[Samba] winbind behavior question
d tbsky
tbskyd at gmail.com
Thu Jul 19 15:44:48 UTC 2018
2018-07-19 23:18 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Thu, 19 Jul 2018 23:06:50 +0800
> d tbsky via samba <samba at lists.samba.org> wrote:
>
>> Hi:
>>
>> I have one samba 4.7/4.8 DC, one samba member file server (rhel 7.5
>> with samba 4.7.1), and one windows 7 member PC.
>>
>> if I create an account (my-account) in samba DC, I can not see it
>> in the member server with "id my-account" or "getent passwd
>> my-account".
>
> How are you creating the user ?
>
>>
>> but if I use windows member PC to access the file server with
>> my-account, then immediately "id my-account" and "getent passwd
>> my-account" will work in member server.
>>
>> is this behavior expected? can I let samba member server get the
>> newly created account immediately?
>
> No, it isn't, it should work fairly immediately, please post the
> smb.conf from the Unix domain member.
>
thanks a lot for the quick help. I remember in old days it happened
sometimes. but after upgrade rhel 7.5 (from samba 4.6.x to 4.7.1) and
samba DC 4.7/4.8 it now happens every time.
below is the smb.conf configuration from member server
[global]
workgroup = SAMDOM
netbios name = backup
realm = AD.SAMDOM.EXAMPLE.COM
security = ads
idmap backend = tdb
idmap config *:backend = tdb
idmap config *:range = 1000000-1999999
idmap config SAMDOM:backend = ad
idmap config SAMDOM:default = yes
idmap config SAMDOM:range = 1000-999999
idmap config SAMDOM:schema_mode = rfc2307
winbind enum users = yes
winbind enum groups = yes
winbind nested groups = no
winbind use default domain = yes
winbind offline logon = no
obey pam restrictions = no
# disable printer
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
More information about the samba
mailing list