[Samba] getent only displays local users & groups
Rowland Penny
rpenny at samba.org
Sat Nov 26 09:30:51 UTC 2016
On Sat, 26 Nov 2016 12:25:23 +1100
Henry <dercni at gmail.com> wrote:
> thanks again Rowland however I must have something wrong as I have
> double checked everything...
>
> Group: Domains Users has GID of 10000
> User: henry has UID of 10000
> can the user and group have the same number?
Yes, this is me on my Unix domain member:
rowland at devstation:~$ getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
> henry is a member of "Domain Users"
> /etc/nnswitch.conf has winbind the the passwd & group lines
> I have installed libnss-winbind and libpam-winbind on the member
> server.
>
> getent passwd henry => returns nothing
Ah, do you have this line in smb.conf:
winbind use default domain = yes
If not, try like this:
getent passwd SAMDOM\\henry
>
> I note when I click the "UNIX Attributes" tab for the group I
> initially receive a popup message of "Unwilling to Perform" and once I
> click OK it goes away and display the attributes. I do not get this on
> the user properties.
>
ADUC does funny things like that.
> Above you made the following comment:
> "Firstly 'getent passwd administrator' on a domain member shouldn't
> show anything (it does on a Samba AD DC), remember it is now mapped to
> root."
>
> I note on my DC getent passwd administrator => returns nothing, could
> this indicate the problem cause?
Unlikely, as I said, you need the PAM glue to get 'getent' to work,
without libnss-winbind & PAM, 'getent' will only show local users.
> As I have the user.map on the member server how would the DC know
> administrator is mapped to root?
It is mapped in idmap.ldb on the DC, if you open this in ldbedit,
i.e. ldbedit -e nano -H /usr/local/samba/private/idmap.ldb
You should find something like this:
dn: CN=S-1-5-21-1768301897-3342589593-1064908849-500
cn: S-1-5-21-1768301897-3342589593-1064908849-500
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-500
type: ID_TYPE_UID
xidNumber: 0
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-500
Administrator has the windows RID '500' and is mapped to the Unix ID
'0' and this is always 'root'
Rowland
More information about the samba
mailing list