commands from solaris command line  to grant
> rights to a user from the trusted domain.  However, in a Windows machine in
> samba domain, when setting file permissions, I can not see the trusted
> domain.
>
>
> Any thoughts?
>
>
> Thanks

More information about the samba mailing list