[Samba] Getent doesn't show AD users/groups

[Alex Orlov]

> It is your choice to remain with Samba 4.2.14, it is however extremely
> EOL and insecure, I certainly would not use it in production. We also do
> not recommend using a Samba AD DC as a fileserver, you seem to have
> taken this to extremes. In your case, I would create a new DC, transfer
> all the FSMO roles to this and then turn your existing DC into a Unix
> domain member.
 
 Rowland, thank you very much for your help, but I tried all variants and anyway
couldn’t make it work. Maybe there is some problem in debian 8 libnss — I don’t
know. In debian 9 everything worked fine. So, I will go another way — chgrp by
gid + some sh script.
 
However, could you say, why you don’t recommend using a Samba AD DC as a fileserver.
As I know samba 3 was used primarily as fileserver. Samba 4 is AD DC, but it can
work as fileserver. So, what is the problem?
 
 
--
Best regards, Alex Orlov