[Samba] getent shows only local entries.
Rowland penny
rpenny at samba.org
Sun Jan 26 11:28:11 UTC 2020
On 26/01/2020 10:59, Daniel Lang wrote:
> Hi Rowland,
>
> Thank you for your prompt reply.
>
> Am So., 26. Jan. 2020 um 11:26 Uhr schrieb Rowland penny via samba
> <samba at lists.samba.org <mailto:samba at lists.samba.org>>:
>
> Whilst wbinfo is showing your users and groups, this does not mean
> that
> Unix knows who they are.
>
>
> Do you have libnss-winbind, libpam-winbind and libpam-krb5 installed ?
>
>
> Yes,
>
> root at fs1:/var/log/samba# apt install libpam-winbind libpam-krb5
> libnss-winbind
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> libpam-krb5 is already the newest version (4.8-2).
> libnss-winbind is already the newest version (2:4.11.3+dfsg-1).
> libpam-winbind is already the newest version (2:4.11.3+dfsg-1).
> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> root at fs1:/var/log/samba#
>
>
> Have you set 'winbind' in the 'passwd' & 'group' lines in
> /etc/nsswitch.conf ?
>
> yes,
> root at fs1:/var/log/samba# cat /etc/nsswitch.conf | grep passwd
> passwd: files winbind systemd
> root at fs1:/var/log/samba# cat /etc/nsswitch.conf | grep group
> group: files winbind systemd
> root at fs1:/var/log/samba#
>
>
> Have you added uidNumber attributes to your users and a gidNumber to
> 'Domain Users' ?
>
> They are not added automatically, you need to add them manually.
>
>
> really? On the Wiki site i havent found this information.
It was there, just not very clearly, on the wikipage:
https://wiki.samba.org/index.php/Idmap_config_ad
Under the heading:
Advantages and Disadvantages of the ad Back End
It said this:
The values for the RFC2307 attributes must be set manually.
It now says:
The values for the RFC2307 attributes are not created automatically,
they must be added manually.
> Could you tell me, how i can do that?
There are several ways, you can use ADUC on Windows, on later Windows
version that do not have the Unix Attributes tab, you can use the
attributes editor.
You can create users with the required attributes using samba-tool
From Samba 4.12.0, you will be able to add RFC2307 attributes using
samba-tool.
There is a python program created by Jonathan Reinhart 'adman':
https://gitlab.com/JonathonReinhart/adman
You can use Ldap Account Manager
You could write your own scripts around ldapsearch etc or ldbsearch etc
Or to put it another way, this is Linux, there are multiple ways of
doing this ;-)
Rowland
More information about the samba
mailing list