[Samba] getent not returning users/groups

spindles seven spindles7 at gmail.com
Mon Feb 28 08:10:22 UTC 2022

On 27 February 2022 23:48 Michael Evans wrote:
> Someone I expect knows much more about samba than I do has stated that winbind emum is incorrect
> for exposing that user and group list to NSS services (so that they're shown with getent passwd and 
> getent group; as well as any programs that want to validate usernames / etc): So what should I and 
> others do instead? 

The winbind enum line in smb.conf is purely to "enumerate" the list of users so that you can use "getent passwd" or "getent group" to get a list of users a groups, including AD users and groups.
Remove that line from smb.conf and all you will get are local users and groups when you use the getent commands.
However as Gregory says, the AD users are still *known* to the operating system as will be demonstrated by appending an AD user's name or group to the getent command.
For example on my system getent passwd roy produces:
roy at pi4b:~$ getent passwd roy



More information about the samba mailing list