[Samba] getent passwd and winbind not work

Brady, Mike mike.brady at devnull.net.nz
Thu Jan 30 10:44:28 MST 2014


On 2014-01-30 23:07, Stéphane PURNELLE wrote:
> In fact, uidNumber of users in my AD start at 1000.
> 
> The minor number in range of smb.conf equal the lower uidNumber in my 
> AD.
> 
> no local user needed... if yes, I will force a uidNumber lower than 
> 1000.
> 
> -----------------------------------
> Stéphane PURNELLE                         Admin. Systèmes et Réseaux
> Service Informatique       Corman S.A.           Tel : 00 32 
> (0)87/342467
> 
> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014 
> 10:41:13:
> 
>> De : Rowland Penny <rowlandpenny at googlemail.com>
>> A : Stéphane PURNELLE <stephane.purnelle at corman.be>, sambalist
>> <samba at lists.samba.org>,
>> Date : 30/01/2014 10:41
>> Objet : Re: [Samba] getent passwd and winbind not work
>> 
>> On 30/01/14 09:30, Stéphane PURNELLE wrote:
>> Hi Rowland,
>> 
>> My smb.conf (global part)
>> 
>> # Global parameters
>> [global]
>>         workgroup = XXXXXX
>>         realm = xxxxxxdom.int-xxxxxx.be
>>         netbios name = admin01
>> 
>>         security = ADS
>>         encrypt passwords = yes
>> 
>>         idmap config *:backend = tdb
>>         idmap config *:range = 50000-51000
>> 
>>         idmap config XXXXXX:backend = ad
>>         idmap config XXXXXX:schema_mode = rfc2307
>>         idmap config XXXXXX:range = 1000-40000
>> 
>>         winbind nss info = rfc2307
>>         winbind trusted domains only = no
>>         winbind use default domain = yes
>>         winbind enum users = yes
>>         winbind enum groups = yes
>> 
>>         # ACL support on member server
>>         # vfs objects = acl_xattr
>>         map acl inherit = Yes
>>         # store dos attributes = Yes
>> 
>>         # user Administrator workaround
>>         username map = /srv/samba/etc/samba_usermap
>> 
>>         pid directory = /var/run/samba
>> 
>>         # log management
>>         max log size = 50000
>>         log level = 3
>>         log file = /var/log/samba/%U.%m.log
>> 
>>         unix charset = ISO-8859-15
>>         dos charset = ISO-8859-15
>> 
>> 
>> -----------------------------------
>> Stéphane PURNELLE                         Admin. Systèmes et Réseaux
>> Service Informatique       Corman S.A.           Tel : 00 32
> (0)87/342467
>> 
>> Rowland Penny <rowlandpenny at googlemail.com> wrote on 30/01/2014
> 10:22:07:
>> 
>> > De : Rowland Penny <rowlandpenny at googlemail.com>
>> > A : Stéphane PURNELLE <stephane.purnelle at corman.be>,
> samba at lists.samba.org,
>> > Date : 30/01/2014 10:22
>> > Objet : Re: [Samba] getent passwd and winbind not work
>> >
>> > On 30/01/14 09:18, Stéphane PURNELLE wrote:
>> > > Yes I need rfc2307.  it's for a file server not a DC
>> > >
>> > > user will not connect to this server, it's just for manage ACL on
> file
>> > > server
>> > >
>> > > AND I TEST WINBIND
>> > >
>> > > -----------------------------------
>> > > Stéphane PURNELLE                         Admin. Systèmes et Réseaux
>> > > Service Informatique       Corman S.A.           Tel : 00 32
> (0)87/342467
>> > >
>> > > samba-bounces at lists.samba.org wrote on 30/01/2014 09:58:24:
>> > >
>> > >> De : L.P.H. van Belle <belle at bazuin.nl>
>> > >> A : samba at lists.samba.org <samba at lists.samba.org>,
>> > >> Date : 30/01/2014 09:56
>> > >> Objet : Re: [Samba] getent passwd and winbind not work
>> > >> Envoyé par : samba-bounces at lists.samba.org
>> > >>
>> > >> 2 things.
>> > >>
>> > >> 1) do you need the RFC2307.
>> > >> 2) is username/homedir/shell sufficient.
>> > >> then look at nsswitch.conf and libpam-ldap nss-ldap
>> > >> try at least add winbind to nsswitch.conf
>> > >>
>> > >>
>> > >> Greetz,
>> > >>
>> > >> Louis
>> > >>
>> > >>
>> > >>
>> > >>> -----Oorspronkelijk bericht-----
>> > >>> Van: sven.schwedas at tao.at
>> > >>> [mailto:samba-bounces at lists.samba.org] Namens Sven Schwedas
>> > >>> Verzonden: donderdag 30 januari 2014 8:39
>> > >>> Aan: samba at lists.samba.org
>> > >>> Onderwerp: Re: [Samba] getent passwd and winbind not work
>> > >>>
>> > >>> Are the required RFC2307 attributes for posixUser/posixGroup
>> > >>> entries set
>> > >>> (cf. winbind manpages)?
>> > >>>
>> > >>> On 2014-01-29 17:47, Stéphane PURNELLE wrote:
>> > >>>> Hi,
>> > >>>>
>> > >>>> I test (replacement of nslcd ) winbind in member server.
>> > >>>>
>> > >>>> I used Samba4/Winbind howto and howto for member server.
>> > >>>>
>> > >>>> wbinfo -u and wbinfo -g work fine but getent passwd not work
>> > >>> (getent not
>> > >>>> list user from AD)
>> > >>>>
>> > >>>> Why ?
>> > >>>> Anyone have a idea ?
>> > >>>>
>> > >>>> thx
>> > >>>>
>> > >>>>          Stéphane
>> > >>>>
>> > >>>> -----------------------------------
>> > >>>> Stéphane PURNELLE                         Admin. Systèmes et
> Réseaux
>> > >>>> Service Informatique       Corman S.A.           Tel : 00 32
>> > >>> (0)87/342467
>> > >>> --
>> > >>> Mit freundlichen Grüßen, / Best Regards,
>> > >>> Sven Schwedas
>> > >>> Systemadministrator
>> > >>> TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
>> > >>> Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
>> > >>> http://software.tao.at
>> > >>>
>> > >>> --
>> > >>> To unsubscribe from this list go to the following URL and read the
>> > >>> instructions:  https://lists.samba.org/mailman/options/samba
>> > >>>
>> > >> --
>> > >> To unsubscribe from this list go to the following URL and read the
>> > >> instructions:  https://lists.samba.org/mailman/options/samba
>> > Could you please post a copy of your smb.conf?
>> >
>> > Rowland
>> >
>> Hi Stephane, Do your users have uidNumbers inside 1000-40000? if not
>> then getent will not show them, same for groups, also I would
>> probably raise the lower end of the range, if your OS starts local
>> users from 1000 you will not be able to add any local users (I think).
>> 
>> Rowland

Stephane

Have you added winbind to the passwd and group lines in nsswitch.conf?

Mike


More information about the samba mailing list