[Samba] Getent passwd doesn't show Domain Members

Achim Gottinger achim at ag-web.biz
Tue Jul 19 16:28:10 UTC 2016 


Am 19.07.2016 um 16:55 schrieb Timo Dachs-Wegmann:
> We already tried this without success...
>
>
> Kind regards
>
> Timo Dachs-Wegmann
> -EDV-
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland penny
> Gesendet: Dienstag, 19. Juli 2016 16:30
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Getent passwd doesn't show Domain Members
>
> On 19/07/16 13:28, Timo Dachs-Wegmann wrote:
>> Dear Support-Team,
>>
>> i have a problem regarding the function of winbind on a samba4 Active Directory Domain Controller.
>>
>> I installed samba4 from the standard debian sources.
>> Made the domain provisioning and installed Kerberos.
>> After that I installed winbind and linked the libnss_winbind.so.2 -> libnss_winbind.so.
>> Wbinfo -u and wbinfo -g do work properly.
>>
>> The strange thing is, that
>> "getent passwd administrator" gives back this line:
>> "administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
>> So it seems that winbind is working properly, but getent passwd alone doesn't show the local users (same for getent group).
>>
>> Can you help me with this?
>>
>> I tried several tutorials and I read a lot of mails regarding this topic but I didn’t find a good answer to my problem.
>> I installed it in a lot of different orders (first winbind then samba, first Kerberos then samba and then winbind... etc) after a lot of different instructions.
>>
>> Samba config:
>> [global]
>> 	workgroup = PROCITEC
>> 	realm = PROCITEC.DE
>> 	netbios name = SAMBAPRO
>> 	server role = active directory domain controller
>> 	dns forwarder = 192.168.0.1
>> 	idmap_ldb:use rfc2307 = yes
>> 	registry shares = yes
>> 	template homedir = /srv/samba/%D/%U
>>
>> I edited the nsswitch.conf:
>> passwd:         compat winbind
>> group:          compat winbind
>>
>> If you need further information please don’t hesitate to contact me
>>
>> Kind regards
>>
>> Timo Dachs-Wegmann
>>
>>
>>
>>
> Try adding:
>
> winbind enum users = yes
> winbind enum groups = yes
>
> to smb.conf and restart samba.
>
> Rowland
In my debian jessie test environment this does not work with jessies 4.2 
packages.
With backported 4.4.5 packages from sid it works.
Also on my production servers the enumeration of groups and users 
stopped working after the 4.1-4.2 upgrade (sernet packages). It did not 
cause issues there last few month.

achim~

More information about the samba mailing list