[Samba] Noob question: user moved to a OU dissapear from getent, but groups don't

Rowland Penny rowlandpenny at googlemail.com
Tue Apr 21 10:56:05 MDT 2015 

On 21/04/15 17:45, Daniel Carrasco Marín wrote:
> Hi, first of all i'm sorry for my english.
>
> I'm triyng to migrate a Samba 3.6 domain to Samba 4 and I've a question
> about OU and Winbind:

How are you trying to migrate the domain ?

>
> OU affects to something more besides GPO in AD and Winbind?. Because I've
> moved all users to an OU and all less one (strangely) have dissapear from
> "getent passwd" and the other SO tools.
> If i run "wbinfo -u" all users are showed but I've tried a lot of things
> like:
>
>     - Reboot
>     - Restart Winbind and Samba daemons
>     - Stop daemons, clear winbind cache and start daemons again.
>     - Move the users back to "Users" folder and repeat the above steps.
>
> But none of above has worked. Finally i've restored the server to an old
> state to make it work again.
>
> I've done something wrong?. I've to configure something to make the winbind
> read the OU?
>
> Now i've moved some disabled users to a new OU and have dissapear from
> getent, then the problem still there.
>
>
> Here's my samba cfg:
>
> [global]
>          workgroup = CASA
>          realm = casa.red
>          netbios name = PDC.CASA.RED
>          server string = %h server
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
>          idmap_ldb:use rfc2307 = yes
>          preferred master = Yes
>          domain master = Yes
>          wins support = Yes
>          encrypt passwords = yes
>
>
>          # Winbind para mostrar grupos y usuarios del dominio en Linux
>          winbind nss info = rfc2307
>          winbind enum users = Yes
>          winbind enum groups = Yes
>          winbind use default domain = Yes
>          winbind refresh tickets = Yes
>          winbind nested groups = No
>          winbind separator = +
>          winbind normalize names = yes
>
>          idmap config CASA : backend  = ad
>          idmap config * : backend = tdb
>          idmap config * : range =  1000-20000000
>
>          # Desactivar Cups en este servidor
>          printcap name = /etc/printcap
>          load printers = no
>
>          name resolve order = wins hosts lmhosts bcast
>
>
> ¡¡Thanks!!

What do you think you have ?
An AD DC or a member server ?
If it is  an AD DC, please put the smb.conf back to what it was, just 
after the upgrade (provided you ran the classicupgrade)
If it is supposed to be a member server, remove the 'service role' & 
'server services' lines.

Rowland

More information about the samba mailing list