[Samba] NSS interface lists all domain users but gives error on single user
Rowland Penny
rpenny at samba.org
Wed Oct 17 13:32:42 UTC 2018
On Wed, 17 Oct 2018 15:03:41 +0200
Giuseppe Sacco via samba <samba at lists.samba.org> wrote:
> Hello,
> i configured samba and winbind in order to let domain users access
> folders shared by samba on linux. The configuration is shown later.
>
> Please note that idmap is configured correctly:
>
> root at kubuntu-test:~# wbinfo --user-info 'AGENZIA+manuelb'
> AGENZIA+manuelb:*:5035:5002::/home/manuelb:/bin/bash
> root at kubuntu-test:~# wbinfo -n 'AGENZIA+manuelb'
> S-1-5-21-1076504413-1754488879-1808648030-2183 SID_USER (1)
> root at kubuntu-test:~# wbinfo --sid-to-uid
> 'S-1-5-21-1076504413-1754488879-1808648030-2183' 5035
>
> as you may see now, listing all users works, but querying information
> for a single user does not work.
>
> root at kubuntu-test:~# getent passwd | tail -1
> AGENZIA+manuelb:*:5035:5002::/home/manuelb:/bin/bash
> root at kubuntu-test:~# getent passwd 'AGENZIA+manuelb'
> root at kubuntu-test:~# id 'AGENZIA+manuelb'
> id: ‘AGENZIA+manuelb’: no such user
>
> Windows domain is managed by Windows Server 2008 and it is at
> functional level of Windows 2003. The version of linux packages is
> quite current, i.e.:
>
> ii libc-bin 2.27-3ubuntu1 amd64 GNU C Library:
> Binaries ii libnss-winbind:amd6 2:4.7.6+dfsg~u amd64 Samba
> nameservice integration plugins ii libpam-winbind:amd6
> 2:4.7.6+dfsg~u amd64 Windows domain authentication
> integration p ii samba 2:4.7.6+dfsg~u amd64
> SMB/CIFS file, print, and login server for ii winbind
> 2:4.7.6+dfsg~u amd64 service to resolve user and group
> informati
>
> NSS configuration is simple:
>
> passwd: files winbind systemd
> group: files winbind systemd
> shadow: files winbind
>
> This is 'testparam' output:
>
> # Global parameters
> [global]
> dns proxy = No
> log file = /var/log/samba/log.%m
> map to guest = Bad User
> max log size = 1000
> panic action = /usr/share/samba/panic-action %d
> realm = AGENZIA.LOCAL
> security = ADS
> server role = member server
> server string = %h server (Samba, Ubuntu)
> template homedir = /home/%U
> template shell = /bin/bash
> usershare allow guests = Yes
> winbind cache time = 5
> winbind enum groups = Yes
> winbind enum users = Yes
> winbind offline logon = Yes
> winbind refresh tickets = Yes
> winbind separator = +
> workgroup = AGENZIA
> idmap config * : range = 5000-5100
> idmap config * : backend = tdb
>
> What can be the problem?
>
> Thank you,
> Giuseppe Sacco
>
You haven't set up idmap correctly, see here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
and here:
https://wiki.samba.org/index.php/Idmap_config_ad
or here:
https://wiki.samba.org/index.php/Idmap_config_rid
Rowland
More information about the samba
mailing list