[Samba] getent not displaying builtin groups or users

niya levi niyalevi at gmail.com
Wed Nov 2 22:00:57 UTC 2016 

hi Roland

> On Tue, 1 Nov 2016 11:00:15 +0000
> niya levi via samba <samba at lists.samba.org> wrote:
>
>> hi everyone
>>
>> i have configured 2 domain controllers and a domain member
>>
>> the domain member is joined to the domain and
>>
>> ad and rfc2307 is configured for idmap backend,
>>
>> wbinfo returns domain builtins for groups and users on both the member
>> servers an the dc's
>>
>> nsswitch.conf is configured with winbind,
>>
>> getent only returns local users and groups, is getent also suppose to
>> return the builtins without me setting any unix attributes in the ad ?
>>
>> shadrock
>>
>>
>>
>>
> No, getent only returns users and groups that it can find and, on a unix
> machine, this means using either the 'rid' backend ( and you still
> don't get all the BUILTIN's) or the 'ad' backend. If you use the 'ad'
> backend, you will only get users & groups with uid/gidNumbers.
>
> Rowland
>
>
i don't think i'm explaining myself properly

from my reading of setup samba as a domain member on the wiki

under the section using domain accounts/groups in OS commands

it shows getent groups displaying 'domain users' and 'domain admin' in
the list

which you can then use with the chown command,

neither the domain controllers or the member displays these groups with
getent

these are the idmap and winbind lines in the smb.conf on the member

                idmap config *:backend = tdb
                idmap config *:range = 70001-80000
                idmap config TISSISAT:backend = ad
                idmap config TISSISAT:schema_mode = rfc2307
                idmap config TISSISAT:range = 3000000-4000000

                winbind nss info = rfc2307
                winbind trusted domains only = no
                winbind use default domain = yes
                winbind enum users  = yes
                winbind enum groups = yes
                winbind nested groups = yes
                winbind refresh tickets = yes
                winbind expand groups = 4
                winbind offline logon = yes
                winbind cache time = 300
and nsswitch.conf on the domain conrollers and the member has

                passwd: files winbind
                group: files winbind

and smb.conf on the domain controllers has

                idmap_ldb:use rfc2307 = yes

do i need to include the winbind lines on the domain controllers ?

shadrock

More information about the samba mailing list