[Samba] getent passwd and getent group reporting only local users
Denis Cardon
denis.cardon at tranquil-it-systems.fr
Tue May 19 08:49:12 MDT 2015
Hi Mario,
> Good day all
>
> I am working with samba4.2.1 DC, created after upgrading from samba3
>
> the DC works fine, however the commands :
>
> "getent passwd" and "getent group"
>
> reports only local users.
from https://wiki.samba.org/index.php/Samba_4.2_Features_added/changed
"""
winbindd does not list group memberships for display purposes (e.g.
getent group <domain\<group>) anymore by default.
The new default is "winbind expand groups = 0" now, the reason
for this is the same as for "winbind enum users = no" and "winbind enum
groups = no". Providing this information is not always reliably
possible, e.g. if there are trusted domains.
"""
Cheers,
Denis
>
> however I am able to see all the id from the ccdc domain with the command
> "id"
>
> root at ccdc-samba4:~# id rocheian
> uid=3439(rocheian) gid=513(domain users) groups=513(domain users),871
> (smbconnectionssupport),759(domainusers),3000004(BUILTIN\users)
>
>
> furthermore the command "wbinfo -u -g" is able to show All the users and
> group from the domaiun
>
> my smb.conf is the following
>
> # Global parameters
> [global]
> workgroup = CCDC
> realm = CCDC.LAN
> netbios name = CCDC-SAMBA4
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 9.0.138.50
> #server services = -winbindd +winbind
> ##For debugging
> #dcerpc endpoint servers = epmapper, wkssvc, rpcecho, samr,
> netlogon, lsarpc, spoolss, drsuapi, dssetup, unixinfo, browser, eventlog6,
> backupkey, dnsserver, remote, winreg, srvsvc
> #auth methods = sam, winbind, ntdomain, ntdomain:winbind
>
> idmap config CCDC:backend = ad
> idmap config CCDC:schema_mode = rfc2307
> idmap config CCDC:range = 10-4000000
>
> # Store UIDs/GIDs for all other domains (including local
> # accounts/groups of this server) in a tdb file
> idmap config *:backend = tdb
> idmap config *:range = 2000000000-9999999
>
> # Use home directory and shell information from AD
> winbind nss info = rfc2307
>
>
>
> [netlogon]
> path = /var/lib/samba/sysvol/ccdc.lan/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
>
> and my nsswitch.conf is the following:
>
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: compat winbind
> group: compat winbind
> shadow: compat winbind
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
>
> Note that if i uncomment the following line from the smb.conf:
>
> #server services = -winbindd +winbind
>
> and reboot samba service, then getent works perfectlly fine, however I need
> that config line as without it my linux machines are not able to join the
> domain.
>
> any help is welcome
>
> thanks!
> ___________________________________________________________________________________________
>
> Mario Pio Russo, System Admin SWG IT Services Dublin, Phone & FAX: +353 1
> 815 2236, eMail: mariopiorusso at ie.ibm.com
> IBM Ireland Product Distribution Limited registered in Ireland with number
> 92815. Registered Office: IBM House, Shelbourne Road, Ballsbridge, Dublin 4
>
> (Embedded image moved to file: pic40191.gif)
>
>
>
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
More information about the samba
mailing list