[Samba] NSS interface lists all domain users but gives error on single user
Giuseppe Sacco
giuseppe at eppesuigoccas.homedns.org
Wed Oct 17 16:46:35 UTC 2018
Hello Rowland,
Il giorno mer, 17/10/2018 alle 14.32 +0100, Rowland Penny via samba ha
scritto:
> On Wed, 17 Oct 2018 15:03:41 +0200
> Giuseppe Sacco via samba <samba at lists.samba.org> wrote:
> [...]
> > # Global parameters
> > [global]
> > dns proxy = No
> > log file = /var/log/samba/log.%m
> > map to guest = Bad User
> > max log size = 1000
> > panic action = /usr/share/samba/panic-action %d
> > realm = AGENZIA.LOCAL
> > security = ADS
> > server role = member server
> > server string = %h server (Samba, Ubuntu)
> > template homedir = /home/%U
> > template shell = /bin/bash
> > usershare allow guests = Yes
> > winbind cache time = 5
> > winbind enum groups = Yes
> > winbind enum users = Yes
> > winbind offline logon = Yes
> > winbind refresh tickets = Yes
> > winbind separator = +
> > workgroup = AGENZIA
> > idmap config * : range = 5000-5100
> > idmap config * : backend = tdb
>
> You haven't set up idmap correctly, see here:
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> and here:
> https://wiki.samba.org/index.php/Idmap_config_ad
> or here:
> https://wiki.samba.org/index.php/Idmap_config_rid
If I understand the documentation, I need to setup two idmap config,
one allocating ids for the BUILTIN users (using the tdb backend) and a
separate one for my domain users. I tought that using "*" would have
covered all domains, but I now think this is not true. Moreover, using
the rid backend, I found that not all users were listed until its range
was not large enough.
So, I changed the idmap config this way:
idmap config * : range = 3000-7999
idmap config * : backend = tdb
idmap config AGENZIA : range = 8000-20000
idmap config AGENZIA : backend = rid
I stopped the samba daemons, deleted the relevant tdb files, restarted
all daemons. I did not leave/join the domain again.
But I still have the same problem: "getent passwd" list all users,
while "getent passwd 'AGENZIA+manuelb'" does not give any results.
Thank you very much,
Giuseppe
More information about the samba
mailing list