[Samba] getent passwd SAMDOM\\demo01 does not work
K. R. Foley
kr at cybsft.com
Sun Oct 24 23:24:04 UTC 2021
On 10/13/21 8:56 AM, Patrick Goetz via samba wrote:
>
>
> On 10/13/21 08:48, Rowland Penny via samba wrote:
>> On Wed, 2021-10-13 at 08:23 -0500, K.R. Foley wrote:
>>> On 2021-10-13 08:19, Rowland Penny via samba wrote:
>>>> On Wed, 2021-10-13 at 08:08 -0500, K. R. Foley via samba wrote:
>>>>> On 10/13/21 1:38 AM, Jürgen Echter wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Am Mittwoch, Oktober 13, 2021 05:10 CEST, schrieb "K. R. Foley
>>>>>> via
>>>>>> samba" <samba at lists.samba.org>:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Should "getent passwd SAMDOM\\demo01" work from a Linux AD
>>>>>>> member?
>>>>>>>
>>>>>>>
>>>>>>> AD server running on CentOS Linux 7
>>>>>>>
>>>>>>> Samba 4.11.13 built from source
>>>>>>>
>>>>>>>
>>>>>>> Member server running on CentOS Linux 7
>>>>>>>
>>>>>>> Samba 4.11.13 built from source
>>>>>>>
>>>>>>> Configured following
>>>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member.
>>>>>>>
>>>>>>>
>>>>>>> Joined using "# net ads join -U administrator" without
>>>>>>> issue.
>>>>>>>
>>>>>>> "# wbinfo --ping-dc" works and reports the domain info
>>>>>>> correctly.
>>>>>>>
>>>>>>> "getent passwd <local user>" works fine
>>>>>>>
>>>>>>> "getent passwd SAMDOM\\<domain user>" returns nothing.
>>>>>>>
>>>>>>> "getent group SAMDOM\\Domain Users" returns nothing.
>>>>>>>
>>>>>>>
>>>>>>> Should this work? Any help troubleshooting this would be
>>>>>>> appreciated.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> kr
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> To unsubscribe from this list go to the following URL and
>>>>>>> read
>>>>>>> the
>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>> maybe you missed something here:
>>>>>>
>>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_the_Name_Service_Switch
>>>>>>
>>>>>
>>>>> Thanks for your reply. I have configured nsswitch.conf. See
>>>>> below:
>>>>>
>>>>> #passwd: files sss winbind
>>>>> passwd: files winbind
>>>>> shadow: files sss
>>>>> #group: files sss winbind
>>>>> group: files winbind
>>>>>
>>>>> Thanks,
>>>>
>>>> Are you using sssd on the computer as well ?
>>>>
>>>> Rowland
>>>>
>>>
>>> I think it does by default on CentOS. As you can see above I tried
>>> it
>>> with/without sss in nsswitch.conf. Could this be causing a problem?
>>>
>>>
>>
>> Sorry, but as this always leads to a massive discussion (I know very
>> little about sssd and believe it shouldn't be used with Samba), I
>> cannot continue to help you whilst you use sssd.
>>
>
> What id mapping are you using in smb.conf? Usually when I have this
> problem it's because the host has dropped out of the domain due to an
> expired Kerberos ticket.
>
>
idmap_ldb:use rfc2307 = yes
smb encrypt = enabled
#log level = 10
winbind enum groups = yes
winbind enum users = yes
More information about the samba
mailing list