[Samba] getent not listing domain accounts

Rowland penny rpenny at samba.org
Sat Jan 30 21:32:49 UTC 2016

On 30/01/16 21:01, Henry McLaughlin wrote:
> On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote:
> Thanks Rowland (once again)
> with the usermapping in the smb.conf file and it's associated  file there
> are still no domain accounts returned from getent (user or group)

The root usermapping has nothing to do with getent, but you need it on 
domain member to change file & directory ACLs from a windows machine.

> Regarding UIDs & GIDs I understood the advantage of using RID what that
> there were no UIDs or GIDs required as they are calculated on the run based
> upon SID. Accordingly do I still need to add them as I am using RID ?

No, I was in rush to go somewhere and missed the word 'rid', sorry :-)
But getent still won't show anything for the users you posted i.e. 
Administrator, krbtgt and guest, they come under the heading of builtin 
users and will be mapped to numbers from the range '2000-9999' and as 
such will not be shown by getent.

Try adding a new domain user, this user should get a RID of 1000 or 
above, the idmap_rid backend should calculate the users UID from 'ID = 
RID - BASE_RID + LOW_RANGE_ID', so if his RID is 1000, this becomes:

ID = 1000 - 0 + 10000
ID = 11000
This is what 'getent passwd domainuser' should return, there is however 
another gotcha, the later versions (I forget at which version it started 
from) of Samba do not return any domain users if you just run 'getent 
passwd', you must ask for the user by name i.e. 'getent passwd domainuser'


More information about the samba mailing list