[Samba] getent passwd and winbind not work

Rowland Penny rowlandpenny at googlemail.com
Thu Jan 30 05:21:19 MST 2014


On 30/01/14 10:07, Stéphane PURNELLE wrote:
> In fact, uidNumber of users in my AD start at 1000.
>
> The minor number in range of smb.conf equal the lower uidNumber in my AD.
>
> no local user needed... if yes, I will force a uidNumber lower than 1000.
>
> -----------------------------------
> Stéphane PURNELLE         Admin. Systèmes et Réseaux
> Service Informatique       Corman S.A.     Tel : 00 32 (0)87/342467
>
> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 10:41:13:
>
> > De : Rowland Penny <rowlandpenny at googlemail.com>
> > A : Stéphane PURNELLE <stephane.purnelle at corman.be>, sambalist
> > <samba at lists.samba.org>,
> > Date : 30/01/2014 10:41
> > Objet : Re: [Samba] getent passwd and winbind not work
> >
> > On 30/01/14 09:30, Stéphane PURNELLE wrote:
> > Hi Rowland,
> >
> > My smb.conf (global part)
> >
> > # Global parameters
> > [global]
> >         workgroup = XXXXXX
> >         realm = xxxxxxdom.int-xxxxxx.be
> >         netbios name = admin01
> >
> >         security = ADS
> >         encrypt passwords = yes
> >
> >         idmap config *:backend = tdb
> >         idmap config *:range = 50000-51000
> >
> >         idmap config XXXXXX:backend = ad
> >         idmap config XXXXXX:schema_mode = rfc2307
> >         idmap config XXXXXX:range = 1000-40000
> >
> >         winbind nss info = rfc2307
> >         winbind trusted domains only = no
> >         winbind use default domain = yes
> >         winbind enum users = yes
> >         winbind enum groups = yes
> >
> >         # ACL support on member server
> >         # vfs objects = acl_xattr
> >         map acl inherit = Yes
> >         # store dos attributes = Yes
> >
> >         # user Administrator workaround
> >         username map = /srv/samba/etc/samba_usermap
> >
> >         pid directory = /var/run/samba
> >
> >         # log management
> >         max log size = 50000
> >         log level = 3
> >         log file = /var/log/samba/%U.%m.log
> >
> >         unix charset = ISO-8859-15
> >         dos charset = ISO-8859-15
> >
> >
> > -----------------------------------
> > Stéphane PURNELLE           Admin. Systèmes et Réseaux
> > Service Informatique       Corman S.A.       Tel : 00 32 (0)87/342467
> >
> > Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 
> 10:22:07:
> >
> > > De : Rowland Penny <rowlandpenny at googlemail.com>
> > > A : Stéphane PURNELLE <stephane.purnelle at corman.be>, 
> samba at lists.samba.org,
> > > Date : 30/01/2014 10:22
> > > Objet : Re: [Samba] getent passwd and winbind not work
> > >
> > > On 30/01/14 09:18, Stéphane PURNELLE wrote:
> > > > Yes I need rfc2307.  it's for a file server not a DC
> > > >
> > > > user will not connect to this server, it's just for manage ACL 
> on file
> > > > server
> > > >
> > > > AND I TEST WINBIND
> > > >
> > > > -----------------------------------
> > > > Stéphane PURNELLE             Admin. Systèmes et Réseaux
> > > > Service Informatique       Corman S.A.         Tel : 00 32 
> (0)87/342467
> > > >
> > > > samba-bounces at lists.samba.org wrote on 30/01/2014 09:58:24:
> > > >
> > > >> De : L.P.H. van Belle <belle at bazuin.nl>
> > > >> A : samba at lists.samba.org <samba at lists.samba.org>,
> > > >> Date : 30/01/2014 09:56
> > > >> Objet : Re: [Samba] getent passwd and winbind not work
> > > >> Envoyé par : samba-bounces at lists.samba.org
> > > >>
> > > >> 2 things.
> > > >>
> > > >> 1) do you need the RFC2307.
> > > >> 2) is username/homedir/shell sufficient.
> > > >> then look at nsswitch.conf and libpam-ldap nss-ldap
> > > >> try at least add winbind to nsswitch.conf
> > > >>
> > > >>
> > > >> Greetz,
> > > >>
> > > >> Louis
> > > >>
> > > >>
> > > >>
> > > >>> -----Oorspronkelijk bericht-----
> > > >>> Van: sven.schwedas at tao.at
> > > >>> [mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
> > > >>> Verzonden: donderdag 30 januari 2014 8:39
> > > >>> Aan: samba at lists.samba.org
> > > >>> Onderwerp: Re: [Samba] getent passwd and winbind not work
> > > >>>
> > > >>> Are the required RFC2307 attributes for posixUser/posixGroup
> > > >>> entries set
> > > >>> (cf. winbind manpages)?
> > > >>>
> > > >>> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
> > > >>>> Hi,
> > > >>>>
> > > >>>> I test (replacement of nslcd ) winbind in member server.
> > > >>>>
> > > >>>> I used Samba4/Winbind howto and howto for member server.
> > > >>>>
> > > >>>> wbinfo -u and wbinfo -g work fine but getent passwd not work
> > > >>> (getent not
> > > >>>> list user from AD)
> > > >>>>
> > > >>>> Why ?
> > > >>>> Anyone have a idea ?
> > > >>>>
> > > >>>> thx
> > > >>>>
> > > >>>>          Stéphane
> > > >>>>
> > > >>>> -----------------------------------
> > > >>>> Stéphane PURNELLE                 Admin. Systèmes et Réseaux
> > > >>>> Service Informatique       Corman S.A.           Tel : 00 32
> > > >>> (0)87/342467
> > > >>> --
> > > >>> Mit freundlichen Grüßen, / Best Regards,
> > > >>> Sven Schwedas
> > > >>> Systemadministrator
> > > >>> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
> > > >>> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
> > > >>> http://software.tao.at <http://software.tao.at/>
> > > >>>
> > > >>> --
> > > >>> To unsubscribe from this list go to the following URL and read the
> > > >>> instructions: https://lists.samba.org/mailman/options/samba
> > > >>>
> > > >> --
> > > >> To unsubscribe from this list go to the following URL and read the
> > > >> instructions: https://lists.samba.org/mailman/options/samba
> > > Could you please post a copy of your smb.conf?
> > >
> > > Rowland
> > >
> > Hi Stephane, Do your users have uidNumbers inside 1000-40000? if not
> > then getent will not show them, same for groups, also I would
> > probably raise the lower end of the range, if your OS starts local
> > users from 1000 you will not be able to add any local users (I think).
> >
> > Rowland
OK, I do not know if this is relevant, but Volker has just posted a 
patch over on samba-technical to get the idmap_ad module built by 
default. Is it possible that the reason that Stephane, myself and others 
cannot get the idmap ad backend to work on Samba4, is just down to the 
required code not getting built?

Rowland


More information about the samba mailing list