[Samba] wbinfo -u does not listed trusted users, wbinfo -n works
Gaiseric Vandal
gaiseric.vandal at gmail.com
Tue Dec 13 14:51:39 UTC 2016
Running a mix of samba versions (3.6.25 and 4.5.1) in two domains- one
"classic" (with samba domain controllers) and one AD (with windows
domain controllers.) The eventual goal is to drop the classic domain
in favor of the AD domain. Also trying to move from samba 3.x to 4.x
since Samba 3 is EOL'd.
the "wbinfo -u" command will list users in the servers domain but not
trusted domains. However the "wbinfo -n" comand (e.g. "wbinfo -n
TRUSTEDDOMAIN\username") does return the user's SID, and "getent passwd"
may be able to show the trusted user (depending on idmap config.)
Typical winbind settings are
# testparm -v | grep winbind
....
winbind separator = \
winbind cache time = 300
winbind reconnect delay = 30
winbind max clients = 200
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = No
winbind trusted domains only = No
winbind nested groups = Yes
winbind expand groups = 1
winbind nss info = template
winbind refresh tickets = No
winbind offline logon = No
winbind normalize names = No
winbind rpc only = No
winbind max domain connections = 1
#
Changing "winbind use default domain" or "winbind trusted domains only"
to yes will change the how the own domain users are displayed
("MYDOMAIN\username" vs "username")
Logs show errors about winbind not being able to to connect to either
the own or trusted domains when I restart the winbind svc. It seems
like winbind has issues when it starts but then future "wbinfo -n"
lookups do connect. "wbinfo -D TRUSTDOMAIN" works.
I used to run just samba 3.6.25 in classic domain. Trusts with AD
domains were fine uninstall the various BADLOCK related patches came out
for windows. Samba 3.6.25 with backported badlock patches seemed to
fix trusts issues with domains BUT broke windows client logins. I
think I just need to get away from samba 3 (and classic domains) or I
will continue to have issues with the latest versions of windows.
thanks
More information about the samba
mailing list