[Samba] getent not listing domain accounts

Rowland penny rpenny at samba.org
Sat Jan 30 12:16:32 UTC 2016 

On 30/01/16 11:55, Henry McLaughlin wrote:
> root at aphrodite:~# getent passwd administrator

On a domain member this is quite correct, what you are missing from your 
smb.conf is something like this line:

username map = /etc/samba/samba_usermapping

with 'samba_usermapping' containing:

!root = SAMDOM\Administrator SAMDOM\administrator

NOTE: replace 'SAMDOM' with your domain name.

Try adding a user with a uidNumber (probably containing 10000 as this 
would seem to be your first real user) and ensure Domain Users has a 
gidNumber (you can again use 10000)

Rowland
> root at aphrodite:~# wbinfo -u
> administrator
> krbtgt
> guest
>
>
> root at aphrodite:~# cat /etc/samba/smb.conf
> [global]
>
>         netbios name = APHRODITE
>         security = ADS
>         workgroup = DOMAIN
>         realm = AD.DOMAIN.COM.AU
>
>         log file = /var/log/samba/%m.log
>         log level = 1
>
>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>         winbind refresh tickets = yes
>
>         winbind trusted domains only = no
>         winbind use default domain = yes
>         winbind enum users  = yes
>         winbind enum groups = yes
>
>         # Important: The ranges of the default (*) idmap config
>         # and the domain(s) must not overlap!
>
>         # Default idmap config used for BUILTIN and local accounts/groups
>         idmap config *:backend = tdb
>         idmap config *:range = 2000-9999
>
>         # idmap config for domain DOMAIN
>         idmap config DOMAIN:backend = rid
>         idmap config DOMAIN:range = 10000-99999
>
>         # Use template settings for login shell and home directory
>         winbind nss info = template
>         template shell = /sbin/bash
>         template homedir = /home/%U
> root at aphrodite:~#
>
>
> root at aphrodite:~# cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
>
> hosts:          files dns
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
> root at aphrodite:~#

More information about the samba mailing list