[Samba] wbinfo_And_getent_Not_Showing_Complete_AD_Users

Rowland Penny rpenny at samba.org
Tue May 8 16:09:25 UTC 2018

On Tue, 8 May 2018 08:31:28 -0700 (MST)
srikar82 via samba <samba at lists.samba.org> wrote:

> Hi,
>        We have an AD Forest in the following hierarchy made of parent
> and child domain controllers.  Recently we joined an Ubuntu 16.04
> server as a domain member to a Windows 2012 child domain controller.
> Integration was completed successfully. The domain user we used for
> joining to DC is a member of our own created "domain admins" group
> which has rights to join a domain member to our DC.  This user is not
> a part of default  "Domain Admins" group. Later when we are trying to
> fetch the AD users using "wbinfo -u" and "getent passwd"  commands,
> observed that some of the AD users present in some of the OU's of
> child domain controller were not retrieved. Below is the smb.conf file
> we used to integrate with the Windows DC.

Hmm, so you have a group in AD called 'Domain Admins' and another
called 'domain admins', don't think this a good idea, for proof (note
this is on a DC, but the same would occur on a Unix domain member):

root at dc4:~# getent group Domain\ Admins
SAMDOM\domain admins:x:3000011:

Oh look, Unix sees 'Domain Admins' as 'domain admins'

Perhaps using 'Unix Admins' instead might be a better idea.


More information about the samba mailing list