[Samba] getent passwd blank response
L.P.H. van Belle
belle at bazuin.nl
Mon Aug 17 11:29:15 UTC 2020
Hai Bob,
Try this.
First flush cache.
net cache flush
getent passwd username
id username
And run this one again for me:
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
Reply might be bit later on, im running around here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bob
> Wooden via samba
> Verzonden: maandag 17 augustus 2020 13:19
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] getent passwd blank response
>
> On 8/17/20 4:36 AM, Rowland penny via samba wrote:
> > On 17/08/2020 10:20, L.P.H. van Belle via samba wrote:
> >>
> >> But have you tried this :
> >> getent passwd "SAMDOM\username"
> >
> > Unless you have in smb.conf (which are not recommended):
> >
> > winbind enum users = yes
> >
> > winbind enum groups = yes
> >
> > Running 'getent passwd' and 'getent group' will only show
> local users
> > and groups.
> >
> > you need to specify a username or group, but if you also
> specify the
> > workgroup name, you still will not get output unless it is
> specified
> > correctly, this will not work:
> >
> > getent passwd SAMDOM\username
> >
> > But any of these will:
> >
> > getent passwd SAMDOM\\username
> >
> > getent passwd 'SAMDOM\username'
> >
> > getent passwd "SAMDOM\username"
> >
> > Of course, they all depend on smb.conf, nsswitch.conf and the links
> > being setup correctly.
> >
> > Rowland
> >
> >
> root at mbr04:~# getent passwd SUBDOM\\username
> root at mbr04:~# getent passwd SUBDOM\username
> root at mbr04:~# getent passwd 'SUBDOM\username'
> root at mbr04:~# getent passwd "SUBDOM\username"
> root at mbr04:~# cat /etc/samba/smb.conf
> # https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> #
> log level = 4
> log file = /var/log/samba/%m.log
> max log size = 1000
>
> # netbios name = By default this is "hostname -s" but in caps.
> realm = SUBDOM.EXAMPLE.COM
> workgroup = DOM
> security = ADS
>
> # set master browser for the network.
> # preffered + domain master = yes = guarantee master browser ( man
> smb.conf )
> # ! There can only be ONE master browser.
> preferred master = no
> domain master = no
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> ## map id's outside to domain to tdb files.
> idmap config * : backend = tdb
> idmap config * : range = 3000-7000
>
> ## map ids from the domain the range may not overlap !
> idmap config SUBDOM : backend = ad
> idmap config SUBDOM : schema_mode = rfc2307
> idmap config SUBDOM : range = 10000-999999
> idmap config SUBDOM : unix_nss_info = yes
> idmap config SUBDOM : unix_primary_group = yes ##added per Louis
> email 2020-08-13
>
> # Renew the kerberos tickets
> winbind refresh tickets = yes
>
> # Enable offline logins
> winbind offline logon = yes
>
> # User uid/Gid from AD. (rfc2307)
> winbind nss info = rfc2307 ## REMOVE THIS ONE its replace and set above. (unix_nss_info = yes)
##################### ^^^^^^^^^^^^^^^
>
> # With default domain, wbinfo -u, yes = username, no is SAMBADOM\username
> winbind use default domain = yes
> #winbind trusted domains only = no
>
> # *Keep no in production, set yes when debugging, this slows down your samba.*
> *winbind enum users = yes**
> **winbind enum groups = yes*
>
> # Check depth of nested groups, ! slows down you samba, if to much
> groups depth
> # Samba default is 0, i suggest a minimal of 2 in this setup,
> advices is 4.
> winbind expand groups = 4
>
> # User Administrator workaround, without it you are unable to
> set privileges
> # !Note: When using the AD ID mapping back end, do not set
> the uidNumber
> attribute for the domain administrator account.
> # If the account has the attribute set, the value overrides the local
> UID 0 of the root user and thus the mapping fails.
> username map = /etc/samba/samba_usermapping
>
> # disable usershares creating, when set empty no error log messages.
> usershare path =
>
> # Disable printing completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> # For Windows ACL support on member file server, enabled
> globaly, OBLIGATED
> # For a mixed setup of rights, put this per share!
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> # Share Setting Globally
> veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> hide unreadable = yes
>
> # Included per Louis' member sacript
> include = /etc/samba/smb-shares.conf
>
> ######## SHARE DEFINITIONS ################
> ##moved to /etc/samba/smb-shares.conf
>
> root at mbr04:~# cat /etc/samba/smb-shares.conf
> [samba$]
> # Hidden share for Adminstrator and "Domain Admins"
> members/Folder
> managers
> # By default "Domain Admins" are allowed to read/write
> path = /srv/samba
> browseable = yes
> read only = no
>
> [companydata]
> # main share for all company data.
> path = /srv/samba/companydata
> browseable = yes
> read only = no
>
> [profiles]
> # Windows user profiles, Used for/by windows only share.
> # Add a $ on the end to hide the share-name.
> # By default "Domain users" are allowed to read/write
> #
> https://www.samba.org/samba/docs/current/man-html/vfs_acl_xattr.8.html
> # Optional, yes and windows defaults are: no/posix
> # acl_xattr:ignore system acls = [yes|no]
> # acl_xattr:default acl style = [posix|windows|everyone]
> path = /srv/samba/profiles
> #map acl inherit = no
> browseable = yes
> read only = no
>
> [users]
> # Samba/Windows User homedirs.
> # By default the User (And root/Administrator/Domain Admins) are
> allowed to read/write
> path = /srv/samba/users
> browseable = yes
> read only = no
>
> [public]
> # A public share.
> # By default "Domain users" are allowed to read/write
> path = /srv/samba/public
> browseable = yes
> read only = no
>
> root at mbr04:~# cat /etc/nsswitch.conf
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files winbind systemd
> group: files winbind systemd
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> As you can see I have tried all variations but still returns
> blank response.
>
> As a reminder, Debian 10, Samba v4.12.5.
>
> Included all reference config files. Does anyone see anything
> that needs
> adjustment?
>
> --
> (Sent from home location.)
>
> username Wooden
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list