[Samba] getent passwd and winbind not work
Rowland Penny
rowlandpenny at googlemail.com
Thu Jan 30 03:17:39 MST 2014
On 30/01/14 10:07, Stéphane PURNELLE wrote:
> In fact, uidNumber of users in my AD start at 1000.
>
> The minor number in range of smb.conf equal the lower uidNumber in my AD.
>
> no local user needed... if yes, I will force a uidNumber lower than 1000.
>
> -----------------------------------
> Stéphane PURNELLE Admin. Systèmes et Réseaux
> Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
>
> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 10:41:13:
>
> > De : Rowland Penny <rowlandpenny at googlemail.com>
> > A : Stéphane PURNELLE <stephane.purnelle at corman.be>, sambalist
> > <samba at lists.samba.org>,
> > Date : 30/01/2014 10:41
> > Objet : Re: [Samba] getent passwd and winbind not work
> >
> > On 30/01/14 09:30, Stéphane PURNELLE wrote:
> > Hi Rowland,
> >
> > My smb.conf (global part)
> >
> > # Global parameters
> > [global]
> > workgroup = XXXXXX
> > realm = xxxxxxdom.int-xxxxxx.be
> > netbios name = admin01
> >
> > security = ADS
> > encrypt passwords = yes
> >
> > idmap config *:backend = tdb
> > idmap config *:range = 50000-51000
> >
> > idmap config XXXXXX:backend = ad
> > idmap config XXXXXX:schema_mode = rfc2307
> > idmap config XXXXXX:range = 1000-40000
> >
> > winbind nss info = rfc2307
> > winbind trusted domains only = no
> > winbind use default domain = yes
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > # ACL support on member server
> > # vfs objects = acl_xattr
> > map acl inherit = Yes
> > # store dos attributes = Yes
> >
> > # user Administrator workaround
> > username map = /srv/samba/etc/samba_usermap
> >
> > pid directory = /var/run/samba
> >
> > # log management
> > max log size = 50000
> > log level = 3
> > log file = /var/log/samba/%U.%m.log
> >
> > unix charset = ISO-8859-15
> > dos charset = ISO-8859-15
> >
> >
> > -----------------------------------
> > Stéphane PURNELLE Admin. Systèmes et Réseaux
> > Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
> >
> > Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014
> 10:22:07:
> >
> > > De : Rowland Penny <rowlandpenny at googlemail.com>
> > > A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> samba at lists.samba.org,
> > > Date : 30/01/2014 10:22
> > > Objet : Re: [Samba] getent passwd and winbind not work
> > >
> > > On 30/01/14 09:18, Stéphane PURNELLE wrote:
> > > > Yes I need rfc2307. it's for a file server not a DC
> > > >
> > > > user will not connect to this server, it's just for manage ACL
> on file
> > > > server
> > > >
> > > > AND I TEST WINBIND
> > > >
> > > > -----------------------------------
> > > > Stéphane PURNELLE Admin. Systèmes et Réseaux
> > > > Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
> > > >
> > > > samba-bounces at lists.samba.org wrote on 30/01/2014 09:58:24:
> > > >
> > > >> De : L.P.H. van Belle <belle at bazuin.nl>
> > > >> A : samba at lists.samba.org <samba at lists.samba.org>,
> > > >> Date : 30/01/2014 09:56
> > > >> Objet : Re: [Samba] getent passwd and winbind not work
> > > >> Envoyé par : samba-bounces at lists.samba.org
> > > >>
> > > >> 2 things.
> > > >>
> > > >> 1) do you need the RFC2307.
> > > >> 2) is username/homedir/shell sufficient.
> > > >> then look at nsswitch.conf and libpam-ldap nss-ldap
> > > >> try at least add winbind to nsswitch.conf
> > > >>
> > > >>
> > > >> Greetz,
> > > >>
> > > >> Louis
> > > >>
> > > >>
> > > >>
> > > >>> -----Oorspronkelijk bericht-----
> > > >>> Van: sven.schwedas at tao.at
> > > >>> [mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
> > > >>> Verzonden: donderdag 30 januari 2014 8:39
> > > >>> Aan: samba at lists.samba.org
> > > >>> Onderwerp: Re: [Samba] getent passwd and winbind not work
> > > >>>
> > > >>> Are the required RFC2307 attributes for posixUser/posixGroup
> > > >>> entries set
> > > >>> (cf. winbind manpages)?
> > > >>>
> > > >>> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
> > > >>>> Hi,
> > > >>>>
> > > >>>> I test (replacement of nslcd ) winbind in member server.
> > > >>>>
> > > >>>> I used Samba4/Winbind howto and howto for member server.
> > > >>>>
> > > >>>> wbinfo -u and wbinfo -g work fine but getent passwd not work
> > > >>> (getent not
> > > >>>> list user from AD)
> > > >>>>
> > > >>>> Why ?
> > > >>>> Anyone have a idea ?
> > > >>>>
> > > >>>> thx
> > > >>>>
> > > >>>> Stéphane
> > > >>>>
> > > >>>> -----------------------------------
> > > >>>> Stéphane PURNELLE Admin. Systèmes et Réseaux
> > > >>>> Service Informatique Corman S.A. Tel : 00 32
> > > >>> (0)87/342467
> > > >>> --
> > > >>> Mit freundlichen Grüßen, / Best Regards,
> > > >>> Sven Schwedas
> > > >>> Systemadministrator
> > > >>> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> > > >>> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
> > > >>> http://software.tao.at <http://software.tao.at/>
> > > >>>
> > > >>> --
> > > >>> To unsubscribe from this list go to the following URL and read the
> > > >>> instructions: https://lists.samba.org/mailman/options/samba
> > > >>>
> > > >> --
> > > >> To unsubscribe from this list go to the following URL and read the
> > > >> instructions: https://lists.samba.org/mailman/options/samba
> > > Could you please post a copy of your smb.conf?
> > >
> > > Rowland
> > >
> > Hi Stephane, Do your users have uidNumbers inside 1000-40000? if not
> > then getent will not show them, same for groups, also I would
> > probably raise the lower end of the range, if your OS starts local
> > users from 1000 you will not be able to add any local users (I think).
> >
> > Rowland
OK, so comparing your smb.conf to the domain member howto page should
mean that it works, obviously for you it doesn't. I take it that you are
running samba4 in classic mode i.e. smbd, nmbd & winbindd daemons are
all running.
This is exactly the reason why I use that package that I cannot name,
though now I am testing winbind in 'netlogon proxy only mode' as well.
I think that one of the devs is going to have to help you here, because
I cannot see where you are going wrong, you seem to be doing everything
right.
Rowland
More information about the samba
mailing list