Web lists-archives.com

Re: [Samba] getent group not working on new domain member

Rowland Penny via samba <samba@xxxxxxxxxxxxxxx> wrote:

> On Sat, 08 Jul 2017 12:47:13 -0400
> Mark Foley via samba <samba@xxxxxxxxxxxxxxx> wrote:
> > I have a troubling circumstance. I've installed a new domain member
> > running Slackware64 14.2. This computer is practically a clone of
> > another domain member I've had set up and running for over a year.
> > 
> > Most everything seems to work. I have joined the domain and it does
> > show up as a domain computer. The domain user can log onto the
> > computer just fine. I can run `wbinfo -u`, `wbinfo -g` and `getent
> > passwd myuser`. All return the correct information.
> > 
> > What I cannot run is `getent group Domain\ Users`. I get nothing why
> > I try. I can run this w/o problem on the other domain member. It
> > doesn't seem to be affecting functionality so far, but the fact that
> > it doesn't return my Domain Users info worrys me that something is
> > broken.
> > 
> > I do have "group: compat windbind" in nsswitch.conf.
> > 
> > Any ideas as to what I should do or where I should look?
> > 
> > --Mark
> > 

> If one Unix domain member works, but another set up exactly the same
> doesn't, usually means one of two things. You haven't set up the second
> one correctly, or something has changed in Samba.
> Can you post your smb.conf and tell us what versions of Samba you are
> using on the two machines.
> Rowland

Both systems: Slackware64 14.2, Samba 4.4.13

Working system kernel 4.4.19
Non-working system kernel 4.4.75

smb.conf, same on both systems:

        realm = HPRS.LOCAL
        workgroup = HPRS
        usershare allow guests = Yes
        usershare max shares = 10
        security = ADS
        template shell = /bin/bash

  idmap config *:backend = tdb
  idmap config *:range = 2000-9999
  idmap config HPRS:backend = ad
  idmap config HPRS:schema_mode = rfc2307
  idmap config HPRS:range = 10000-10099

       winbind enum groups = Yes
        winbind enum users = Yes
        winbind nss info = rfc2307
        winbind offline logon = Yes
        winbind refresh tickets = Yes
        winbind use default domain = Yes

To ACR ACR's comment about the libnss_winbind.so* links, yes I have those.

THX --Mark

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba