[Samba] idmap ad question

Vaughan, Robert J vaughar2 at gdls.com
Mon Feb 13 18:54:09 UTC 2023

> I should mention, I can ssh into the server using my AD creds and the one test share I setup also maps fine, so it all seems to be working, was just curious why 'getent passwd' does not show AD accounts

>>Provided that the users you want to be visible to Unix have a uidNumber 
>>attribute containing a unique number inside the 225-999999 range and 
>>Domain Users has a gidNumber attribute with a number inside the same 
>>range, it should work.

Yes and yes, and does not work

>>For it to work, it also depends on /etc/nsswitch.conf being set up 
>>correctly and the winbind links being set up. You have not told us what 
>>OS you are using, but if this was Debian, it would require the 
>>libnss-winbind and libpam-winbind packages. To configure 
>>/etc/nsswitch.conf, you need to add 'winbind' to the 'passwd' and 
>>'group' lines.

nsswitch.conf has 'files winbind' for the passwd, shadow and group lines

What does it mean 'winbind links set up'?

OS is Red Hat 7.  Any idea in those packages if I might be missing something?

>>You could also try running 'net cache flush' just in case it is a cache 

Yes tried that a few times now with no luck

Robert Vaughan

This is an e-mail from General Dynamics Land Systems. It is for the intended recipient only and may contain confidential and privileged information.  No one else may read, print, store, copy, forward or act in reliance on it or its attachments.  If you are not the intended recipient, please return this message to the sender and delete the message and any attachments from your computer. Your cooperation is appreciated.

More information about the samba mailing list