[Samba] new users not seen with getent passwd

Thu Nov 6 03:06:49 MST 2014

On 06/11/14 09:22, Stefan Kania wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> I migrated a samba3 with openLDAP to Samba 4 (sernet package 4.13). I
> can see all migrated users on all DCs and fileservers with "wbinfo -u"
> and "getent passwd" and all informations for a single user with
> "getent passwd <username>" and "wbinfo -i <username>".
>
> Now, after migration, if I create a new user, I can see the new user
> in the list of "wbinfo -u" on all systems. BUT I can only see the
> information with "wbinfo -u <newuser>" and "getent passwd <newuser> on
> the two DCs but not on the fileserver.
> The new user also not appears in the list when in use "getent passwd"
> on the fileserver.
> If I do a "getent passwd <newuser>" I get a empty line.

OK, how are you creating the new users ?

Also, lets see if I understand what you are saying:

If you run 'wbinfo -u' on ANY Linux machine in the domain, you get a 
list of domain users, amongst which is your new user.
If you run 'wbinfo -u <newuser>' on the DC, you get the users info.
If you run 'wbinfo -u <newuser>' on the fileserver, you get nothing.

Have you added 'winbind' to the passwd & group lines in /etc/nssswitch.conf

What OS is your DC running on, can you please post the smb.conf from 
your DC.

Rowland

> If I do a
> "wbinfo -i <newuser>" I get the following:
> - ---------
> root at SVL-V-5:~# wbinfo -i ntd\\stka
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user ntd\stka
> - ---------
> For an migrated user I see the following:
> - ---------
> root at SVL-V-5:~# wbinfo -i ntd\\bila
> NTD\bila:*:103216:100513:bila:/home/NTD/bila:/bin/bash
> - ---------
>
> Here is the global-part of smb.conf of the fileserver:
> - ----------
> [global]
>          workgroup = NTD
>          realm = EGF.NTD
>          security = ADS
>          wins server = 192.168.0.230
>          registry shares = Yes
>          template shell = /bin/bash
>          winbind enum users = Yes
>          winbind enum groups = Yes
>          winbind refresh tickets = Yes
>          idmap config ntd : backend = rid
>          idmap config ntd : range = 100000-199999
>          idmap config * : range = 1000000-1999999
>          idmap config * : backend = tdb
>          map acl inherit = Yes
>          store dos attributes = Yes
>          vfs objects = acl_xattr
>
> - ----------
>
> A "chown <newuser> <file> is also not possible. With existing users it
> works.
>
>
> I tried to clear the cache with "net cache flush" and nothing changed.
>
> What can I do next?
>
>
> Thanks
>
> Stefan
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iEYEARECAAYFAlRbPeUACgkQ2JOGcNAHDTZTfwCfbOMs4xEjFlJuxK2KLI7GKfRH
> Q/IAoMMqgCFyp0N+5olm+BomrRm789YJ
> =O4Uy
> -----END PGP SIGNATURE-----