[Samba] getent shows only local entries.

Rowland penny rpenny at samba.org
Sun Jan 26 11:28:11 UTC 2020


On 26/01/2020 10:59, Daniel Lang wrote:
> Hi Rowland,
>
> Thank you for your prompt reply.
>
> Am So., 26. Jan. 2020 um 11:26 Uhr schrieb Rowland penny via samba 
> <samba at lists.samba.org <mailto:samba at lists.samba.org>>:
>
>     Whilst wbinfo is showing your users and groups, this does not mean
>     that
>     Unix knows who they are. 
>
>
>     Do you have libnss-winbind, libpam-winbind and libpam-krb5 installed ?
>
>
> Yes,
>
> root at fs1:/var/log/samba# apt install libpam-winbind libpam-krb5 
> libnss-winbind
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> libpam-krb5 is already the newest version (4.8-2).
> libnss-winbind is already the newest version (2:4.11.3+dfsg-1).
> libpam-winbind is already the newest version (2:4.11.3+dfsg-1).
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> root at fs1:/var/log/samba#
>
>
>     Have you set 'winbind' in the 'passwd' & 'group' lines in
>     /etc/nsswitch.conf ?
>
> yes,
> root at fs1:/var/log/samba# cat /etc/nsswitch.conf | grep passwd
> passwd:         files winbind systemd
> root at fs1:/var/log/samba# cat /etc/nsswitch.conf | grep group
> group:          files winbind systemd
> root at fs1:/var/log/samba#
>
>
>     Have you added uidNumber attributes to your users and a gidNumber to
>     'Domain Users' ?
>
>     They are not added automatically, you need to add them manually.
>
>
> really? On the Wiki site i havent found this information.

It was there, just not very clearly, on the wikipage:

https://wiki.samba.org/index.php/Idmap_config_ad

Under the heading:

Advantages and Disadvantages of the ad Back End

It said this:

The values for the RFC2307 attributes must be set manually.

It now says:

The values for the RFC2307 attributes are not created automatically, 
they must be added manually.

> Could you tell me, how i can do that?

There are several ways, you can use ADUC on Windows, on later Windows 
version that do not have the Unix Attributes tab, you can use the 
attributes editor.

You can create users with the required attributes using samba-tool

 From Samba 4.12.0, you will be able to add RFC2307 attributes using 
samba-tool.

There is a python program created by Jonathan Reinhart 'adman':

https://gitlab.com/JonathonReinhart/adman

You can use Ldap Account Manager

You could write your own scripts around ldapsearch etc or ldbsearch etc

Or to put it another way, this is Linux, there are multiple ways of 
doing this ;-)

Rowland





More information about the samba mailing list