[Samba] Unable to get primary group information when using AD authentication with samba-4.10.4

Rowland penny rpenny at samba.org
Wed Feb 26 10:04:12 UTC 2020

On 26/02/2020 09:50, Goto, Ryoichi wrote:
> Mr. Roland
> I'm sorry I couldn't respond for a while for my convenience, even though I had answered my answer immediately.
> And sssd was installed on my server as you pointed out.
> Immediately, remove all sssd related packages, remove the link of /etc/krb5.conf.d/crypto-policies, modify /etc/krb5.conf, and
> install only samba.x86_64 for samba. Since it did not exist, I put it in and restarted with automatic start of smb.service.
> However, the symptom that the user displayed by "wbinfo -u" does not accept "id", "wbinfo -i", or "getent passwd" does not go away.
> In the smb.conf
> If I comment out "idmap config OITA-NHS: backend = ad", I will not be able to get the collect primary group, but I will be able to
> recognize users with commands such as id.
> [root at ms ~]# wbinfo -u
> administrator
> guest
> defaultaccount
> krbtgt
> oec0814e
> oec1364e
> oec_user01
> oec_user02
> [root at ms ~]# id oec_user01
> id: `oec_faculty01': no such user
> [root at ms ~]# getent passwd oec_user01
> [root at ms ~]#
Can you post the contents of the following files:







I have a Samba Unix domain member running on Centos 8 and it works, but 
I did have to turn Selinux off.

Comparing your files with mine, may point to an error.


More information about the samba mailing list