[Samba] getent passwd blank response

L.P.H. van Belle belle at bazuin.nl
Mon Aug 17 11:29:15 UTC 2020 

Hai Bob,

Try this. 

First flush cache. 
net cache flush

getent passwd username
id username 


And run this one again for me: 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh 

Reply might be bit later on, im running around here. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bob 
> Wooden via samba
> Verzonden: maandag 17 augustus 2020 13:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] getent passwd blank response
> 
> On 8/17/20 4:36 AM, Rowland penny via samba wrote:
> > On 17/08/2020 10:20, L.P.H. van Belle via samba wrote:
> >>
> >> But have you tried this :
> >> getent passwd "SAMDOM\username"
> >
> > Unless you have in smb.conf (which are not recommended):
> >
> > winbind enum users = yes
> >
> > winbind enum groups = yes
> >
> > Running 'getent passwd' and 'getent group' will only show 
> local users 
> > and groups.
> >
> > you need to specify a username or group, but if you also 
> specify the 
> > workgroup name, you still will not get output unless it is 
> specified 
> > correctly, this will not work:
> >
> > getent passwd SAMDOM\username
> >
> > But any of these will:
> >
> > getent passwd SAMDOM\\username
> >
> > getent passwd 'SAMDOM\username'
> >
> > getent passwd "SAMDOM\username"
> >
> > Of course, they all depend on smb.conf, nsswitch.conf and the links 
> > being setup correctly.
> >
> > Rowland
> >
> >
> root at mbr04:~# getent passwd SUBDOM\\username
> root at mbr04:~# getent passwd SUBDOM\username
> root at mbr04:~# getent passwd 'SUBDOM\username'
> root at mbr04:~# getent passwd "SUBDOM\username"
> root at mbr04:~# cat /etc/samba/smb.conf
> # https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> #
> log level = 4
> log file = /var/log/samba/%m.log
> max log size = 1000
> 
> # netbios name = By default this is "hostname -s" but in caps.
> realm = SUBDOM.EXAMPLE.COM
> workgroup = DOM
> security = ADS
> 
> # set master browser for the network.
> # preffered + domain master = yes = guarantee master browser ( man 
> smb.conf )
> # ! There can only be ONE master browser.
> preferred master = no
> domain master = no
> 
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> 
> ## map id's outside to domain to tdb files.
> idmap config * : backend = tdb
> idmap config * : range = 3000-7000
> 
> ## map ids from the domain  the range may not overlap !
> idmap config SUBDOM : backend = ad
> idmap config SUBDOM : schema_mode = rfc2307
> idmap config SUBDOM : range = 10000-999999
> idmap config SUBDOM : unix_nss_info = yes
> idmap config SUBDOM : unix_primary_group = yes    ##added per Louis 
> email 2020-08-13
> 
> # Renew the kerberos tickets
> winbind refresh tickets = yes
> 
> # Enable offline logins
> winbind offline logon = yes
> 
> # User uid/Gid from AD. (rfc2307)
> winbind nss info = rfc2307	## REMOVE THIS ONE its replace and set above. (unix_nss_info = yes) 
#####################   ^^^^^^^^^^^^^^^

> 
> # With default domain, wbinfo -u, yes = username, no is SAMBADOM\username
> winbind use default domain = yes
> #winbind trusted domains only = no



> 
> # *Keep no in production, set yes when debugging, this slows down your samba.*
> *winbind enum users  = yes**
> **winbind enum groups = yes*
> 
> # Check depth of nested groups, ! slows down you samba, if to much 
> groups depth
> # Samba default is 0, i suggest a minimal of 2 in this setup, 
> advices is 4.
> winbind expand groups = 4
> 
> # User Administrator workaround, without it you are unable to 
> set privileges
> # !Note: When using the AD ID mapping back end, do not set 
> the uidNumber 
> attribute for the domain administrator account.
> # If the account has the attribute set, the value overrides the local 
> UID 0 of the root user and thus the mapping fails.
> username map = /etc/samba/samba_usermapping
> 
> # disable usershares creating, when set empty no error log messages.
> usershare path =
> 
> # Disable printing completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
> 
> # For Windows ACL support on member file server, enabled 
> globaly, OBLIGATED
> # For a mixed setup of rights, put this per share!
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
> 
> # Share Setting Globally
> veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> hide unreadable = yes
> 
> # Included per Louis' member sacript
> include = /etc/samba/smb-shares.conf
> 
> ######## SHARE DEFINITIONS ################
> ##moved to /etc/samba/smb-shares.conf
> 
> root at mbr04:~# cat /etc/samba/smb-shares.conf
> [samba$]
>      # Hidden share for Adminstrator and "Domain Admins" 
> members/Folder 
> managers
>      # By default "Domain Admins" are allowed to read/write
>      path = /srv/samba
>      browseable = yes
>      read only = no
> 
> [companydata]
>      # main share for all company data.
>      path = /srv/samba/companydata
>      browseable = yes
>      read only = no
> 
> [profiles]
>      # Windows user profiles, Used for/by windows only share.
>      # Add a $ on the end to hide the share-name.
>      # By default "Domain users" are allowed to read/write
>      # 
> https://www.samba.org/samba/docs/current/man-html/vfs_acl_xattr.8.html
>      # Optional, yes and windows  defaults are: no/posix
>      # acl_xattr:ignore system acls = [yes|no]
>      # acl_xattr:default acl style = [posix|windows|everyone]
>      path = /srv/samba/profiles
>      #map acl inherit = no
>      browseable = yes
>      read only = no
> 
> [users]
>      # Samba/Windows User homedirs.
>      # By default the User (And root/Administrator/Domain Admins) are 
> allowed to read/write
>      path = /srv/samba/users
>      browseable = yes
>      read only = no
> 
> [public]
>      # A public share.
>      # By default "Domain users" are allowed to read/write
>      path = /srv/samba/public
>      browseable = yes
>      read only = no
> 
> root at mbr04:~# cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages 
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd:         files winbind systemd
> group:          files winbind systemd
> shadow:         files
> gshadow:        files
> 
> hosts:          files dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> As you can see I have tried all variations but still returns 
> blank response.
> 
> As a reminder, Debian 10, Samba v4.12.5.
> 
> Included all reference config files. Does anyone see anything 
> that needs 
> adjustment?
> 
> -- 
> (Sent from home location.)
> 
> username Wooden
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list