[Samba] wbinfo -u does not return users from trusted domains
Rowland Penny
rpenny at samba.org
Mon Jan 16 15:56:18 UTC 2017
On Mon, 16 Jan 2017 16:11:28 +0100
Piotr Kandziora via samba <samba at lists.samba.org> wrote:
> Hi,
>
> I'm using samba 4.4.9 in an environment with trusted domains (windows
> 2k12R2; domain names: res.local, sub.res.local, res2.local).
>
> When I use getent passwd/group I can get list of users/groups from all
> domains (res, sub, res2).
>
> However, when I use wbinfo -u/-g I get list of users/groups only from
> the native domain I am connected to (res).
>
> I'am able to fetch users/groups using wbinfo -u/-g --domain=RES2/SUB
> and authenticate with users from all domains (only wbinfo -u/-g does
> not return full list of users/groups).
>
> Is this a known issue, anyone came across this?
>
> Part of smb.conf:
>
> idmap backend = tdb
> winbind cache time = 300
> winbindd privileged socket directory =
> /var/lib/samba/winbindd_privileged
> winbindd socket directory = /var/run/samba/winbindd
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind expand groups = 0
> winbind max clients = 200
> winbind max domain connections = 1
> winbind nested groups = Yes
> winbind normalize names = No
> winbind nss info = template
> winbind offline logon = No
> winbind reconnect delay = 30
> winbind refresh tickets = Yes
> winbind request timeout = 200
> winbind rpc only = No
> winbind sealed pipes = Yes
> winbind separator = +
> winbind trusted domains only = No
> winbind use default domain = No
>
>
> Best regards,
> Piotr K
I think you need to read 'man idmap_ad' & 'man idmap_rid' , also
reading 'man smb.conf' would be a good idea. Most of the smb.conf lines
you have posted are the defaults and 'idmap backend' was deprecated
quite some time ago.
Rowland
More information about the samba
mailing list