[Samba] getent passwd and winbind not work

steve steve at steve-ss.com
Thu Jan 30 04:05:48 MST 2014 

On Thu, 2014-01-30 at 10:17 +0000, Rowland Penny wrote:
> On 30/01/14 10:07, Stéphane PURNELLE wrote:
> > In fact, uidNumber of users in my AD start at 1000.
> >
> > The minor number in range of smb.conf equal the lower uidNumber in my AD.
> >
> > no local user needed... if yes, I will force a uidNumber lower than 1000.
> >
> > -----------------------------------
> > Stéphane PURNELLE         Admin. Systèmes et Réseaux
> > Service Informatique       Corman S.A.     Tel : 00 32 (0)87/342467
> >
> > Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 10:41:13:
> >
> > > De : Rowland Penny <rowlandpenny at googlemail.com>
> > > A : Stéphane PURNELLE <stephane.purnelle at corman.be>, sambalist
> > > <samba at lists.samba.org>,
> > > Date : 30/01/2014 10:41
> > > Objet : Re: [Samba] getent passwd and winbind not work
> > >
> > > On 30/01/14 09:30, Stéphane PURNELLE wrote:
> > > Hi Rowland,
> > >
> > > My smb.conf (global part)
> > >
> > > # Global parameters
> > > [global]
> > >         workgroup = XXXXXX
> > >         realm = xxxxxxdom.int-xxxxxx.be
> > >         netbios name = admin01
> > >
> > >         security = ADS
> > >         encrypt passwords = yes
> > >
> > >         idmap config *:backend = tdb
> > >         idmap config *:range = 50000-51000
> > >
> > >         idmap config XXXXXX:backend = ad
> > >         idmap config XXXXXX:schema_mode = rfc2307
> > >         idmap config XXXXXX:range = 1000-40000
> > >
> > >         winbind nss info = rfc2307
> > >         winbind trusted domains only = no
> > >         winbind use default domain = yes
> > >         winbind enum users = yes
> > >         winbind enum groups = yes
> > >
> > >         # ACL support on member server
> > >         # vfs objects = acl_xattr
> > >         map acl inherit = Yes
> > >         # store dos attributes = Yes
> > >
> > >         # user Administrator workaround
> > >         username map = /srv/samba/etc/samba_usermap
> > >
> > >         pid directory = /var/run/samba
> > >
> > >         # log management
> > >         max log size = 50000
> > >         log level = 3
> > >         log file = /var/log/samba/%U.%m.log
> > >
> > >         unix charset = ISO-8859-15
> > >         dos charset = ISO-8859-15
> > >
> > >
> > > -----------------------------------
> > > Stéphane PURNELLE           Admin. Systèmes et Réseaux
> > > Service Informatique       Corman S.A.       Tel : 00 32 (0)87/342467
> > >
> > > Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 
> > 10:22:07:
> > >
> > > > De : Rowland Penny <rowlandpenny at googlemail.com>
> > > > A : Stéphane PURNELLE <stephane.purnelle at corman.be>, 
> > samba at lists.samba.org,
> > > > Date : 30/01/2014 10:22
> > > > Objet : Re: [Samba] getent passwd and winbind not work
> > > >
> > > > On 30/01/14 09:18, Stéphane PURNELLE wrote:
> > > > > Yes I need rfc2307.  it's for a file server not a DC
> > > > >
> > > > > user will not connect to this server, it's just for manage ACL 
> > on file
> > > > > server
> > > > >
> > > > > AND I TEST WINBIND
> > > > >
> > > > > -----------------------------------
> > > > > Stéphane PURNELLE             Admin. Systèmes et Réseaux
> > > > > Service Informatique       Corman S.A.         Tel : 00 32 
> > (0)87/342467
> > > > >
> > > > > samba-bounces at lists.samba.org wrote on 30/01/2014 09:58:24:
> > > > >
> > > > >> De : L.P.H. van Belle <belle at bazuin.nl>
> > > > >> A : samba at lists.samba.org <samba at lists.samba.org>,
