[Samba] wbinfo work getent passwd does

[Rowland penny]

On 14/04/2021 11:29, basti via samba wrote:
> Hello, i have the above problem again.
> getent passwd show only local users. wbinfo -u show also domain users
>
> dpkg -l | grep pam | awk '{print $2}' | xargs
> libpam-krb5:amd64 libpam-modules:amd64 libpam-modules-bin 
> libpam-runtime libpam-systemd:amd64 libpam-winbind:amd64 libpam0g:amd64
>
> dpkg -l | grep nss | awk '{print $2}' | xargs
> libjansson4:amd64 libnss-systemd:amd64 libnss-winbind:amd64 
> openssh-client openssh-server openssh-sftp-server openssl
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, 
> try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd:         files winbind systemd
> group:          files winbind systemd
> shadow:         files
> gshadow:        files
>
>
> getent passwd | tail -1
> systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
>
> wbinfo -u | tail -1
> testuser
>
>
> cat /etc/krb5.conf
> [libdefaults]
>     default_realm = SAMDOM.EXAMPLE.COM
>     dns_lookup_realm = false
>        dns_lookup_kdc = true
>
>
>
> cat /etc/samba/smb.conf
> [global]
>
>   security = ADS
>   workgroup = SAMDOM
>   realm = SAMDOM.EXAMPLE.COM
>
>   log file = /var/log/samba/%m.log
>   log level = 3
>
>   idmap config * : backend = tdb
>   idmap config * : range = 1000-6999
>
>   # idmap config for the SAMDOM domain
>   idmap config SAMDM:backend = ad
>   idmap config SAMDOM:schema_mode = rfc2307
>   idmap config SAMDOM:range = 7000-20000


Do your users have UidNumber attributes containing numbers between 
7000-20000

Also, does Domain Users have a gidNumber attribute containing a number 
inside the same range.

If not, no AD users and groups will be used.

Rowland