[Samba] getent passwd user no output, addc + dm

Rowland Penny rpenny at samba.org
Fri Feb 17 13:18:35 UTC 2017

On Fri, 17 Feb 2017 07:02:23 -0600
Lin Pro <linforpros at gmail.com> wrote:

> Hi, thank for the reply. Here is the smb.conf on the Domain Member
> [global]
> idmap uid = 10000-20000
> idmap gid = 10000-20000

Remove  the above lines, they are replaced by the 'idmap config' lines
and you shouldn't have both.

> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes

You might as well remove these, they are the default settings.

> I added "password server" thinking that it will help, to no avail.

You should let Samba find the password server, so you should remove it.

> Anythink else I should be aware of?
> The worst thing is I tried with prestine fedora image, done everything
> along the lines of the wiki for Domain Member and was stopped at the
> same issue. What is wrong?
> What does successful net ads join -U administrator tell us? Shouldn't
> it check for winbind?

I think you are falling into thinking because 'wbinfo -u' is working
(by the way, this shows winbind is working) that 'getent passwd user'
will as well, without doing anything else.
You are using the winbind 'ad' backend, do your users have a
'uidNumber' attribute containing a unique number inside the range
'10000-999999' ?
Does 'Domain Users' have a 'gidNumber' attribute inside the same range ?


More information about the samba mailing list