[Samba] getent not listing domain accounts
Rowland penny
rpenny at samba.org
Sun Jan 31 20:58:42 UTC 2016
On 31/01/16 20:54, Andre Freire wrote:
> Hi,
>
> If your system is Debian use:
>
> ln -s /usr/local/samba/lib/libnss_winbind.so /lib/x86_64-linux-gnu/
> ln -s /lib/x86_64-linux-gnu/libnss_winbind.so
> /lib/x86_64-linux-gnu/libnss_winbind.so.2
>
> And "getent passwd" will show the domain users. Maybe you need restart
> de server.
>
> Att,
> Este e-mail foi enviado por um computador sem vírus e protegido pelo
> Avast.
> www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
>
>
>
> André Freire
> Sócio Diretor
> E-mail: andre.freire at hotfixtecnologia.com.br
> <mailto:andre.freire at hotfixtecnologia.com.br>
> skype: andrefreire.hf
> Tel: (71)9381-7372
>
>
> 2016-01-31 7:03 GMT-02:00 Rowland penny <rpenny at samba.org
> <mailto:rpenny at samba.org>>:
>
> On 31/01/16 02:07, Henry McLaughlin wrote:
>
> On 31 January 2016 at 08:32, Rowland penny <rpenny at samba.org
> <mailto:rpenny at samba.org>> wrote:
>
> On 30/01/16 21:01, Henry McLaughlin wrote:
>
> On 30 January 2016 at 23:16, Rowland penny
> <rpenny at samba.org <mailto:rpenny at samba.org>> wrote:
>
>
> Thanks Rowland (once again)
>
> with the usermapping in the smb.conf file and it's
> associated file there
> are still no domain accounts returned from getent
> (user or group)
>
> The root usermapping has nothing to do with getent, but
> you need it on
> domain member to change file & directory ACLs from a
> windows machine.
>
>
> Regarding UIDs & GIDs I understood the advantage of
> using RID what that
> there were no UIDs or GIDs required as they are
> calculated on the run
> based
> upon SID. Accordingly do I still need to add them as I
> am using RID ?
>
> No, I was in rush to go somewhere and missed the word
> 'rid', sorry :-)
> But getent still won't show anything for the users you
> posted i.e.
> Administrator, krbtgt and guest, they come under the
> heading of builtin
> users and will be mapped to numbers from the range
> '2000-9999' and as such
> will not be shown by getent.
>
> Try adding a new domain user, this user should get a RID
> of 1000 or above,
> the idmap_rid backend should calculate the users UID from
> 'ID = RID -
> BASE_RID + LOW_RANGE_ID', so if his RID is 1000, this becomes:
>
> ID = 1000 - 0 + 10000
> ID = 11000
> This is what 'getent passwd domainuser' should return,
> there is however
> another gotcha, the later versions (I forget at which
> version it started
> from) of Samba do not return any domain users if you just
> run 'getent
> passwd', you must ask for the user by name i.e. 'getent
> passwd domainuser'
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and
> read the
> instructions: https://lists.samba.org/mailman/options/samba
>
> Still no success:
>
> root at aphrodite:~# wbinfo -u
> henry
> administrator
> krbtgt
> guest
> root at aphrodite:~# getent passwd henry
> root at aphrodite:~# id henry
> id: henry: no such user
> root at aphrodite:~#
>
>
> What OS are you using and what version of Samba ?
>
> This should work for 'henry', so it may be that PAM isn't setup
> correctly.
>
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
Seeing as the OPs smb.conf is in /etc/samba, I don't think that is going
to work.
Rowland
More information about the samba
mailing list