[Samba] getent not listing domain accounts

Rowland penny rpenny at samba.org
Sun Jan 31 09:03:23 UTC 2016

On 31/01/16 02:07, Henry McLaughlin wrote:
> On 31 January 2016 at 08:32, Rowland penny <rpenny at samba.org> wrote:
>> On 30/01/16 21:01, Henry McLaughlin wrote:
>>> On 30 January 2016 at 23:16, Rowland penny <rpenny at samba.org> wrote:
>>> Thanks Rowland (once again)
>>> with the usermapping in the smb.conf file and it's associated  file there
>>> are still no domain accounts returned from getent (user or group)
>> The root usermapping has nothing to do with getent, but you need it on
>> domain member to change file & directory ACLs from a windows machine.
>>> Regarding UIDs & GIDs I understood the advantage of using RID what that
>>> there were no UIDs or GIDs required as they are calculated on the run
>>> based
>>> upon SID. Accordingly do I still need to add them as I am using RID ?
>> No, I was in rush to go somewhere and missed the word 'rid', sorry :-)
>> But getent still won't show anything for the users you posted i.e.
>> Administrator, krbtgt and guest, they come under the heading of builtin
>> users and will be mapped to numbers from the range '2000-9999' and as such
>> will not be shown by getent.
>> Try adding a new domain user, this user should get a RID of 1000 or above,
>> the idmap_rid backend should calculate the users UID from 'ID = RID -
>> BASE_RID + LOW_RANGE_ID', so if his RID is 1000, this becomes:
>> ID = 1000 - 0 + 10000
>> ID = 11000
>> This is what 'getent passwd domainuser' should return, there is however
>> another gotcha, the later versions (I forget at which version it started
>> from) of Samba do not return any domain users if you just run 'getent
>> passwd', you must ask for the user by name i.e. 'getent passwd domainuser'
>> Rowland
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
> Still no success:
> root at aphrodite:~# wbinfo -u
> henry
> administrator
> krbtgt
> guest
> root at aphrodite:~# getent passwd henry
> root at aphrodite:~# id henry
> id: henry: no such user
> root at aphrodite:~#

What OS are you using and what version of Samba ?

This should work for 'henry', so it may be that PAM isn't setup correctly.


More information about the samba mailing list