[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all

Emmanuel Florac eflorac at intellique.com
Sat Feb 18 12:50:52 UTC 2017

Le Sat, 18 Feb 2017 13:20:52 +0100
Emmanuel Florac via samba <samba at lists.samba.org> écrivait:

> I've got a Debian/Jessie Samba 4.2.14 running as an AD member. ADC is
> a Windows2008R2 server. Join worked without problem.
> # net ads testjoin
> Join is OK
> wbinfo -u and wbinfo -g work perfectly and provides a list of users
> and groups from the AD as expected. wbinfo -i <user> works too:
> # wbinfo -i TESTAD\\testuser
> TESTAD\testuser:*:4294967295:4294967295:testuser:/home/TESTAD/testuser:/bin/false
> Edit: something's wrong here, because wbinfo -i maps all users and
> groups to the id 4294967295 which is, as @TheSkunk remarked, 2^32 -1.

I've added 

idmap config * : backend = tdb
idmap config * : range = 10000-30000

to smb.conf, and now 'wbinfo -i TESTDOMAIN\\user' returns correct ids.

I've found in the FAQ a mention of this, however it's obsolete:

I have set up a domain member using the idmap_ad backend, but getent
passwd and getent group does not show users or groups

If you want to show all users and groups, you will need to add these
lines to smb.conf:

   winbind enumerate users = yes
   winbind enumerate groups = yes

These options are not recognized by 'testparm'. 

Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac at intellique.com>
                    |   +33 1 78 94 84 02

More information about the samba mailing list