[Samba] winbind -u works, getent passwd dont't work
basti
mailinglist at unix-solution.de
Mon Jan 30 13:33:03 UTC 2017
The getent passwd works for now on my ads member, thanks a lot.
I think I have an other problem. ("FOO" is the short domain)
AD DC:
getent passwd | tail -2
FOO\sone:*:2057:513:some one:/home/FOO/sone:/bin/false
FOO\user:*:2029:513:System User:/home/FOO/user:/bin/false
vs.
AD Member
FOO\sone:*:4294967295:4294967295:some one:/home/FOO/sone:/bin/false
FOO\user:*:4294967295:4294967295:System User:/home/FOO/user:/bin/false
UID and GID on AD member is always the same.
My smb.conf on AD member:
root at rtr-01:~# cat /etc/samba/smb.conf
[global]
netbios name = rtr-01
security = ads
workgroup = FOO
realm = FOO
log file = /var/log/samba/%m.log
log level = 2
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
idmap config * : backend = ldap
idmap config * : range = 3000-7999
# fix LDAP connection error
ldap server require strong auth = No
interfaces = lo eth0
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
domain master = no
local master = no
preferred master = no
os level = 0
On 30.01.2017 13:27, Rowland Penny via samba wrote:
> On Mon, 30 Jan 2017 13:19:41 +0100
> basti via samba <samba at lists.samba.org> wrote:
>
>>
>> on the AD DC getent passwd username works
>> on AD member getent passwd username dones not work
>>
>> wbinfo works on both
>>
>
> Please post your smb.conf from the DC and the domain member.
>
> Rowland
>
More information about the samba
mailing list