[Samba] NSS interface lists all domain users but gives error on single user
Giuseppe Sacco
giuseppe at eppesuigoccas.homedns.org
Wed Oct 17 19:22:42 UTC 2018
Hello Rowland,
I changed nsswitch.conf as suggested, but I still have the same result.
[...]
> Providing the there is a user called 'manuelb' in AD, winbind should
> show the user with 'getent passwd AGENZIA+manuelb'
If I list all users, I get all users. Let's display the end of the list
using both wbinfo and getent:
root at kubuntu-test:~# wbinfo -u | tail -2
AGENZIA\lorenam
AGENZIA\manuelb
root at kubuntu-test:~# getent passwd | tail -2
AGENZIA\lorenam:*:10182:8513::/home/lorenam:/bin/bash
AGENZIA\manuelb:*:10183:8513::/home/manuelb:/bin/bash
If I create a file and change its uid to one of these, I see that NSS
does not resolve it:
root at kubuntu-test:~# touch /tmp/ttt
root at kubuntu-test:~# chown 10183 /tmp/ttt
root at kubuntu-test:~# ls -l /tmp/ttt
-rw-r--r-- 1 10183 root 0 ott 17 20:54 /tmp/ttt
Even the "id" command does not resolve it. Nor the getent:
root at kubuntu-test:~# id 'AGENZIA\lorenam'
id: ‘AGENZIA\\lorenam’: no such user
root at kubuntu-test:~# getent passwd 'AGENZIA\lorenam'
root at kubuntu-test:~#
This is the complete global section as displayed by testparam:
[global]
dns proxy = No
log file = /var/log/samba/log.%m
map to guest = Bad User
max log size = 1000
panic action = /usr/share/samba/panic-action %d
realm = AGENZIA.LOCAL
security = ADS
server role = member server
server string = %h server (Samba, Ubuntu)
template homedir = /home/%U
template shell = /bin/bash
username map = /usr/local/samba/etc/user.map
usershare allow guests = Yes
winbind cache time = 5
winbind enum groups = Yes
winbind enum users = Yes
winbind offline logon = Yes
winbind refresh tickets = Yes
workgroup = AGENZIA
idmap config agenzia : range = 8000-20000
idmap config agenzia : backend = rid
idmap config * : range = 3000-7999
idmap config * : backend = tdb
As you may see, the uids given by wbinfo and getent are in the correct
range.
I do not know how to better debug the problem: I have reised "log
level" in smb.conf but no logging is done during the getent execution.
Thank you,
Giuseppe
More information about the samba
mailing list