[Samba] Getent doesn't show AD users/groups
Paul Paku
paku_ at outlook.com
Tue Dec 15 19:26:47 UTC 2020
Have a closer look at nsswitch config:
>> passwd: compat winbind
>> group: compat winbind
What about
passwd: files winbind compat
group: files winbind compat
Test your DNS confg:
Linux and Unix DNS Configuration - SambaWiki<https://wiki.samba.org/index.php/Linux_and_Unix_DNS_Configuration>
In short words:
1. Integral DNS server on ADC as only used DNS server (All samba stuff pointed to that server as first DNS server)
2. Add DNS forwarder on ADC config so it will no how to reach world addresses.
3. ADC Firewall open at port 53 and (much more ports for its other services)
4. Make nslookup tests for all involved addresses including strangle like _ldap._tpc.domain.com
And finally your krb5.config is much to long
[libdefaults]
default_realm = XXX.YYY.COM
dns_lookup_realm = false
dns_lookup_kdc = true
works for me.
“kinit administrator” has to work before any other commands as it uses poor krb5 authorization.
Paku,
Samba4 newbie ...
Od: Rowland penny via samba<mailto:samba at lists.samba.org>
Wysłano: wtorek, 15 grudnia 2020 20:00
Do: samba at lists.samba.org<mailto:samba at lists.samba.org>
Temat: Re: [Samba] Getent doesn't show AD users/groups
On 15/12/2020 18:52, Alex Orlov via samba wrote:
> I’ve corrected all my mistakes with names (at least I think so), but ANYWAY getent doesn’t list
> users and groups from AD. Below is the new result of the script. Please, help me to fix it.
>
> Collected config --- 2020-12-15-21:37 -----------
>
> Hostname: server1
> DNS Domain: headoffice.example.com
Have you provisioned a new domain using the 'headoffice.example.com' dns
domain ?
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list