[Samba] getent passwd no domainusers

basti.mueller31 at web.de basti.mueller31 at web.de
Sat Oct 6 15:15:01 UTC 2018 

Hi,

I just want to add a linux machine to my samba 4 ad. Its a debian stretch and I installed the  following packages:apt-get install winbind libpam-winbind libnss-winbind libpam-krb5 krb5-config krb5-user samba attr ...  My machine-configs:

nsswitch.conf:
passwd: files winbind
group: files winbind
shadow: compat
gshadow:files
hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
network:files
protocols:db files
services: db files
ethers:db files
rpc: db files
netgroup: nis


krb5.conf:
[libdefaults]
	default_realm = EXAMPLE.COM
	dns_lookup_realm = false
	dns_lookup_kdc = true


smb.conf:
[global]
security = ADS
workgroup = EXAMPLE
realm = EXAMPLE.COM
log file = /var/log/samba/%m.log
log level = 1

template shell = /bin/bash
template homedir = /home/%U
winbind nss info = rfc2307
winbind use default domain = yes
winbind offline logon = yes
winbind normalize names = yes
winbind refresh tickets = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 60
winbind nss info = rfc2307
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config EXAMPLE : backend = ad
idmap config EXAMPLE : schema_mode = rfc2307
idmap config EXAMPLE : range = 10000-999999

resolv.conf:
search example.com
nameserver 192.168.2.2


my ad smb.conf:
[global]
        netbios name = PDC
        realm = EXAMPLE.COM
        workgroup = EXAMPLE
        server role = active directory domain controller
        bind interfaces only = yes
        interfaces = br0
        idmap_ldb:use rfc2307 = yes
        template shell = /bin/bash
        template homedir= /home/%U
        dns forwarder = 8.8.8.8
        ldap server require strong auth = no
        winbind enum users = yes
        winbind enum groups = yes
        winbind cache time = 10
        winbind offline logon = yes
        allow dns updates = nonsecure and secure
        log file = /var/log/samba/%m.log
        max log size = 10000
        log level = 1


"wbinfo --ping" shows checking the NETLOGON for domain[EXAMPLE] dc connection to "pdc.example.com" succeeded.
"wbinfo -u" show me all domain users
"wbinfo -g" show me all domain groups
"getent group" shows me all local AND domain groups...

BUT getent passwd is only show my local users... not my domain users..

What could be the reason for that?

More information about the samba mailing list