Web lists-archives.com

Re: [Samba] getent passwd user no output, addc + dm

On Fri, 17 Feb 2017 07:02:23 -0600
Lin Pro <linforpros@xxxxxxxxx> wrote:

> Hi, thank for the reply. Here is the smb.conf on the Domain Member
> [global]
> idmap uid = 10000-20000
> idmap gid = 10000-20000

Remove  the above lines, they are replaced by the 'idmap config' lines
and you shouldn't have both.

> client use spnego = yes
> client ntlmv2 auth = yes
> encrypt passwords = yes

You might as well remove these, they are the default settings.

> I added "password server" thinking that it will help, to no avail.

You should let Samba find the password server, so you should remove it.

> Anythink else I should be aware of?
> The worst thing is I tried with prestine fedora image, done everything
> along the lines of the wiki for Domain Member and was stopped at the
> same issue. What is wrong?
> What does successful net ads join -U administrator tell us? Shouldn't
> it check for winbind?

I think you are falling into thinking because 'wbinfo -u' is working
(by the way, this shows winbind is working) that 'getent passwd user'
will as well, without doing anything else.
You are using the winbind 'ad' backend, do your users have a
'uidNumber' attribute containing a unique number inside the range
'10000-999999' ?
Does 'Domain Users' have a 'gidNumber' attribute inside the same range ?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba