[Samba] getent not returning users/groups
gregs at sloop.net
Sun Feb 27 23:35:15 UTC 2022
I could retype what's in the Wiki, but really it says it best. (Even though I don't likely understand all the implications.)
I think the biggest points are that:
The AD backend allows you to have individualized *nix login shells and home dirs, but requires you to keep track and ensure the ID's _manually_ assigned are unique.
RID doesn't require manually assigning ID's (essentially Samba does it all for you), but you can't have individualized *nix home-dirs or login-shells.
If you're mostly using Samba in a Windows environment, RID likely is good enough.
But reading the wiki is obviously far better at covering things in a non-TLDR (in detail) format.
And the three main back-ends.
I'm not sure what you're concerned about - though this may be what you're referencing.
From the *AD* back-end wiki:
If you use the winbind 'ad' backend, you must add a gidNumber attribute to the Domain Users group in AD. You must also give any users, that you want to be visible to Unix, a uidNumber attribute.
But that *ONLY* applies to the AD back-end.
If you use RID, the ID assignment happens automagically. (And thus all users/group are visible automatically.)
>> -----Original Message-----
>> From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of
>> Rowland Penny via samba
>> Sent: Saturday, February 26, 2022 12:19 AM
>> To: samba at lists.samba.org
>> Subject: Re: [Samba] getent not returning users/groups
>> On Fri, 2022-02-25 at 17:01 -0800, Michael Evans via samba wrote:
>>> All groups and all users must have GID and UID entries if they show
>>> up in the passwd / groups nss list.
>> Only if you are using the winbind 'ad' idmap backend, which Gregory
>>> Please ensure that at least the user's unix UID and primary group
>>> unix Group ID are set via some method.
>> Why ?
> It was my belief this was required for the users and groups to show up; but
> that one method for IDs being assigned were the other, non-AD storage, local
> ID storage configurations.
>>> There probably should be a wiki page dedicated to just this issue.
>> There is.
>> Also, the 'enum' lines are only required for troubleshooting purposes
>> (such as this) and shouldn't be in a production smb.conf.
> How _should_ the unix IDs for users and groups that are part of the domain
> be exposed to the host system outside of Samba? My understanding is that
> this was the only way; so I've clearly misunderstood the documentation.
More information about the samba