[Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all

Emmanuel Florac eflorac at intellique.com
Sat Feb 18 16:41:06 UTC 2017 

Le Sat, 18 Feb 2017 13:18:53 +0000
Rowland Penny via samba <samba at lists.samba.org> écrivait:

> On Sat, 18 Feb 2017 13:50:52 +0100
> Emmanuel Florac via samba <samba at lists.samba.org> wrote:
> 
> > Le Sat, 18 Feb 2017 13:20:52 +0100
> > Emmanuel Florac via samba <samba at lists.samba.org> écrivait:
> > 
> > 
> > I've added 
> > 
> > idmap config * : backend = tdb
> > idmap config * : range = 10000-30000
> > 
> > to smb.conf, and now 'wbinfo -i TESTDOMAIN\\user' returns correct
> > ids.  
> 
> Don't rely on 'wbinfo' it is meaningless to the underlying OS, use
> 'getent' instead.
> 

OK, but getent and id return with error (id: no such user, getent:
return code 2). On the systems I've previously set up similarly
(Wheezy/Samba 3.6), id and getent work.

> > 
> > I've found in the FAQ a mention of this, however it's obsolete:  
> 
> Which FAQ, where ?
> 

This one:
https://wiki.samba.org/index.php/FAQ

> > 
> > I have set up a domain member using the idmap_ad backend, but getent
> > passwd and getent group does not show users or groups  
> 
> This is correct, think about it, what if you 500,000 users or more ?

What about 'getent passwd SOMEUSER' ? shouldn't it work?

> > These options are not recognized by 'testparm'. 
> > 
> >   
> 
> Yes they are.

Obviously not in the standard Debian stable version (4.2.14) at least:

# testparm 
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "winbind enumerate users"
Ignoring unknown parameter "winbind enumerate users"
Unknown parameter encountered: "winbind enumerate groups"
Ignoring unknown parameter "winbind enumerate groups"
Processing section "[DATA]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions


-- 
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac at intellique.com>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: Signature digitale OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20170218/a0bc96a8/attachment.sig>

More information about the samba mailing list