Web lists-archives.com

Re: [Samba] wbinfo -i returns the same id for all users, authentication doesn't seem to go through winbind at all




Le Sat, 18 Feb 2017 13:18:53 +0000
Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> écrivait:

> On Sat, 18 Feb 2017 13:50:52 +0100
> Emmanuel Florac via samba <samba@xxxxxxxxxxxxxxx> wrote:
> 
> > Le Sat, 18 Feb 2017 13:20:52 +0100
> > Emmanuel Florac via samba <samba@xxxxxxxxxxxxxxx> écrivait:
> > 
> > 
> > I've added 
> > 
> > idmap config * : backend = tdb
> > idmap config * : range = 10000-30000
> > 
> > to smb.conf, and now 'wbinfo -i TESTDOMAIN\\user' returns correct
> > ids.  
> 
> Don't rely on 'wbinfo' it is meaningless to the underlying OS, use
> 'getent' instead.
> 

OK, but getent and id return with error (id: no such user, getent:
return code 2). On the systems I've previously set up similarly
(Wheezy/Samba 3.6), id and getent work.

> > 
> > I've found in the FAQ a mention of this, however it's obsolete:  
> 
> Which FAQ, where ?
> 

This one:
https://wiki.samba.org/index.php/FAQ

> > 
> > I have set up a domain member using the idmap_ad backend, but getent
> > passwd and getent group does not show users or groups  
> 
> This is correct, think about it, what if you 500,000 users or more ?

What about 'getent passwd SOMEUSER' ? shouldn't it work?

> > These options are not recognized by 'testparm'. 
> > 
> >   
> 
> Yes they are.

Obviously not in the standard Debian stable version (4.2.14) at least:

# testparm 
Load smb config files from /etc/samba/smb.conf
Unknown parameter encountered: "winbind enumerate users"
Ignoring unknown parameter "winbind enumerate users"
Unknown parameter encountered: "winbind enumerate groups"
Ignoring unknown parameter "winbind enumerate groups"
Processing section "[DATA]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions


-- 
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac@xxxxxxxxxxxxxx>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------

Attachment: pgphODv2kg9xp.pgp
Description: Signature digitale OpenPGP

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba