[Samba] getent doesn't works
Jon Gerdes
gerdesj at blueloop.net
Wed Nov 25 15:41:31 UTC 2020
On Wed, 2020-11-25 at 10:15 +0000, Rowland penny via samba wrote:
> On 25/11/2020 09:36, Piviul via samba wrote:
> > Hi all, a PC was correctly joined to a domain but offline logon wasn't
> > working so then I have tried to get authentication and nss using SSSD
> > but I fail to correctly configure the logon. Then I read a message on
> > this list that says SSSD doesn't works on samba >= 4.8. Samba
> > installed is the 4.12 so I have followed this guide[¹] to reconfigure
> > again the PC using winbind instead of SSSD. All seems to works until
> > 8,2 Using Domain Accounts and Groups in Operating System. In other
> > words winbind can find users and groups but getent doesn't shows user
> > or group information. For example getent group "DOMINIOCSA\\Domain
> > Users" show nothing.
> >
> > Someone can help me to find a way to have getent query correctly AD
> > remote users and groups?
> >
> > I forgot to say that the PC is a debian bullseye.
>
> You are using the winbind 'ad' backend, so have you given your users a
> uidNumber attribute containing a unique number inside the '10000-999999'
> range AND given them a gidNumber containing a valid group gidNumber ?
> Failing the latter, does Domain Users have a gidNumber attribute ?
>
> Rowland
>
As well as allocating UIDs/GIDs you might investigate the rid backend.
Also, you will probably want these setting:
[global]
winbind enum users = yes
winbind enum groups = yes
... and perhaps these or something similar:
winbind expand groups = 2
winbind use default domain = yes
Cheers
Jon
More information about the samba
mailing list