[Samba] Getent passwd doesn't show Domain Members

Timo Dachs-Wegmann t.wegmann at procitec.de
Wed Jul 20 07:22:14 UTC 2016 

Okay, i tried to install the server without winbind but with libnss-winbind.

Still the same problem. Getent passwd administrator works but the result of getent passwd only shows local users.
This seems to be the same bug as achims. 
We are running a Debian 4.8 with samba 4.2 packages...

A few months ago I installed a test environement for samba with samba version 4.1.17. There the getent command works perfectly. So I guess this is a bug in the latest version...

Can I report this bug somewhere or is there a workaround? 

Kind regards

Timo Dachs-Wegmann
-EDV- 


-------------------------------------
PROCITEC GmbH Rastatter Strasse 41
D-75179 Pforzheim
Fon: +49 7231 15561-29
Fax: +49 7231 15561-11
Mailto: t.wegmann at procitec.de 

Mannheim HRB 504702
Geschäftsführer: Dipl.-Ing. (FH) Dipl.-Inf. (FH) Jens Heyen

-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Achim Gottinger
Gesendet: Dienstag, 19. Juli 2016 18:28
An: samba at lists.samba.org
Betreff: Re: [Samba] Getent passwd doesn't show Domain Members



Am 19.07.2016 um 16:55 schrieb Timo Dachs-Wegmann:
> We already tried this without success...
>
>
> Kind regards
>
> Timo Dachs-Wegmann
> -EDV-
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von 
> Rowland penny
> Gesendet: Dienstag, 19. Juli 2016 16:30
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Getent passwd doesn't show Domain Members
>
> On 19/07/16 13:28, Timo Dachs-Wegmann wrote:
>> Dear Support-Team,
>>
>> i have a problem regarding the function of winbind on a samba4 Active Directory Domain Controller.
>>
>> I installed samba4 from the standard debian sources.
>> Made the domain provisioning and installed Kerberos.
>> After that I installed winbind and linked the libnss_winbind.so.2 -> libnss_winbind.so.
>> Wbinfo -u and wbinfo -g do work properly.
>>
>> The strange thing is, that
>> "getent passwd administrator" gives back this line:
>> "administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
>> So it seems that winbind is working properly, but getent passwd alone doesn't show the local users (same for getent group).
>>
>> Can you help me with this?
>>
>> I tried several tutorials and I read a lot of mails regarding this topic but I didn’t find a good answer to my problem.
>> I installed it in a lot of different orders (first winbind then samba, first Kerberos then samba and then winbind... etc) after a lot of different instructions.
>>
>> Samba config:
>> [global]
>> 	workgroup = PROCITEC
>> 	realm = PROCITEC.DE
>> 	netbios name = SAMBAPRO
>> 	server role = active directory domain controller
>> 	dns forwarder = 192.168.0.1
>> 	idmap_ldb:use rfc2307 = yes
>> 	registry shares = yes
>> 	template homedir = /srv/samba/%D/%U
>>
>> I edited the nsswitch.conf:
>> passwd:         compat winbind
>> group:          compat winbind
>>
>> If you need further information please don’t hesitate to contact me
>>
>> Kind regards
>>
>> Timo Dachs-Wegmann
>>
>>
>>
>>
> Try adding:
>
> winbind enum users = yes
> winbind enum groups = yes
>
> to smb.conf and restart samba.
>
> Rowland
In my debian jessie test environment this does not work with jessies 4.2 packages.
With backported 4.4.5 packages from sid it works.
Also on my production servers the enumeration of groups and users stopped working after the 4.1-4.2 upgrade (sernet packages). It did not cause issues there last few month.

achim~


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list