[Samba] getent passwd blank response

Rowland penny rpenny at samba.org
Mon Aug 17 13:46:19 UTC 2020

On 17/08/2020 14:35, Robert E. Wooden via samba wrote:
> On 8/17/2020 8:21 AM, Rowland penny via samba wrote:
>> The '3000013' is not a uidNumber, it is an 'xidNumber' and these are 
>> only used on a DC and unless you sync 'idmap.ldb' from the first DC 
>> to all other DC's, you cannot guarantee getting the same ID on all DC's
>> uidNumber attributes are not added automatically, you must add them 
>> manually, same goes for gidNumber attributes.
> I am not arguing with you because, I think your correct (you usually 
> are).
> I manually added the "Domain Users" group id (10000) with samba-tool 
> (samba-tool group addunixattrs "Domain Users" 10000, I think without 
> looking thru my notes) some time ago.
> The member smb.conf has "idmap config WKDOM : range = 10000-999999" 
> and gid started with 10000, should uid start at (for example) 10001 
> (for first user to be mapped) and increase sequence (+1 as in 10002) 
> for subsequent users?
> (Adding uid & gid manually, I am aware that I will need to keep a 
> record of these.)
> Guide lines you can point me to or confirm I am correct here?
Mostly you are correct, but 'user' != 'group' or to put it another way, 
you can use the same range for users and groups (in fact you have to), 
so just add the uidNumber '10000' to 'username' on the DC and then see 
if getent can find the user on the Unix samba member, you should get 
something like this:

getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash


More information about the samba mailing list