[Samba] getent not listing domain accounts

Henry McLaughlin henry at incred.com.au
Sat Jan 30 21:01:44 UTC 2016


On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote:

> On 30/01/16 11:55, Henry McLaughlin wrote:
>
>> root at aphrodite:~# getent passwd administrator
>>
>
> On a domain member this is quite correct, what you are missing from your
> smb.conf is something like this line:
>
> username map = /etc/samba/samba_usermapping
>
> with 'samba_usermapping' containing:
>
> !root = SAMDOM\Administrator SAMDOM\administrator
>
> NOTE: replace 'SAMDOM' with your domain name.
>
> Try adding a user with a uidNumber (probably containing 10000 as this
> would seem to be your first real user) and ensure Domain Users has a
> gidNumber (you can again use 10000)
>
> Rowland
>


Thanks Rowland (once again)

with the usermapping in the smb.conf file and it's associated  file there
are still no domain accounts returned from getent (user or group)

Regarding UIDs & GIDs I understood the advantage of using RID what that
there were no UIDs or GIDs required as they are calculated on the run based
upon SID. Accordingly do I still need to add them as I am using RID ?

root at aphrodite:~# wbinfo -u
>> administrator
>> krbtgt
>> guest
>>
>>
>> root at aphrodite:~# cat /etc/samba/smb.conf
>> [global]
>>
>>         netbios name = APHRODITE
>>         security = ADS
>>         workgroup = DOMAIN
>>         realm = AD.DOMAIN.COM.AU
>>
>>         log file = /var/log/samba/%m.log
>>         log level = 1
>>
>>         dedicated keytab file = /etc/krb5.keytab
>>         kerberos method = secrets and keytab
>>         winbind refresh tickets = yes
>>
>>         winbind trusted domains only = no
>>         winbind use default domain = yes
>>         winbind enum users  = yes
>>         winbind enum groups = yes
>>
>>         # Important: The ranges of the default (*) idmap config
>>         # and the domain(s) must not overlap!
>>
>>         # Default idmap config used for BUILTIN and local accounts/groups
>>         idmap config *:backend = tdb
>>         idmap config *:range = 2000-9999
>>
>>         # idmap config for domain DOMAIN
>>         idmap config DOMAIN:backend = rid
>>         idmap config DOMAIN:range = 10000-99999
>>
>>         # Use template settings for login shell and home directory
>>         winbind nss info = template
>>         template shell = /sbin/bash
>>         template homedir = /home/%U
>> root at aphrodite:~#
>>
>>
>> root at aphrodite:~# cat /etc/nsswitch.conf
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages installed,
>> try:
>> # `info libc "Name Service Switch"' for information about this file.
>>
>> passwd:         compat winbind
>> group:          compat winbind
>> shadow:         compat
>>
>> hosts:          files dns
>> networks:       files
>>
>> protocols:      db files
>> services:       db files
>> ethers:         db files
>> rpc:            db files
>>
>> netgroup:       nis
>> root at aphrodite:~#
>>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


More information about the samba mailing list