[Samba] getent passwd and winbind not work

Stéphane PURNELLE stephane.purnelle at corman.be
Thu Jan 30 03:07:15 MST 2014


In fact, uidNumber of users in my AD start at 1000.

The minor number in range of smb.conf equal the lower uidNumber in my AD.

no local user needed... if yes, I will force a uidNumber lower than 1000.

-----------------------------------
Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
Service Informatique       Corman S.A.           Tel : 00 32 (0)87/342467

Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 10:41:13:

> De : Rowland Penny <rowlandpenny at googlemail.com>
> A : Stéphane PURNELLE <stephane.purnelle at corman.be>, sambalist 
> <samba at lists.samba.org>, 
> Date : 30/01/2014 10:41
> Objet : Re: [Samba] getent passwd and winbind not work
> 
> On 30/01/14 09:30, Stéphane PURNELLE wrote:
> Hi Rowland, 
> 
> My smb.conf (global part) 
> 
> # Global parameters 
> [global] 
>         workgroup = XXXXXX 
>         realm = xxxxxxdom.int-xxxxxx.be 
>         netbios name = admin01 
> 
>         security = ADS 
>         encrypt passwords = yes 
> 
>         idmap config *:backend = tdb 
>         idmap config *:range = 50000-51000 
> 
>         idmap config XXXXXX:backend = ad 
>         idmap config XXXXXX:schema_mode = rfc2307 
>         idmap config XXXXXX:range = 1000-40000 
> 
>         winbind nss info = rfc2307 
>         winbind trusted domains only = no 
>         winbind use default domain = yes 
>         winbind enum users = yes 
>         winbind enum groups = yes 
> 
>         # ACL support on member server 
>         # vfs objects = acl_xattr 
>         map acl inherit = Yes 
>         # store dos attributes = Yes 
> 
>         # user Administrator workaround 
>         username map = /srv/samba/etc/samba_usermap 
> 
>         pid directory = /var/run/samba 
> 
>         # log management 
>         max log size = 50000 
>         log level = 3 
>         log file = /var/log/samba/%U.%m.log 
> 
>         unix charset = ISO-8859-15 
>         dos charset = ISO-8859-15 
> 
> 
> -----------------------------------
> Stéphane PURNELLE                         Admin. Systèmes et Réseaux 
> Service Informatique       Corman S.A.           Tel : 00 32 
(0)87/342467 
> 
> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 
10:22:07:
> 
> > De : Rowland Penny <rowlandpenny at googlemail.com> 
> > A : Stéphane PURNELLE <stephane.purnelle at corman.be>, 
samba at lists.samba.org, 
> > Date : 30/01/2014 10:22 
> > Objet : Re: [Samba] getent passwd and winbind not work 
> > 
> > On 30/01/14 09:18, Stéphane PURNELLE wrote:
> > > Yes I need rfc2307.  it's for a file server not a DC
> > >
> > > user will not connect to this server, it's just for manage ACL on 
file
> > > server
> > >
> > > AND I TEST WINBIND
> > >
> > > -----------------------------------
> > > Stéphane PURNELLE                         Admin. Systèmes et Réseaux
> > > Service Informatique       Corman S.A.           Tel : 00 32 
(0)87/342467
> > >
> > > samba-bounces at lists.samba.org wrote on 30/01/2014 09:58:24:
> > >
> > >> De : L.P.H. van Belle <belle at bazuin.nl>
> > >> A : samba at lists.samba.org <samba at lists.samba.org>,
> > >> Date : 30/01/2014 09:56
> > >> Objet : Re: [Samba] getent passwd and winbind not work
> > >> Envoyé par : samba-bounces at lists.samba.org
> > >>
> > >> 2 things.
> > >>
> > >> 1) do you need the RFC2307.
> > >> 2) is username/homedir/shell sufficient.
> > >> then look at nsswitch.conf and libpam-ldap nss-ldap
> > >> try at least add winbind to nsswitch.conf
> > >>
> > >>
> > >> Greetz,
> > >>
> > >> Louis
> > >>
> > >>
> > >>
> > >>> -----Oorspronkelijk bericht-----
> > >>> Van: sven.schwedas at tao.at
> > >>> [mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
> > >>> Verzonden: donderdag 30 januari 2014 8:39
> > >>> Aan: samba at lists.samba.org
> > >>> Onderwerp: Re: [Samba] getent passwd and winbind not work
> > >>>
> > >>> Are the required RFC2307 attributes for posixUser/posixGroup
> > >>> entries set
> > >>> (cf. winbind manpages)?
> > >>>
> > >>> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
> > >>>> Hi,
> > >>>>
> > >>>> I test (replacement of nslcd ) winbind in member server.
> > >>>>
> > >>>> I used Samba4/Winbind howto and howto for member server.
> > >>>>
> > >>>> wbinfo -u and wbinfo -g work fine but getent passwd not work
> > >>> (getent not
> > >>>> list user from AD)
> > >>>>
> > >>>> Why ?
> > >>>> Anyone have a idea ?
> > >>>>
> > >>>> thx
> > >>>>
> > >>>>          Stéphane
> > >>>>
> > >>>> -----------------------------------
> > >>>> Stéphane PURNELLE                         Admin. Systèmes et 
Réseaux
> > >>>> Service Informatique       Corman S.A.           Tel : 00 32
> > >>> (0)87/342467
> > >>> -- 
> > >>> Mit freundlichen Grüßen, / Best Regards,
> > >>> Sven Schwedas
> > >>> Systemadministrator
> > >>> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> > >>> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
> > >>> http://software.tao.at
> > >>>
> > >>> -- 
> > >>> To unsubscribe from this list go to the following URL and read the
> > >>> instructions:  https://lists.samba.org/mailman/options/samba
> > >>>
> > >> -- 
> > >> To unsubscribe from this list go to the following URL and read the
> > >> instructions:  https://lists.samba.org/mailman/options/samba
> > Could you please post a copy of your smb.conf?
> > 
> > Rowland
> > 
> Hi Stephane, Do your users have uidNumbers inside 1000-40000? if not
> then getent will not show them, same for groups, also I would 
> probably raise the lower end of the range, if your OS starts local 
> users from 1000 you will not be able to add any local users (I think).
> 
> Rowland


More information about the samba mailing list