[Samba] NSS interface lists all domain users but gives error on single user

Giuseppe Sacco giuseppe at eppesuigoccas.homedns.org
Wed Oct 17 13:03:41 UTC 2018 

Hello,
i configured samba and winbind in order to let domain users access
folders shared by samba on linux. The configuration is shown later.

Please note that idmap is configured correctly:

root at kubuntu-test:~# wbinfo --user-info 'AGENZIA+manuelb'
AGENZIA+manuelb:*:5035:5002::/home/manuelb:/bin/bash
root at kubuntu-test:~# wbinfo -n 'AGENZIA+manuelb'
S-1-5-21-1076504413-1754488879-1808648030-2183 SID_USER (1)
root at kubuntu-test:~# wbinfo --sid-to-uid 'S-1-5-21-1076504413-1754488879-1808648030-2183'
5035

as you may see now, listing all users works, but querying information
for a single user does not work.

root at kubuntu-test:~# getent passwd | tail -1 
AGENZIA+manuelb:*:5035:5002::/home/manuelb:/bin/bash
root at kubuntu-test:~# getent passwd 'AGENZIA+manuelb'
root at kubuntu-test:~# id 'AGENZIA+manuelb'
id: ‘AGENZIA+manuelb’: no such user

Windows domain is managed by Windows Server 2008 and it is at
functional level of Windows 2003. The version of linux packages is
quite current, i.e.:

ii  libc-bin            2.27-3ubuntu1  amd64          GNU C Library: Binaries
ii  libnss-winbind:amd6 2:4.7.6+dfsg~u amd64          Samba nameservice integration plugins
ii  libpam-winbind:amd6 2:4.7.6+dfsg~u amd64          Windows domain authentication integration p
ii  samba               2:4.7.6+dfsg~u amd64          SMB/CIFS file, print, and login server for 
ii  winbind             2:4.7.6+dfsg~u amd64          service to resolve user and group informati

NSS configuration is simple:

passwd:         files winbind systemd
group:          files winbind systemd
shadow:         files winbind

This is 'testparam' output:

# Global parameters
[global]
	dns proxy = No
	log file = /var/log/samba/log.%m
	map to guest = Bad User
	max log size = 1000
	panic action = /usr/share/samba/panic-action %d
	realm = AGENZIA.LOCAL
	security = ADS
	server role = member server
	server string = %h server (Samba, Ubuntu)
	template homedir = /home/%U
	template shell = /bin/bash
	usershare allow guests = Yes
	winbind cache time = 5
	winbind enum groups = Yes
	winbind enum users = Yes
	winbind offline logon = Yes
	winbind refresh tickets = Yes
	winbind separator = +
	workgroup = AGENZIA
	idmap config * : range = 5000-5100
	idmap config * : backend = tdb

What can be the problem?

Thank you,
Giuseppe Sacco

More information about the samba mailing list