[Samba] getent passwd and getent group reporting only local users

Mario Pio Russo mariopiorusso at ie.ibm.com
Tue May 19 08:22:43 MDT 2015 

Good day all

I am working with samba4.2.1 DC, created after upgrading from samba3

the DC works fine, however the commands :

"getent passwd" and "getent group"

reports only local users.

however I am able to see all the id from the ccdc domain with the command
"id"

root at ccdc-samba4:~# id rocheian
uid=3439(rocheian) gid=513(domain users) groups=513(domain users),871
(smbconnectionssupport),759(domainusers),3000004(BUILTIN\users)


furthermore the command "wbinfo -u -g" is able to show All the users and
group from the domaiun

my smb.conf is the following

# Global parameters
[global]
        workgroup = CCDC
        realm = CCDC.LAN
        netbios name = CCDC-SAMBA4
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 9.0.138.50
        #server services = -winbindd +winbind
        ##For debugging
        #dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
backupkey, dnsserver, remote, winreg, srvsvc
        #auth methods = sam, winbind, ntdomain, ntdomain:winbind

        idmap config CCDC:backend = ad
        idmap config CCDC:schema_mode = rfc2307
        idmap config CCDC:range = 10-4000000

        # Store UIDs/GIDs for all other domains (including local
        # accounts/groups of this server) in a tdb file
        idmap config *:backend = tdb
        idmap config *:range = 2000000000-9999999

        # Use home directory and shell information from AD
        winbind nss info = rfc2307



[netlogon]
        path = /var/lib/samba/sysvol/ccdc.lan/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


and my nsswitch.conf is the following:


# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


Note that if i uncomment the following line from the smb.conf:

 #server services = -winbindd +winbind

and reboot samba service, then getent works perfectlly fine, however I need
that config line as without it my linux machines are not able to join the
domain.

any help is welcome

thanks!
___________________________________________________________________________________________

Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
815 2236, eMail: mariopiorusso at ie.ibm.com
IBM Ireland Product Distribution Limited registered in Ireland with number
92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4

(Embedded image moved to file: pic40191.gif)

More information about the samba mailing list