[Samba] getent not returning users/groups

Gregory Sloop gregs at sloop.net
Mon Feb 28 16:14:57 UTC 2022 

Rowland - I think you didn't read the last para Roy posted in his OP. (late yesterday, at least in my TZ)
 
 
---
...the AD users are still *known* to the operating system as will be demonstrated by appending an AD user's name or group to the getent command.
For example on my system getent passwd roy produces:
roy at pi4b:~$ getent passwd roy
roy:*:11601:10513:roy:/home/MICROLYNX/roy:/bin/bash 
---  
 
So, I don't actually think he was wrong in his initial post. 
(Though I'd agree it was easy to read the first couple of paras and think he had it wrong.)
 
---
Can we all agree that without the winbind enum line, you can't just do a getent group/passwd and get a full listing of all the group/user records in AD, but you CAN get individual records by specifying them?
 
And as the wiki says (or should/may have said before it was hosed) the enum lines should generally only be used for troubleshooting/debugging since they place more load on the DC's - especially for large AD data-sets.
 
:)
   

> On Mon, 2022-02-28 at 15:42 +0000, spindles seven wrote:


>> I must be missing something here.  If what you say above is true,
>> then why does the WiKi advise adding the "winbind enum" lines to the
>> smb.conf in order for the getent commands to show all AD users and
>> groups? 

> It didn't (it seems to have been removed in the pruning of required
> information), it said to only to use them for testing purposes.
>  

>>     Also your other answer in this thread seems to contradict this as
>> well.   I certainly cannot get the list to include AD users and
>> groups without the enum lines.

> I doubt I said that and if you must have the 'enum' lines in smb.conf
> for your Unix domain member to work, then you have something
> exceedingly strangely wrong with your set up.

>> So what settings "when set up correctly" allow getent to display all
>> users and groups (without the 'enum' lines)?

> None, because you do not need them:

> rowland at devstation:~$ getent passwd | grep rowland
> rowland at devstation:~$ 

> Just running the output of 'getent passwd' through grep with my name,
> produces no output.

> rowland at devstation:~$ getent passwd rowland
> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

> Yet adding my name to the getent command does.

> rowland at devstation:~$ cat /etc/passwd | grep rowland
> rowland at devstation:~$ 

> My name is not in /etc/passwd

> rowland at devstation:~$ cat /etc/samba/smb.conf | grep 'enum'
> rowland at devstation:~$ 

> I do not have the 'enum' lines in smb.conf, yet everything works.

> Rowland

More information about the samba mailing list