[Samba] wbinfo work getent passwd does

basti mailinglist at unix-solution.de
Wed Apr 14 11:07:03 UTC 2021


users look like:

id iustest
uid=7101(NET\iustest) gid=100(users) Gruppen=100(users)

I think it should lokk like

id iustest
uid=7101(NET\iustest) gid=30000(BUILTIN\users) groups=30000(BUILTIN\users)

I have no idea where the gid 100 come from.

On 14.04.21 12:29, basti via samba wrote:
> Hello, i have the above problem again.
> getent passwd show only local users. wbinfo -u show also domain users
> 
> dpkg -l | grep pam | awk '{print $2}' | xargs
> libpam-krb5:amd64 libpam-modules:amd64 libpam-modules-bin libpam-runtime 
> libpam-systemd:amd64 libpam-winbind:amd64 libpam0g:amd64
> 
> dpkg -l | grep nss | awk '{print $2}' | xargs
> libjansson4:amd64 libnss-systemd:amd64 libnss-winbind:amd64 
> openssh-client openssh-server openssh-sftp-server openssl
> 
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd:         files winbind systemd
> group:          files winbind systemd
> shadow:         files
> gshadow:        files
> 
> 
> getent passwd | tail -1
> systemd-coredump:x:999:999:systemd Core Dumper:/:/usr/sbin/nologin
> 
> wbinfo -u | tail -1
> testuser
> 
> 
> cat /etc/krb5.conf
> [libdefaults]
>      default_realm = SAMDOM.EXAMPLE.COM
>      dns_lookup_realm = false
>          dns_lookup_kdc = true
> 
> 
> 
> cat /etc/samba/smb.conf
> [global]
> 
>     security = ADS
>     workgroup = SAMDOM
>     realm = SAMDOM.EXAMPLE.COM
> 
>     log file = /var/log/samba/%m.log
>     log level = 3
> 
>     idmap config * : backend = tdb
>     idmap config * : range = 1000-6999
> 
>     # idmap config for the SAMDOM domain
>     idmap config SAMDM:backend = ad
>     idmap config SAMDOM:schema_mode = rfc2307
>     idmap config SAMDOM:range = 7000-20000
> 
>      winbind enum users = yes
>      winbind enum groups = yes
>      winbind use default domain = yes
> 
>      vfs objects = acl_xattr
>      map acl inherit = yes
>      store dos attributes = yes
> 
>      # https://lists.samba.org/archive/samba/2014-August/184359.html
>      winbind refresh tickets = yes
> 
>      dedicated keytab file = /etc/krb5.keytab
>      kerberos method = secrets and keytab
> 
>      server role = member server
> 
>      ############ Misc ############
> 
>      load printers = no
>      printing = bsd
>      printcap name = /dev/null
>      disable spoolss = yes
> 
>      ldap ssl = no
>      create mask = 0777
> 
> 
> #======================= Share Definitions =======================
> 
> 



More information about the samba mailing list