[Samba] Getent doesn't show AD users/groups

Tue Dec 15 09:37:34 UTC 2020

Hello all,

I have a problem with getent passwd/group. When I do

$getent passwd administrator
administrator:*:0:100::/home/MYDOM/administrator:/bin/false

however, when I do
$getent passwd
I don’t get administrator in the command output.  The same I have with groups. Because of this,
as I understand, I can’t change folder group in mc — groups from AD are not listed there.
I used samba4 before and I could easily change folder group in mc, but now I can’t. Could anyone help?

This is what I have:
root at server:/etc# wbinfo -u
administrator
krbtgt
guest

root at server:/etc# wbinfo -g
enterprise read-only domain controllers
domain admins
domain users
domain guests
domain computers
domain controllers
schema admins
enterprise admins
group policy creator owners
read-only domain

nsswitch.conf
passwd:         compat winbind
group:          compat winbind
shadow:         compat winbind
gshadow:        files
…

smb.conf
[global]
    workgroup = ..
    realm = ...
    netbios name = ...
    server role = active directory domain controller
    dns forwarder = ...
    idmap_ldb:use rfc2307 = yes
    bind interfaces only = yes
    interfaces = eth0
    hosts allow = ...
    hosts deny = 0.0.0.0/0
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes

pam-auth-update 
* Kerberos authentication 
* Unix authentication
* Winbind NT/Active Directory authentication
* LDAP Authentication

--
Best regards, Alex Orlov