[Samba] getent group empty response

Deniz Eren denizlist at denizeren.net
Thu Sep 18 02:23:35 MDT 2014 

>On 18/09/14 07:56, Deniz Eren wrote:
>>* We have two domain controllers, one parent(DOMAIN.COM <http://DOMAIN.COM> <http://domain.com/ <http://domain.com/>>)
*>>* and one child(CHILD.DOMAIN.COM <http://CHILD.DOMAIN.COM>
<http://child.domain.com/ <http://child.domain.com/>>). When two
domain
*>>* controllers are up "getent group" returns group names correctly. But when
*>>* child domain controller is down "getent group" returns empty. My samba
*>>* version is "3.6.22". I have added my smb.conf I couldn't find any
*>>* parameters affecting this problem. Am I missing something in smb.conf? Or
*>>* is there a workaround to solve this problem?
*>>>>>>* smb.conf
*>>* -------------------------------
*>>* [global]
*>>*     netbios name = BUILD2
*>>*     realm = DOMAIN.COM <http://DOMAIN.COM> <http://domain.com/
<http://domain.com/>>
*>>*     workgroup = DOMAIN
*>>*     security = ads
*>>*     encrypt passwords = yes
*>>*     password server = 10.0.0.59
*>>*     log level = 1
*>>*     log file = /var/log/samba.log
*>>*     ldap ssl = no
*>>*     idmap uid = 10000-20000
*>>*     idmap gid = 10000-20000
*>>>>*     winbind separator = /
*>>*     winbind enum users = yes
*>>*     winbind enum groups = yes
*>>*     winbind use default domain = yes
*>>>>*     domain master = no
*>>*     local master = no
*>>*     preferred master = no
*>>>>*     template shell = /sbin/nologin
*>>>>*     getwd cache = yes
*>>*     winbind cache time = 3000
*>>*     ldap connection timeout = 10
*>>*     ldap timeout = 120
*>>* -------------------------------
*>>>>* This issue is like mine "
*>>* https://lists.samba.org/archive/samba/2010-June/156813.html
<https://lists.samba.org/archive/samba/2010-June/156813.html>".
*>Hi, the smb.conf you have posted seems to be for a client, Just what is
>it pointed at, an NT4 style PDC, a Samba4 AD DC or what? I think that
>you are going to have to give us a bit more info.
>
>Rowland

It is pointed to Windows 2008r2 Server serving as AD Domain PDC whose
name is DOMAIN.COM. Also another Windows2008r2 Server exists with name
CHILD.DOMAIN.COM which is child domain of DOMAIN.COM.

More information about the samba mailing list