[Samba] getent passwd and winbind not work
Brady, Mike
mike.brady at devnull.net.nz
Thu Jan 30 10:44:28 MST 2014
On 2014-01-30 23:07, Stéphane PURNELLE wrote:
> In fact, uidNumber of users in my AD start at 1000.
>
> The minor number in range of smb.conf equal the lower uidNumber in my
> AD.
>
> no local user needed... if yes, I will force a uidNumber lower than
> 1000.
>
> -----------------------------------
> Stéphane PURNELLE Admin. Systèmes et Réseaux
> Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
>
> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014
> 10:41:13:
>
>> De : Rowland Penny <rowlandpenny at googlemail.com>
>> A : Stéphane PURNELLE <stephane.purnelle at corman.be>, sambalist
>> <samba at lists.samba.org>,
>> Date : 30/01/2014 10:41
>> Objet : Re: [Samba] getent passwd and winbind not work
>>
>> On 30/01/14 09:30, Stéphane PURNELLE wrote:
>> Hi Rowland,
>>
>> My smb.conf (global part)
>>
>> # Global parameters
>> [global]
>> workgroup = XXXXXX
>> realm = xxxxxxdom.int-xxxxxx.be
>> netbios name = admin01
>>
>> security = ADS
>> encrypt passwords = yes
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 50000-51000
>>
>> idmap config XXXXXX:backend = ad
>> idmap config XXXXXX:schema_mode = rfc2307
>> idmap config XXXXXX:range = 1000-40000
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> # ACL support on member server
>> # vfs objects = acl_xattr
>> map acl inherit = Yes
>> # store dos attributes = Yes
>>
>> # user Administrator workaround
>> username map = /srv/samba/etc/samba_usermap
>>
>> pid directory = /var/run/samba
>>
>> # log management
>> max log size = 50000
>> log level = 3
>> log file = /var/log/samba/%U.%m.log
>>
>> unix charset = ISO-8859-15
>> dos charset = ISO-8859-15
>>
>>
>> -----------------------------------
>> Stéphane PURNELLE Admin. Systèmes et Réseaux
>> Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
>>
>> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014
> 10:22:07:
>>
>> > De : Rowland Penny <rowlandpenny at googlemail.com>
>> > A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> samba at lists.samba.org,
>> > Date : 30/01/2014 10:22
>> > Objet : Re: [Samba] getent passwd and winbind not work
>> >
>> > On 30/01/14 09:18, Stéphane PURNELLE wrote:
>> > > Yes I need rfc2307. it's for a file server not a DC
>> > >
>> > > user will not connect to this server, it's just for manage ACL on
> file
>> > > server
>> > >
>> > > AND I TEST WINBIND
>> > >
>> > > -----------------------------------
>> > > Stéphane PURNELLE Admin. Systèmes et Réseaux
>> > > Service Informatique Corman S.A. Tel : 00 32
> (0)87/342467
>> > >
>> > > samba-bounces at lists.samba.org wrote on 30/01/2014 09:58:24:
>> > >
>> > >> De : L.P.H. van Belle <belle at bazuin.nl>
>> > >> A : samba at lists.samba.org <samba at lists.samba.org>,
>> > >> Date : 30/01/2014 09:56
>> > >> Objet : Re: [Samba] getent passwd and winbind not work
>> > >> Envoyé par : samba-bounces at lists.samba.org
>> > >>
>> > >> 2 things.
>> > >>
>> > >> 1) do you need the RFC2307.
>> > >> 2) is username/homedir/shell sufficient.
>> > >> then look at nsswitch.conf and libpam-ldap nss-ldap
>> > >> try at least add winbind to nsswitch.conf
>> > >>
>> > >>
>> > >> Greetz,
>> > >>
>> > >> Louis
>> > >>
>> > >>
>> > >>
>> > >>> -----Oorspronkelijk bericht-----
>> > >>> Van: sven.schwedas at tao.at
>> > >>> [mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
>> > >>> Verzonden: donderdag 30 januari 2014 8:39
>> > >>> Aan: samba at lists.samba.org
>> > >>> Onderwerp: Re: [Samba] getent passwd and winbind not work
>> > >>>
>> > >>> Are the required RFC2307 attributes for posixUser/posixGroup
>> > >>> entries set
>> > >>> (cf. winbind manpages)?
>> > >>>
>> > >>> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
>> > >>>> Hi,
>> > >>>>
>> > >>>> I test (replacement of nslcd ) winbind in member server.
>> > >>>>
>> > >>>> I used Samba4/Winbind howto and howto for member server.
>> > >>>>
>> > >>>> wbinfo -u and wbinfo -g work fine but getent passwd not work
>> > >>> (getent not
>> > >>>> list user from AD)
>> > >>>>
>> > >>>> Why ?
>> > >>>> Anyone have a idea ?
>> > >>>>
>> > >>>> thx
>> > >>>>
>> > >>>> Stéphane
>> > >>>>
>> > >>>> -----------------------------------
>> > >>>> Stéphane PURNELLE Admin. Systèmes et
> Réseaux
>> > >>>> Service Informatique Corman S.A. Tel : 00 32
>> > >>> (0)87/342467
>> > >>> --
>> > >>> Mit freundlichen Grüßen, / Best Regards,
>> > >>> Sven Schwedas
>> > >>> Systemadministrator
>> > >>> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
>> > >>> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
>> > >>> http://software.tao.at
>> > >>>
>> > >>> --
>> > >>> To unsubscribe from this list go to the following URL and read the
>> > >>> instructions: https://lists.samba.org/mailman/options/samba
>> > >>>
>> > >> --
>> > >> To unsubscribe from this list go to the following URL and read the
>> > >> instructions: https://lists.samba.org/mailman/options/samba
>> > Could you please post a copy of your smb.conf?
>> >
>> > Rowland
>> >
>> Hi Stephane, Do your users have uidNumbers inside 1000-40000? if not
>> then getent will not show them, same for groups, also I would
>> probably raise the lower end of the range, if your OS starts local
>> users from 1000 you will not be able to add any local users (I think).
>>
>> Rowland
Stephane
Have you added winbind to the passwd and group lines in nsswitch.conf?
Mike
More information about the samba
mailing list