> > > > >> Date : 30/01/2014 09:56
> > > > >> Objet : Re: [Samba] getent passwd and winbind not work
> > > > >> Envoyé par : samba-bounces at lists.samba.org
> > > > >>
> > > > >> 2 things.
> > > > >>
> > > > >> 1) do you need the RFC2307.
> > > > >> 2) is username/homedir/shell sufficient.
> > > > >> then look at nsswitch.conf and libpam-ldap nss-ldap
> > > > >> try at least add winbind to nsswitch.conf
> > > > >>
> > > > >>
> > > > >> Greetz,
> > > > >>
> > > > >> Louis
> > > > >>
> > > > >>
> > > > >>
> > > > >>> -----Oorspronkelijk bericht-----
> > > > >>> Van: sven.schwedas at tao.at
> > > > >>> [mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
> > > > >>> Verzonden: donderdag 30 januari 2014 8:39
> > > > >>> Aan: samba at lists.samba.org
> > > > >>> Onderwerp: Re: [Samba] getent passwd and winbind not work
> > > > >>>
> > > > >>> Are the required RFC2307 attributes for posixUser/posixGroup
> > > > >>> entries set
> > > > >>> (cf. winbind manpages)?
> > > > >>>
> > > > >>> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
> > > > >>>> Hi,
> > > > >>>>
> > > > >>>> I test (replacement of nslcd ) winbind in member server.
> > > > >>>>
> > > > >>>> I used Samba4/Winbind howto and howto for member server.
> > > > >>>>
> > > > >>>> wbinfo -u and wbinfo -g work fine but getent passwd not work
> > > > >>> (getent not
> > > > >>>> list user from AD)
> > > > >>>>
> > > > >>>> Why ?
> > > > >>>> Anyone have a idea ?
> > > > >>>>
> > > > >>>> thx
> > > > >>>>
> > > > >>>>          Stéphane
> > > > >>>>
> > > > >>>> -----------------------------------
> > > > >>>> Stéphane PURNELLE                 Admin. Systèmes et Réseaux
> > > > >>>> Service Informatique       Corman S.A.           Tel : 00 32
> > > > >>> (0)87/342467
> > > > >>> --
> > > > >>> Mit freundlichen Grüßen, / Best Regards,
> > > > >>> Sven Schwedas
> > > > >>> Systemadministrator
> > > > >>> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> > > > >>> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
> > > > >>> http://software.tao.at <http://software.tao.at/>
> > > > >>>
> > > > >>> --
> > > > >>> To unsubscribe from this list go to the following URL and read the
> > > > >>> instructions: https://lists.samba.org/mailman/options/samba
> > > > >>>
> > > > >> --
> > > > >> To unsubscribe from this list go to the following URL and read the
> > > > >> instructions: https://lists.samba.org/mailman/options/samba
> > > > Could you please post a copy of your smb.conf?
> > > >
> > > > Rowland
> > > >
> > > Hi Stephane, Do your users have uidNumbers inside 1000-40000? if not
> > > then getent will not show them, same for groups, also I would
> > > probably raise the lower end of the range, if your OS starts local
> > > users from 1000 you will not be able to add any local users (I think).
> > >
> > > Rowland
> OK, so comparing your smb.conf to the domain member howto page should 
> mean that it works, obviously for you it doesn't. I take it that you are 
> running samba4 in classic mode i.e. smbd, nmbd & winbindd daemons are 
> all running.
> 
> This is exactly the reason why I use that package that I cannot name, 

No, no. I think _you_ can mention it. Only I can't. Try it maybe?
HTH
Steve

> though now I am testing winbind in 'netlogon proxy only mode' as well.
> 
> I think that one of the devs is going to have to help you here, because 
> I cannot see where you are going wrong, you seem to be doing everything 
> right.
> 
> Rowland

More information about the samba mailing list