[Samba] getent not listing domain accounts
rpenny at samba.org
Sat Jan 30 21:32:49 UTC 2016
On 30/01/16 21:01, Henry McLaughlin wrote:
> On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote:
> Thanks Rowland (once again)
> with the usermapping in the smb.conf file and it's associated file there
> are still no domain accounts returned from getent (user or group)
The root usermapping has nothing to do with getent, but you need it on
domain member to change file & directory ACLs from a windows machine.
> Regarding UIDs & GIDs I understood the advantage of using RID what that
> there were no UIDs or GIDs required as they are calculated on the run based
> upon SID. Accordingly do I still need to add them as I am using RID ?
No, I was in rush to go somewhere and missed the word 'rid', sorry :-)
But getent still won't show anything for the users you posted i.e.
Administrator, krbtgt and guest, they come under the heading of builtin
users and will be mapped to numbers from the range '2000-9999' and as
such will not be shown by getent.
Try adding a new domain user, this user should get a RID of 1000 or
above, the idmap_rid backend should calculate the users UID from 'ID =
RID - BASE_RID + LOW_RANGE_ID', so if his RID is 1000, this becomes:
ID = 1000 - 0 + 10000
ID = 11000
This is what 'getent passwd domainuser' should return, there is however
another gotcha, the later versions (I forget at which version it started
from) of Samba do not return any domain users if you just run 'getent
passwd', you must ask for the user by name i.e. 'getent passwd domainuser'
More information about the samba