[Samba] getent not returning users/groups

Gregory Sloop gregs at sloop.net
Sun Feb 27 23:35:15 UTC 2022

I could retype what's in the Wiki, but really it says it best. (Even though I don't likely understand all the implications.)
I think the biggest points are that: 
The AD backend allows you to have individualized *nix login shells and home dirs, but requires you to keep track and ensure the ID's _manually_ assigned are unique.
RID doesn't require manually assigning ID's (essentially Samba does it all for you), but you can't have individualized *nix home-dirs or login-shells.
If you're mostly using Samba in a Windows environment, RID likely is good enough.
But reading the wiki is obviously far better at covering things in a non-TLDR (in detail) format.
And the three main back-ends.
I'm not sure what you're concerned about - though this may be what you're referencing.
From the *AD* back-end wiki:
If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. You must also give any users, that you want to be visible to Unix, a uidNumber attribute.  
But that *ONLY* applies to the AD back-end.
If you use RID, the ID assignment happens automagically. (And thus all users/group are visible automatically.)

>> -----Original Message-----
>> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of
>> Rowland Penny via samba
>> Sent: Saturday, February 26, 2022 12:19 AM
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] getent not returning users/groups

>> On Fri, 2022-02-25 at 17:01 -0800, Michael Evans via samba wrote:

>>> All groups and all users must have GID and UID entries if they show
>>> up in the passwd / groups nss list.

>> Only if you are using the winbind 'ad' idmap backend, which Gregory
>> isn't.

>>> Please ensure that at least the user's unix UID and primary group
>>> unix Group ID are set via some method.
>> Why ?

> It was my belief this was required for the users and groups to show up; but
> that one method for IDs being assigned were the other, non-AD storage, local
> ID storage configurations.

>>> There probably should be a wiki page dedicated to just this issue.

>> There is.

>> Also, the 'enum' lines are only required for troubleshooting purposes
>> (such as this) and shouldn't be in a production smb.conf.

> How _should_ the unix IDs for users and groups that are part of the domain
> be exposed to the host system outside of Samba?  My understanding is that
> this was the only way; so I've clearly misunderstood the documentation.

More information about the samba mailing list