[Samba] getent not returning users/groups

Rowland Penny rpenny at samba.org
Mon Feb 28 16:22:52 UTC 2022

On Mon, 2022-02-28 at 08:14 -0800, Gregory Sloop via samba wrote:
> Rowland - I think you didn't read the last para Roy posted in his OP.
> (late yesterday, at least in my TZ)

If I did misunderstand the OP's post then I apologise, but my reading
was that he has to use the 'enum' lines to get any output.

> ---
> ...the AD users are still *known* to the operating system as will be
> demonstrated by appending an AD user's name or group to the getent
> command.
> For example on my system getent passwd roy produces:
> roy at pi4b:~$ getent passwd roy
> roy:*:11601:10513:roy:/home/MICROLYNX/roy:/bin/bash 
> ---  
> So, I don't actually think he was wrong in his initial post. 
> (Though I'd agree it was easy to read the first couple of paras and
> think he had it wrong.)
> ---
> Can we all agree that without the winbind enum line, you can't just
> do a getent group/passwd and get a full listing of all the group/user
> records in AD, but you CAN get individual records by specifying them?

I would agree with that.

> And as the wiki says (or should/may have said before it was hosed)
> the enum lines should generally only be used for
> troubleshooting/debugging since they place more load on the DC's -
> especially for large AD data-sets.

It used to say this:

For testing purposes only (remove for production), add these lines:

   winbind enum users = yes
   winbind enum groups = yes

	The above lines just make 'getent passwd' and 'getent group'
display all domain users and groups, they are not required for anything
else and Samba will work correctly and faster without them.

Eventually (when I get the information tidied up and reformatted) it
will say something similar.


More information about the samba mailing list