[Samba] AD Domain member - getent passwd truncated to only 18 users
Marcio Vogel Merlone dos Santos
marcio.merlone at a1.ind.br
Wed Dec 12 18:38:52 UTC 2018
Hi,
Due to some legacy php app I have to integrate an Ubuntu 14.04 server on
my AD structure. AD DC is a Ubuntu 18.04 with canonical packages running
Samba 4.7 (4.7.6+dfsg~ubuntu-0ubuntu2.5) and member server runs Samba
4.3 (4.3.11+dfsg-0ubuntu0.14.04.19).
After installing the 14.04 member server, installed samba packages and
dependencies according to wiki and no errors. I get all users on 'wbinfo
-u' but 'getent passwd' returns exactly 18 users only.
I run '/usr/sbin/winbindd -F -S -i --no-process-group -d 4', asked for
'getent passwd', got only those 18 users and I have "ads query_user_list
gave 235 entries" on winbindd output, which matches 'wbinfo -u | wc -l'.
Asking 'id someuser' not listed on getent fails, 'id'ing one of those 18
users works fine.
I have no idea what to check next, appreciate any help or hint. I added
winbind enum options and password server to smb.conf just for debug.
root at marte:~# cat /etc/nsswitch.conf
passwd: compat winbind
group: compat winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
sudoers files
root at marte:~#
root at marte:~# cat /etc/krb5.conf
[libdefaults]
default_realm = AD.TLD
[realms]
AD.TLD = {
kdc = eucalipto.ad.TLD
}
[domain_realm]
.TLD = AD.TLD
TLD = AD.TLD
.kerberos.server = AD.TLD
root at marte:~#
root at marte:~# cat /etc/samba/smb.conf
[global]
security = ADS
netbios name = Marte
realm = AD.TLD
workgroup = A1
log file = /var/log/samba/%m.log
log level = 1
winbind use default domain = yes
idmap config * : backend = tdb
idmap config * : range = 70000-70999
idmap config A1 :backend = ad
idmap config A1 :schema_mode = rfc2307
idmap config A1 :range = 500-65300
idmap config A1 :unix_nss_info = yes
idmap config A1 :unix_primary_group = yes
username map = /etc/samba/user.map
local master = no
domain master = no
preferred master = no
dns proxy = no
encrypt passwords = yes
winbind use default domain = yes
winbind offline logon = false
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
password server = eucalipto.ad.TLD
root at marte:~#
Thank you, best regards.
--
*Marcio Merlone*
More information about the samba
mailing list