[Samba] Domain member server: user access
Rowland Penny
rpenny at samba.org
Mon Sep 25 15:33:25 UTC 2017
On Mon, 25 Sep 2017 17:10:57 +0200
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2017-09-25 um 17:04 schrieb Rowland Penny via samba:
>
> > How many times do I have to say this, 'wbinfo' connects directly to
> > AD. To show that your users & groups are known to Unix, you MUST use
> > 'getent'
>
> I am sorry.
>
> So you want me to do:
>
This is strange.
> DC # getent group "domain users"
> ARBEITSGRUPPE\domain users:x:100:
If I turn off winbind in /etc/nsswitch and run 'getent group "Domain
Users"' I get nothing returned, even though there is this in idmap.ldb
dn: CN=S-1-5-21-1768301897-3342589593-1064908849-513
cn: S-1-5-21-1768301897-3342589593-1064908849-513
objectClass: sidMap
objectSid: S-1-5-21-1768301897-3342589593-1064908849-513
type: ID_TYPE_GID
xidNumber: 100
distinguishedName: CN=S-1-5-21-1768301897-3342589593-1064908849-513
>
> DM # getent group "domain users"
> domain users:x:10513
Whereas with winbind in /etc/nsswitch.conf on both machines, I get the
same result.
I always set up libnss-winbind on DCs and use the 'ad' backend on Unix
domain members. So, I cannot remember if this is how a DC works if
you don't setup PAM and libnss_winbind on a DC, but I don't think it
is.
Rowland
More information about the samba
mailing list