[Samba] getent passwd does not list trusted users

Gaiseric Vandal gaiseric.vandal at gmail.com
Mon Jun 6 13:16:28 MDT 2011 

I do have the entries in /etc/nswitch.conf

The "getent passwd"  won't list the winbind users although I can get 
details on a specific user with the "getent passwd 
SOMEDOMAIN\\someuser"   common


I looked in the /var/samba/locks directory -

I have a winbindd_cache.tdb file that is current.  I don't have a 
current idmap_cache.tdb file anymore.  Not sure I need one.   I 
initially stated with samba 3.0.x, then upgraded to 3.4.x, then to 
3.5.x, and it seems with .X upgrade that the configuration for winbind 
and idmapping changes.


This may be a bug in Solaris itself rather than samba.





On 06/06/2011 02:28 PM, timothy mcdaniel wrote:
> I have been looking at
> http://samba.2283325.n4.nabble.com/Trusted-domain-users-unwantedly-mapping-onto-local-domain-users-td3005928.html
> and I think that if you add this in your nsswitch.conf like it says in the
> website above:
> if you already have the passwd: files ldap and group: files ldap in your
> nsswitch.conf then just add winbind to the end of the lines of the passwd
> and group lines. just like it is shown below: If you need any more help just
> email me back, and I will try to help you.
>
> *passwd*: files ldap winbind
>    group: files ldap winbind
>
>> ---------- Forwarded message ----------
>> From: Gaiseric Vandal<gaiseric.vandal at gmail.com>
>> To: Samba<samba at lists.samba.org>
>> Date: Mon, 06 Jun 2011 12:04:14 -0400
>> Subject: [Samba] getent passwd does not list trusted users
>> I am running Samba 3.5.5 on Solaris 10.  This is the latest Sun/Oracle
>> provided build.  I have an ldap backend for everything (unix+samba accounts,
>> idmapping for domain trusts.)  The Samba server is a PDC for a domain we can
>> call "SAMBA."    Each samba account is tied to a unix account.
>>
>> I have a one-way  domain trust setup with a Windows 2003 domain which we
>> can call "WIN2003."  SAMBA trusts WIN2003.   "getent passwd" and "getent
>> group" seem to fundamentally be working (depending on syntax)  BUT "getent
>> passwd" does NOT list trusted users.
>>
>>
>> On the solaris machine:
>>
>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>> "wbinfo -u"  and "wbinfo -g"    lists all users in this domain + the
>> WIN2003 domain.   For the SAMBA users, the domain name is stripped out.
>>
>>
>>   "getent passwd" -  lists all "unix" users (in ldap or /etc/passwd.)
>>         It does not list the samba users -  which is the expected and
>> desired behaviour.
>>         I had expected it to list users from the WIN2003 domain.
>>
>>
>> "getent group"  -  lists all "unix" groups  (in ldap or /etc/passwd)
>>         It does not listed the SAMBA groups - which is the expected and
>> desired behaviour.
>>         It does list WIN2003 groups-  which is  also the expected and
>> desired behaviour.
>>
>>
>> "getent passwd SAMBA\\user" -  shows uid, gid, home directory, shell
>> "getent passwd WIN2003\\user" -  shows uid, gid, home directory, shell
>>
>> "getent group SAMBA\\group" -  shows gid, members
>> "getent group WIN2003\\group" -  shows gid, members
>>
>>
>> "id SAMBA\\user" -  shows uid and gid
>> "id  WIN2003 \\user" -  shows uid and gid
>>
>>
>> ---------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>>
>> I can use chown and other commands from solaris command line  to grant
>> rights to a user from the trusted domain.  However, in a Windows machine in
>> samba domain, when setting file permissions, I can not see the trusted
>> domain.
>>
>>
>> Any thoughts?
>>
>>
>> Thanks

More information about the samba mailing list