[Samba] new users not seen with getent passwd

Rowland Penny rowlandpenny at googlemail.com
Thu Nov 6 04:10:28 MST 2014 

On 06/11/14 10:48, Stefan Kania wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Rowland,
>
> Am 06.11.2014 um 11:06 schrieb Rowland Penny:
>> On 06/11/14 09:22, Stefan Kania wrote: Hello,
>>
>> I migrated a samba3 with openLDAP to Samba 4 (sernet package 4.13).
>> I can see all migrated users on all DCs and fileservers with
>> "wbinfo -u" and "getent passwd" and all informations for a single
>> user with "getent passwd <username>" and "wbinfo -i <username>".
>>
>> Now, after migration, if I create a new user, I can see the new
>> user in the list of "wbinfo -u" on all systems. BUT I can only see
>> the information with "wbinfo -u <newuser>" and "getent passwd
>> <newuser> on the two DCs but not on the fileserver. The new user
>> also not appears in the list when in use "getent passwd" on the
>> fileserver. If I do a "getent passwd <newuser>" I get a empty
>> line.
>>
>>> OK, how are you creating the new users ?
> Either on the commandline with "samba-tool user create <newuser>" or
> over the RSAT from a windows-machine.

Nothing strange there.

>>> Also, lets see if I understand what you are saying:
>>> If you run 'wbinfo -u' on ANY Linux machine in the domain, you
>>> get a list of domain users, amongst which is your new user.
> Yes
>
>>> If you run 'wbinfo -u <newuser>' on the DC, you get the users
>>> info.
> yes "wbinfo -i <newuser>" gets me the userinfos on any DC
>
>>> If you run 'wbinfo -u <newuser>' on the fileserver, you get
>>> nothing.
> Yes here I get nothing with "wbinfo -i <newuser>" only the errormessage
>
>
>>> Have you added 'winbind' to the passwd & group lines in
>>> /etc/nssswitch.conf
> Yes, otherwise I would not seen any user with "getent passwd"

Well, I had to ask :-)

>>> What OS is your DC running on, can you please post the smb.conf
>>> from your DC.
> It a Debian 7 with the new SerNet Package 4.13
>
> here is the smb.conf from a DC:
>
> - -------
> [global]
>          workgroup = NTD
>          realm = egf.ntd
>          netbios name = SVL-V-AD1
>          server role = active directory domain controller
>          idmap_ldb:use rfc2307 = yes
>          dns forwarder = 192.168.0.248
>          wins support = yes
>          local master = yes
>          load printers = no
>          printing = bsd
>          printcap name = /dev/null
>          disable spoolss = yes
>
> - -------
>

This is strange, the join must be correct or you wouldn't be able to see 
the original users.

Try comparing users with:

ldbedit -e nano -H /var/lib/samba/private/sam.ldb "cn=old user"

and:

ldbedit -e nano -H /var/lib/samba/private/sam.ldb "cn=new user"

Are they virtually the same ?

Rowland


>>> Rowland
>> If I do a "wbinfo -i <newuser>" I get the following: ---------
>> root at SVL-V-5:~# wbinfo -i ntd\\stka failed to call wbcGetpwnam:
>> WBC_ERR_DOMAIN_NOT_FOUND Could not get info for user ntd\stka
>> --------- For an migrated user I see the following: ---------
>> root at SVL-V-5:~# wbinfo -i ntd\\bila
>> NTD\bila:*:103216:100513:bila:/home/NTD/bila:/bin/bash ---------
>>
>> Here is the global-part of smb.conf of the fileserver: ----------
>> [global] workgroup = NTD realm = EGF.NTD security = ADS wins server
>> = 192.168.0.230 registry shares = Yes template shell = /bin/bash
>> winbind enum users = Yes winbind enum groups = Yes winbind refresh
>> tickets = Yes idmap config ntd : backend = rid idmap config ntd :
>> range = 100000-199999 idmap config * : range = 1000000-1999999
>> idmap config * : backend = tdb map acl inherit = Yes store dos
>> attributes = Yes vfs objects = acl_xattr
>>
>> ----------
>>
>> A "chown <newuser> <file> is also not possible. With existing users
>> it works.
>>
>>
>> I tried to clear the cache with "net cache flush" and nothing
>> changed.
>>
>> What can I do next?
>>
>>
>> Thanks
>>
>> Stefan
>>
> - -- 
> Stefan Kania
> Landweg 13
> 25693 St. Michaelisdonn
>
>
> Signieren jeder E-Mail hilft Spam zu reduzieren. Signieren Sie ihre
> E-Mail. Weiter Informationen unter http://www.gnupg.org
>
> Mein Schlüssel liegt auf
>
> hkp://subkeys.pgp.net
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iEYEARECAAYFAlRbUhYACgkQ2JOGcNAHDTZ+DgCgkxfvrV3l+KW8ZH0YWz3bVMQi
> T08An0Qa/bCScqgSLAcOfvtpgHQ6xC7b
> =W4cH
> -----END PGP SIGNATURE-----

More information about the samba mailing list