[Samba] wbinfo_And_getent_Not_Showing_Complete_AD_Users

srikar82 srikars at biarca.com
Tue May 8 15:31:28 UTC 2018 

Hi,
       We have an AD Forest in the following hierarchy made of parent
and child domain controllers.  Recently we joined an Ubuntu 16.04
server as a domain member to a Windows 2012 child domain controller.
Integration was completed successfully. The domain user we used for
joining to DC is a member of our own created "domain admins" group
which has rights to join a domain member to our DC.  This user is not
a part of default  "Domain Admins" group. Later when we are trying to
fetch the AD users using "wbinfo -u" and "getent passwd"  commands,
observed that some of the AD users present in some of the OU's of
child domain controller were not retrieved. Below is the smb.conf file
we used to integrate with the Windows DC.


#======================= Global Settings =======================


[global]
   # No .tld
    workgroup = SAMDOM
    # Active Directory System
    security = ADS
    # With .tld
    realm = SAMDOM.LOCAL
    wins server = SAMDOM.LOCAL
    # Just a member server
    domain master = no
    local master = no
    preferred master = no
    # Works both in samba 3.2 and 3.6.
    idmap backend = tdb
    idmap config *:range = 3000-29999
    # no .tld
    idmap config SAMDOM:backend = rid
    idmap config SAMDOM:range = 30000-99999
    winbind enum users = yes
    winbind enum groups = yes
    # This way users log in with username instead of username at example.org
    # Inherit groups in groups
    winbind nested groups = yes
    winbind refresh tickets = yes
    winbind offline logon = true

    # Becomes /home/example/username
    template homedir = /home/%U

    # No shell access
    template shell = /bin/bash
    client use spnego = yes
    client ntlmv2 auth = yes
    restrict anonymous = 2
    log file = /var/log/samba/samba.log
    log level = 3
    max log size = 204800
    map untrusted to domain = Yes
    passdb backend = tdbsam
#   username map = /usr/local/samba/etc/user.map
#   ncalrpc dir = /var/run/samba/ncalrpc
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes
#   winbind use default domain = yes
    client ipc max protocol = NT1

Can anyone please help us with this issue

Thanks & Regards,
Srikar.



--
Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html

More information about the samba mailing list