[Samba] new users not seen with getent passwd
rowlandpenny at googlemail.com
Thu Nov 6 04:10:28 MST 2014
On 06/11/14 10:48, Stefan Kania wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Hi Rowland,
> Am 06.11.2014 um 11:06 schrieb Rowland Penny:
>> On 06/11/14 09:22, Stefan Kania wrote: Hello,
>> I migrated a samba3 with openLDAP to Samba 4 (sernet package 4.13).
>> I can see all migrated users on all DCs and fileservers with
>> "wbinfo -u" and "getent passwd" and all informations for a single
>> user with "getent passwd <username>" and "wbinfo -i <username>".
>> Now, after migration, if I create a new user, I can see the new
>> user in the list of "wbinfo -u" on all systems. BUT I can only see
>> the information with "wbinfo -u <newuser>" and "getent passwd
>> <newuser> on the two DCs but not on the fileserver. The new user
>> also not appears in the list when in use "getent passwd" on the
>> fileserver. If I do a "getent passwd <newuser>" I get a empty
>>> OK, how are you creating the new users ?
> Either on the commandline with "samba-tool user create <newuser>" or
> over the RSAT from a windows-machine.
Nothing strange there.
>>> Also, lets see if I understand what you are saying:
>>> If you run 'wbinfo -u' on ANY Linux machine in the domain, you
>>> get a list of domain users, amongst which is your new user.
>>> If you run 'wbinfo -u <newuser>' on the DC, you get the users
> yes "wbinfo -i <newuser>" gets me the userinfos on any DC
>>> If you run 'wbinfo -u <newuser>' on the fileserver, you get
> Yes here I get nothing with "wbinfo -i <newuser>" only the errormessage
>>> Have you added 'winbind' to the passwd & group lines in
> Yes, otherwise I would not seen any user with "getent passwd"
Well, I had to ask :-)
>>> What OS is your DC running on, can you please post the smb.conf
>>> from your DC.
> It a Debian 7 with the new SerNet Package 4.13
> here is the smb.conf from a DC:
> - -------
> workgroup = NTD
> realm = egf.ntd
> netbios name = SVL-V-AD1
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 192.168.0.248
> wins support = yes
> local master = yes
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> - -------
This is strange, the join must be correct or you wouldn't be able to see
the original users.
Try comparing users with:
ldbedit -e nano -H /var/lib/samba/private/sam.ldb "cn=old user"
ldbedit -e nano -H /var/lib/samba/private/sam.ldb "cn=new user"
Are they virtually the same ?
>> If I do a "wbinfo -i <newuser>" I get the following: ---------
>> root at SVL-V-5:~# wbinfo -i ntd\\stka failed to call wbcGetpwnam:
>> WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user ntd\stka
>> --------- For an migrated user I see the following: ---------
>> root at SVL-V-5:~# wbinfo -i ntd\\bila
>> NTD\bila:*:103216:100513:bila:/home/NTD/bila:/bin/bash ---------
>> Here is the global-part of smb.conf of the fileserver: ----------
>> [global] workgroup = NTD realm = EGF.NTD security = ADS wins server
>> = 192.168.0.230 registry shares = Yes template shell = /bin/bash
>> winbind enum users = Yes winbind enum groups = Yes winbind refresh
>> tickets = Yes idmap config ntd : backend = rid idmap config ntd :
>> range = 100000-199999 idmap config * : range = 1000000-1999999
>> idmap config * : backend = tdb map acl inherit = Yes store dos
>> attributes = Yes vfs objects = acl_xattr
>> A "chown <newuser> <file> is also not possible. With existing users
>> it works.
>> I tried to clear the cache with "net cache flush" and nothing
>> What can I do next?
> - --
> Stefan Kania
> Landweg 13
> 25693 St. Michaelisdonn
> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
> E-Mail. Weiter Informationen unter http://www.gnupg.org
> Mein Schlüssel liegt auf
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> -----END PGP SIGNATURE-----
More information about the samba