[Samba] new users not seen with getent passwd

Stefan Kania stefan at kania-online.de
Thu Nov 6 03:48:54 MST 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Rowland,

Am 06.11.2014 um 11:06 schrieb Rowland Penny:
> On 06/11/14 09:22, Stefan Kania wrote: Hello,
> 
> I migrated a samba3 with openLDAP to Samba 4 (sernet package 4.13).
> I can see all migrated users on all DCs and fileservers with
> "wbinfo -u" and "getent passwd" and all informations for a single
> user with "getent passwd <username>" and "wbinfo -i <username>".
> 
> Now, after migration, if I create a new user, I can see the new
> user in the list of "wbinfo -u" on all systems. BUT I can only see
> the information with "wbinfo -u <newuser>" and "getent passwd
> <newuser> on the two DCs but not on the fileserver. The new user
> also not appears in the list when in use "getent passwd" on the
> fileserver. If I do a "getent passwd <newuser>" I get a empty
> line.
> 
>> OK, how are you creating the new users ?
Either on the commandline with "samba-tool user create <newuser>" or
over the RSAT from a windows-machine.
> 
>> Also, lets see if I understand what you are saying:
> 
>> If you run 'wbinfo -u' on ANY Linux machine in the domain, you
>> get a list of domain users, amongst which is your new user.
Yes

>> If you run 'wbinfo -u <newuser>' on the DC, you get the users
>> info.
yes "wbinfo -i <newuser>" gets me the userinfos on any DC

>> If you run 'wbinfo -u <newuser>' on the fileserver, you get
>> nothing.
> 
Yes here I get nothing with "wbinfo -i <newuser>" only the errormessage


>> Have you added 'winbind' to the passwd & group lines in
>> /etc/nssswitch.conf
Yes, otherwise I would not seen any user with "getent passwd"
> 
>> What OS is your DC running on, can you please post the smb.conf
>> from your DC.
It a Debian 7 with the new SerNet Package 4.13

here is the smb.conf from a DC:

- -------
[global]
        workgroup = NTD
        realm = egf.ntd
        netbios name = SVL-V-AD1
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 192.168.0.248
        wins support = yes
        local master = yes
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

- -------


> 
>> Rowland
> 
> If I do a "wbinfo -i <newuser>" I get the following: --------- 
> root at SVL-V-5:~# wbinfo -i ntd\\stka failed to call wbcGetpwnam:
> WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user ntd\stka 
> --------- For an migrated user I see the following: --------- 
> root at SVL-V-5:~# wbinfo -i ntd\\bila 
> NTD\bila:*:103216:100513:bila:/home/NTD/bila:/bin/bash ---------
> 
> Here is the global-part of smb.conf of the fileserver: ---------- 
> [global] workgroup = NTD realm = EGF.NTD security = ADS wins server
> = 192.168.0.230 registry shares = Yes template shell = /bin/bash 
> winbind enum users = Yes winbind enum groups = Yes winbind refresh
> tickets = Yes idmap config ntd : backend = rid idmap config ntd :
> range = 100000-199999 idmap config * : range = 1000000-1999999 
> idmap config * : backend = tdb map acl inherit = Yes store dos
> attributes = Yes vfs objects = acl_xattr
> 
> ----------
> 
> A "chown <newuser> <file> is also not possible. With existing users
> it works.
> 
> 
> I tried to clear the cache with "net cache flush" and nothing
> changed.
> 
> What can I do next?
> 
> 
> Thanks
> 
> Stefan
> 

- -- 
Stefan Kania
Landweg 13
25693 St. Michaelisdonn


Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
E-Mail. Weiter Informationen unter http://www.gnupg.org

Mein Schlüssel liegt auf

hkp://subkeys.pgp.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlRbUhYACgkQ2JOGcNAHDTZ+DgCgkxfvrV3l+KW8ZH0YWz3bVMQi
T08An0Qa/bCScqgSLAcOfvtpgHQ6xC7b
=W4cH
-----END PGP SIGNATURE-----

More information about the samba mailing list