[Samba] getent group is not working

Eduardo Sotomayor easgs at hotmail.com
Wed Aug 27 12:39:17 MDT 2014 

getent group is not working in an opensuse 13.1 member server for an active directory samba 4 domain
wbinfo -u, wbinfo -g, wbinfo -t and getent passwd | grep SIENIC are working, these are my configuration files and the output of the commands.

Note: the domain controller has samba installed from source (4.1.11), the member server has the distro packages installed (4.1.0)



blue25:/home/SIENIC/administrator # wbinfo -u
SIENIC\administrator
SIENIC\dns-server01
SIENIC\krbtgt
SIENIC\guest

blue25:/home/SIENIC/administrator # wbinfo -g
SIENIC\allowed rodc password replication group
SIENIC\enterprise read-only domain controllers
SIENIC\denied rodc password replication group
SIENIC\read-only domain controllers
SIENIC\group policy creator owners
SIENIC\ras and ias servers
SIENIC\domain controllers
SIENIC\enterprise admins
SIENIC\domain computers
SIENIC\cert publishers
SIENIC\dnsupdateproxy
SIENIC\domain admins
SIENIC\domain guests
SIENIC\schema admins
SIENIC\domain users
SIENIC\dnsadmins

blue25:/home/SIENIC/administrator # wbinfo -t
checking the trust secret for domain SIENIC via RPC calls succeeded

blue25:/home/SIENIC/administrator # getent passwd | grep SIENIC
SIENIC\administrator:*:10000:10004:Administrator:/home/SIENIC/administrator:/bin/bash
SIENIC\dns-server01:*:10001:10004:dns-server01:/home/SIENIC/dns-server01:/bin/bash
SIENIC\krbtgt:*:10002:10004:krbtgt:/home/SIENIC/krbtgt:/bin/bash
SIENIC\guest:*:10003:10011:Guest:/home/SIENIC/guest:/bin/bash

blue25:/home/SIENIC/administrator # getent group | grep SIENIC

blue25:/home/SIENIC/administrator # getent group


/etc/nsswitch.conf


#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd:    compat winbind
group:    compat winbind

hosts:    files mdns_minimal [NOTFOUND=return] dns
networks:    files dns

services:    files
protocols:    files
rpc:    files
ethers:    files
netmasks:    files
netgroup:    files nis
publickey:    files

bootparams:    files
automount:    files nis
aliases:    files


/etc/krb5

[libdefaults]
    default_realm = SIENIC.SITE
    clockskew = 300
#    default_realm = EXAMPLE.COM 

[realms]
SIENIC.SITE = {
    kdc = server01.sienic.site
    default_domain = sienic.site
    admin_server = server01.sienic.site
}
#    EXAMPLE.COM = {
#                kdc = kerberos.example.com
#        admin_server = kerberos.example.com
#    }

[logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmind.log
    default = SYSLOG:NOTICE:DAEMON
[domain_realm]
    .sienic.site = SIENIC.SITE
[appdefaults]
pam = {
    ticket_lifetime = 1d
    renew_lifetime = 1d
    forwardable = true
    proxiable = false
    minimum_uid = 1
}


/etc/samba/smb.conf


[global]
    workgroup = SIENIC
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    include = /etc/samba/dhcp.conf
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = No
    #idmap gid = 10000-20000
    #idmap uid = 10000-20000
    kerberos method = secrets and keytab
    realm = SIENIC.SITE
    security = ADS
    template homedir = /home/%D/%U
    template shell = /bin/bash
    usershare max shares = 100
    winbind offline logon = yes
    winbind refresh tickets = yes
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes
    idmap config *:range = 50000-60000
    idmap config SIENIC:backend = ad
    idmap config SIENIC:schema_mode = rfc2307
    idmap config SIENIC:range = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes


thanks

More information about the samba mailing list