[Samba] `getent passwd` not working with ad backend
Harpoon
harp00n at protonmail.com
Thu Jan 24 08:57:21 UTC 2019
Hi all,
I've been reading and it seems like ad backend has many features that I'd like to use. However, despite browsing many forums and docs, I am still unable to get domain users list using `getent passwd` while using `ad backend`. If I change backend to tdb, then I can get usernames on the clients. Authentication works fine too when using `tdb backend`. I think the only issue is with the mapping part. Otherwise the domain is working pretty fine.
All boxes are running Debian Stretch.
===================================================
Server's smb.conf
===================================================
# Global parameters
[global]
netbios name = DC1
realm = SAMDOM.EXAMPLE.COM
workgroup = SAMDOM
dns forwarder = 10.0.5.200
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
===================================================
Client's smb.conf
===================================================
[global]
netbios name = client1
realm = SAMDOM.EXAMPLE.COM
workgroup = SAMDOM
security = ADS
kerberos method = secrets and keytab
winbind trusted domains only = no
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nss info = rfc2307
# FOR Samba-share `getent` testing
# password server = dc1.samdom.example.com
# client signing = auto
# server signing = auto
idmap config * : backend = tdb
idmap config * : range = 10000-20000
idmap config SAMDOM : backend = ad
idmap config SAMDOM : range = 21000-200000
-------------------------------------------------------------------------
**With ad backend:**
1. wbinfo -u lists all domain users
2. `getent passwd` doesn't list domain users
**WIth tdb backend:**
1. wbinfo -u lists all domain users
2. `getent passwd` also lists all domain users
Just by commenting out the `idmap config SAMDOM` lines in the client's smb.conf, all other things start working such as `getent passwd`, authentication, etc.
I tried adding multiple Unix groups and users following instructions on Samba Wiki, but the result it always the same. I've been trying to sort it out for a couple of weeks and its now driving me insane.
Any help would be appreciated!
Kind regards,
Harp
More information about the samba
mailing list