[Samba] AD Domain member - getent passwd truncated to only 18 users
Rowland Penny
rpenny at samba.org
Thu Dec 13 13:05:21 UTC 2018
On Thu, 13 Dec 2018 10:32:04 -0200
Marcio Vogel Merlone dos Santos via samba <samba at lists.samba.org> wrote:
> Em 12/12/2018 17:39, Rowland Penny via samba escreveu:
> > The above lines are only applicable for Samba >= 4.6.0
> > Add: winbind nss info = rfc2307
> > remove the last two lines, see here for more info:
> >
> > https://wiki.samba.org/index.php/Idmap_config_ad
>
> Oh, God! Vacation is coming... Thank you for such obvious correction.
>
> BUT
>
> I edited smb.conf the right way, removed winbindd_idmap.tdb and
> winbindd_cache.tdb and restarted daemons. Now I get rfc2307 info from
> AD and not from template. And still, 'getent passwd' returns only 18
> accounts from AD.
>
> root at marte:~# cat /etc/samba/smb.conf
> [global]
> security = ADS
> netbios name = Marte
> realm = AD.TLD
>
> workgroup = A1
>
> log file = /var/log/samba/%m.log
> log level = 1
>
> winbind use default domain = yes
> idmap config * : backend = tdb
> idmap config * : range = 70000-70999
>
> idmap config A1 :backend = ad
> idmap config A1 :schema_mode = rfc2307
> idmap config A1 :range = 500-65300
> # idmap config A1 :unix_nss_info = yes
> # idmap config A1 :unix_primary_group = yes
>
> username map = /etc/samba/user.map
>
> local master = no
> domain master = no
> preferred master = no
> dns proxy = no
> encrypt passwords = yes
> winbind use default domain = yes
> winbind offline logon = false
> winbind nss info = rfc2307
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> password server = eucalipto.ad.TLD
> root at marte:~#
>
>
Do all your users have a uidNumber attribute ?
Have you done anything strange, such as changing the users primary
group ID ?
It should work (well it does for me)
Rowland
More information about the samba
mailing list