[Samba] getent passwd SAMDOM\\demo01 does not work

K. R. Foley kr at cybsft.com
Sun Oct 24 23:24:04 UTC 2021 

On 10/13/21 8:56 AM, Patrick Goetz via samba wrote:
>
>
> On 10/13/21 08:48, Rowland Penny via samba wrote:
>> On Wed, 2021-10-13 at 08:23 -0500, K.R. Foley wrote:
>>> On 2021-10-13 08:19, Rowland Penny via samba wrote:
>>>> On Wed, 2021-10-13 at 08:08 -0500, K. R. Foley via samba wrote:
>>>>> On 10/13/21 1:38 AM, Jürgen Echter wrote:
>>>>>> Hi,
>>>>>>
>>>>>> Am Mittwoch, Oktober 13, 2021 05:10 CEST, schrieb "K. R. Foley
>>>>>> via
>>>>>> samba" <samba at lists.samba.org>:
>>>>>>> Hi,
>>>>>>>
>>>>>>> Should "getent passwd SAMDOM\\demo01" work from a Linux AD
>>>>>>> member?
>>>>>>>
>>>>>>>
>>>>>>> AD server running on CentOS Linux 7
>>>>>>>
>>>>>>> Samba 4.11.13 built from source
>>>>>>>
>>>>>>>
>>>>>>> Member server running on CentOS Linux 7
>>>>>>>
>>>>>>> Samba 4.11.13 built from source
>>>>>>>
>>>>>>> Configured following
>>>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member. 
>>>>>>>
>>>>>>>
>>>>>>> Joined  using "# net ads join -U administrator" without
>>>>>>> issue.
>>>>>>>
>>>>>>> "# wbinfo --ping-dc" works and reports the domain info
>>>>>>> correctly.
>>>>>>>
>>>>>>> "getent passwd <local user>" works fine
>>>>>>>
>>>>>>> "getent passwd SAMDOM\\<domain user>" returns nothing.
>>>>>>>
>>>>>>> "getent group SAMDOM\\Domain Users" returns nothing.
>>>>>>>
>>>>>>>
>>>>>>> Should  this work? Any help troubleshooting this would be
>>>>>>> appreciated.
>>>>>>>
>>>>>>> Thanks,
>>>>>>>
>>>>>>> kr
>>>>>>>
>>>>>>>
>>>>>>> -- 
>>>>>>> To unsubscribe from this list go to the following URL and
>>>>>>> read
>>>>>>> the
>>>>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>>> maybe you missed something here:
>>>>>>
>>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_the_Name_Service_Switch 
>>>>>>
>>>>>
>>>>> Thanks for your reply. I have configured nsswitch.conf. See
>>>>> below:
>>>>>
>>>>> #passwd:     files sss winbind
>>>>> passwd:     files winbind
>>>>> shadow:     files sss
>>>>> #group:      files sss winbind
>>>>> group:      files winbind
>>>>>
>>>>> Thanks,
>>>>
>>>> Are you using sssd on the computer as well ?
>>>>
>>>> Rowland
>>>>
>>>
>>> I think it does by default on CentOS. As you can see above I tried
>>> it
>>> with/without sss in nsswitch.conf. Could this be causing a problem?
>>>
>>>
>>
>> Sorry, but as this always leads to a massive discussion (I know very
>> little about sssd and believe it shouldn't be used with Samba), I
>> cannot continue to help you whilst you use sssd.
>>
>
> What id mapping are you using in smb.conf?  Usually when I have this 
> problem it's because the host has dropped out of the domain due to an 
> expired Kerberos ticket.
>
>
         idmap_ldb:use rfc2307 = yes
         smb encrypt = enabled
         #log level = 10
         winbind enum groups = yes
         winbind enum users = yes

More information about the samba mailing list