[Samba] wbinfo -u / getent passwd not working

L.P.H. van Belle belle at bazuin.nl
Fri Jul 10 10:18:40 UTC 2020 

Just thing i notised. 

>        idmap config * : range = 1000-2000 
This might give conflicts. 

Output of `cat /etc/adduser.conf |grep "[G-U]ID" `
These ranges should not overlap. 

After how may days/hours did it stop working? 


Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> basti via samba
> Verzonden: vrijdag 10 juli 2020 12:10
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] wbinfo -u / getent passwd not working
> 
> Hello,
> i try to setup a linux laptop for homeoffice with login for ad users.
> The last few days it work like expected.
> 
> today wbinfo -u return no user, getent passwd <username> also.
> 
> wbinfo -a "SAMDOM\user"
> Enter SAMDOM\user's password:
> plaintext password authentication succeeded
> Enter SAMDOM\user's password:
> challenge/response password authentication succeeded
> 
> wbinfo -D SAMDOM also works.
> 
> laptop smb.conf:
> 
> [global]
>        security = ADS
>        workgroup = SAMDOM
>        realm = SAMDOM.EXAMPLE.COM
> 
>        log file = /var/log/samba/%m.log
>        log level = 1
> 
>        winbind refresh tickets = Yes
>        dedicated keytab file = /etc/krb5.keytab
>        kerberos method = secrets and keytab
>        winbind use default domain = yes
> 
>        load printers = no
>        printing = bsd
>        printcap name = /dev/null
>        disable spoolss = yes
> 
>        # Default ID mapping configuration for local BUILTIN accounts
>        # and groups on a domain member. The default (*) domain:
>        # - must not overlap with any domain ID mapping configuration!
>        # - must use an read-write-enabled back end, such as tdb.
>        idmap config * : backend = tdb
>        idmap config * : range = 1000-2000
> 
>        # idmap config for the SAMDOM domain
>        # alf has uid 1006
>        idmap config SAMDOM:backend = ad
>        idmap config SAMDOM:schema_mode = rfc2307
>        idmap config SAMDOM:range = 2001-999999
> 
>        template homedir = /home/%U
>        template shell = /bin/bash
> 
>        client use spnego = yes
>        client ntlmv2 auth = yes
>        encrypt passwords = yes
>        restrict anonymous = 2
> 
>        # fix dfs error's in log ?
>        host msdfs = no
> 
>        # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>        winbind offline logon = yes
>        winbind cache time = 15768000
> 
>        winbind enum users = yes
>        winbind enum groups = yes
> 
> cat /etc/krb5.conf
> [libdefaults]
>     default_realm = SAMDOM.EXAMPLE.COM
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list