[Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain

David PAUGAM David.Paugam at genavir.fr
Wed Mar 10 17:18:40 UTC 2021


I'm facing a problem with a Linux Server I want to configure as a File 
Server, member of an Active Directory Domain.

OS: Linux Debian Buster


//        workgroup=MYDOM//
//        realm=MYDOM.FR//
//        security=ads//
//        winbind enum users=yes//
//        winbind enum groups=yes//
//        winbind use default domain=yes//
//   idmap config * : backend = tdb//
//   idmap config * : range = 3000-19999//
//   idmap config IFR : backend = rid//
//   idmap config IFR : range = 30000-999999//
//   template homedir = /home/%U//
//   template shell = /bin/bash//
//   winbind refresh tickets = Yes//
//   vfs objects = acl_xattr//
//   map acl inherit = Yes//
//   store dos attributes = Yes//
//dedicated keytab file = /etc/krb5.keytab//
//kerberos method = secrets and keytab//
//allow trusted domains = no//
//log file = /var/log/samba/log.%m//
//browseable      = yes//
//comment         = Repertoire//
//create mask     = 0770//
//directory mask  = 0770//
//path            = /export///
//valid users     = user1,user2//
//writable        = yes/

I joined correctly the server to the domain:

/ net ads testjoin//
//Join is OK/

/net ads info/ is OK too.

/Wbinfo -u/ returns every member of the domain, around 3400.

/getent passwd/ returns a truncated list. Around 1100 users.

User1 is able to access to the share from a Windows client through 

User2 is not.

/getent passwd user1/ returns a line

/getent passwd user2/ returns nothing.

It's like winbind could not see ALL the users.

Same "issue" when I try to chown the folder:

/ chown user1:mygroup /export/ /

is OK

/ chown user2:mygroup /export/ /

is K0

"chown: incorrect user: « user2:mygroup»

Did anybody already face this kind of issue?

Does anyone know how to fix that?

Thanks in advance,


More information about the samba mailing list