[Samba] AD Domain member - getent passwd truncated to only 18 users

L.P.H. van Belle belle at bazuin.nl
Thu Dec 13 13:35:04 UTC 2018 

I think its good to know the OS first since the range  500-65300 might overlap the system id's

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Rowland Penny via samba
> Verzonden: donderdag 13 december 2018 14:05
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] AD Domain member - getent passwd 
> truncated to only 18 users
> 
> On Thu, 13 Dec 2018 10:32:04 -0200
> Marcio Vogel Merlone dos Santos via samba 
> <samba at lists.samba.org> wrote:
> 
> > Em 12/12/2018 17:39, Rowland Penny via samba escreveu:
> > > The above lines are only applicable for Samba >= 4.6.0
> > > Add: winbind nss info = rfc2307
> > > remove the last two lines, see here for more info:
> > >
> > > https://wiki.samba.org/index.php/Idmap_config_ad
> > 
> > Oh, God! Vacation is coming... Thank you for such obvious 
> correction.
> > 
> > BUT
> > 
> > I edited smb.conf the right way, removed winbindd_idmap.tdb and 
> > winbindd_cache.tdb and restarted daemons. Now I get rfc2307 
> info from
> > AD and not from template. And still, 'getent passwd' 
> returns only 18 
> > accounts from AD.
> > 
> > root at marte:~# cat /etc/samba/smb.conf
> > [global]
> >      security = ADS
> >      netbios name = Marte
> >      realm = AD.TLD
> > 
> >      workgroup = A1
> > 
> >      log file = /var/log/samba/%m.log
> >      log level = 1
> > 
> >      winbind use default domain = yes
> >      idmap config * : backend = tdb
> >      idmap config * : range = 70000-70999
> > 
> >      idmap config A1 :backend = ad
> >      idmap config A1 :schema_mode = rfc2307
> >      idmap config A1 :range = 500-65300
> >      # idmap config A1 :unix_nss_info = yes
> >      # idmap config A1 :unix_primary_group = yes
> > 
> >      username map = /etc/samba/user.map
> > 
> >      local master = no
> >      domain master = no
> >      preferred master = no
> >      dns proxy = no
> >      encrypt passwords = yes
> >      winbind use default domain = yes
> >      winbind offline logon = false
> >      winbind nss info = rfc2307
> >      winbind separator = +
> >      winbind enum users = Yes
> >      winbind enum groups = Yes
> >      password server = eucalipto.ad.TLD
> > root at marte:~#
> > 
> > 
> 
> Do all your users have a uidNumber attribute ?
> Have you done anything strange, such as changing the users primary
> group ID ?
> 
> It should work (well it does for me)
> 
> Rowland
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list