[Samba] getent passwd and winbind not work
Sven Schwedas
sven.schwedas at tao.at
Thu Jan 30 03:20:39 MST 2014
Note that uid<1000 is usually reserved for non-interactive accounts and
may exhibit unusual behaviour (e.g. not shown by login managers). I'd
recommend uid>40000 (or whatever your upper AD limit is) to ensure
compatibility.
On 2014-01-30 11:07, Stéphane PURNELLE wrote:
> In fact, uidNumber of users in my AD start at 1000.
>
> The minor number in range of smb.conf equal the lower uidNumber in my AD.
>
> no local user needed... if yes, I will force a uidNumber lower than 1000.
>
> -----------------------------------
> Stéphane PURNELLE Admin. Systèmes et Réseaux
> Service Informatique Corman S.A. Tel : 00 32 (0)87/342467
>
> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 10:41:13:
>
>> De : Rowland Penny <rowlandpenny at googlemail.com>
>> A : Stéphane PURNELLE <stephane.purnelle at corman.be>, sambalist
>> <samba at lists.samba.org>,
>> Date : 30/01/2014 10:41
>> Objet : Re: [Samba] getent passwd and winbind not work
>>
>> On 30/01/14 09:30, Stéphane PURNELLE wrote:
>> Hi Rowland,
>>
>> My smb.conf (global part)
>>
>> # Global parameters
>> [global]
>> workgroup = XXXXXX
>> realm = xxxxxxdom.int-xxxxxx.be
>> netbios name = admin01
>>
>> security = ADS
>> encrypt passwords = yes
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 50000-51000
>>
>> idmap config XXXXXX:backend = ad
>> idmap config XXXXXX:schema_mode = rfc2307
>> idmap config XXXXXX:range = 1000-40000
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> # ACL support on member server
>> # vfs objects = acl_xattr
>> map acl inherit = Yes
>> # store dos attributes = Yes
>>
>> # user Administrator workaround
>> username map = /srv/samba/etc/samba_usermap
>>
>> pid directory = /var/run/samba
>>
>> # log management
>> max log size = 50000
>> log level = 3
>> log file = /var/log/samba/%U.%m.log
>>
>> unix charset = ISO-8859-15
>> dos charset = ISO-8859-15
>>
>>
>> -----------------------------------
>> Stéphane PURNELLE Admin. Systèmes et Réseaux
>> Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
>>
>> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014
> 10:22:07:
>>
>>> De : Rowland Penny <rowlandpenny at googlemail.com>
>>> A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> samba at lists.samba.org,
>>> Date : 30/01/2014 10:22
>>> Objet : Re: [Samba] getent passwd and winbind not work
>>>
>>> On 30/01/14 09:18, Stéphane PURNELLE wrote:
>>>> Yes I need rfc2307. it's for a file server not a DC
>>>>
>>>> user will not connect to this server, it's just for manage ACL on
> file
>>>> server
>>>>
>>>> AND I TEST WINBIND
>>>>
>>>> -----------------------------------
>>>> Stéphane PURNELLE Admin. Systèmes et Réseaux
>>>> Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
>>>>
>>>> samba-bounces at lists.samba.org wrote on 30/01/2014 09:58:24:
>>>>
>>>>> De : L.P.H. van Belle <belle at bazuin.nl>
>>>>> A : samba at lists.samba.org <samba at lists.samba.org>,
>>>>> Date : 30/01/2014 09:56
>>>>> Objet : Re: [Samba] getent passwd and winbind not work
>>>>> Envoyé par : samba-bounces at lists.samba.org
>>>>>
>>>>> 2 things.
>>>>>
>>>>> 1) do you need the RFC2307.
>>>>> 2) is username/homedir/shell sufficient.
>>>>> then look at nsswitch.conf and libpam-ldap nss-ldap
>>>>> try at least add winbind to nsswitch.conf
>>>>>
>>>>>
>>>>> Greetz,
>>>>>
>>>>> Louis
>>>>>
>>>>>
>>>>>
>>>>>> -----Oorspronkelijk bericht-----
>>>>>> Van: sven.schwedas at tao.at
>>>>>> [mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
>>>>>> Verzonden: donderdag 30 januari 2014 8:39
>>>>>> Aan: samba at lists.samba.org
>>>>>> Onderwerp: Re: [Samba] getent passwd and winbind not work
>>>>>>
>>>>>> Are the required RFC2307 attributes for posixUser/posixGroup
>>>>>> entries set
>>>>>> (cf. winbind manpages)?
>>>>>>
>>>>>> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
>>>>>>> Hi,
>>>>>>>
>>>>>>> I test (replacement of nslcd ) winbind in member server.
>>>>>>>
>>>>>>> I used Samba4/Winbind howto and howto for member server.
>>>>>>>
>>>>>>> wbinfo -u and wbinfo -g work fine but getent passwd not work
>>>>>> (getent not
>>>>>>> list user from AD)
>>>>>>>
>>>>>>> Why ?
>>>>>>> Anyone have a idea ?
>>>>>>>
>>>>>>> thx
>>>>>>>
>>>>>>> Stéphane
>>>>>>>
>>>>>>> -----------------------------------
>>>>>>> Stéphane PURNELLE Admin. Systèmes et
> Réseaux
>>>>>>> Service Informatique Corman S.A. Tel : 00 32
>>>>>> (0)87/342467
>>>>>> --
>>>>>> Mit freundlichen Grüßen, / Best Regards,
>>>>>> Sven Schwedas
>>>>>> Systemadministrator
>>>>>> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
>>>>>> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
>>>>>> http://software.tao.at
>>>>>>
>>>>>> --
>>>>>> To unsubscribe from this list go to the following URL and read the
>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>>
>>>>> --
>>>>> To unsubscribe from this list go to the following URL and read the
>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>> Could you please post a copy of your smb.conf?
>>>
>>> Rowland
>>>
>> Hi Stephane, Do your users have uidNumbers inside 1000-40000? if not
>> then getent will not show them, same for groups, also I would
>> probably raise the lower end of the range, if your OS starts local
>> users from 1000 you will not be able to add any local users (I think).
>>
>> Rowland
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20140130/ebb1a272/attachment.pgp>
More information about the samba
mailing list