[Samba] idmap ad question

Rowland Penny rpenny at samba.org
Mon Feb 13 18:41:32 UTC 2023



On 13/02/2023 18:26, Vaughan, Robert J via samba wrote:

> I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts

Provided that the users you want to be visible to Unix have a uidNumber 
attribute containing a unique number inside the 225-999999 range and 
Domain Users has a gidNumber attribute with a number inside the same 
range, it should work.

For it to work, it also depends on /etc/nsswitch.conf being set up 
correctly and the winbind links being set up. You have not told us what 
OS you are using, but if this was Debian, it would require the 
libnss-winbind and libpam-winbind packages. To configure 
/etc/nsswitch.conf, you need to add 'winbind' to the 'passwd' and 
'group' lines.

You could also try running 'net cache flush' just in case it is a cache 
problem.

Rowland




More information about the samba mailing list