Web lists-archives.com

Re: [Samba] Samba 3.6 'getent passwd user' not working




On Mon, 26 Feb 2018 17:06:33 +0100
Stefan Kania via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hello,
> 
> I have a Samba 3.6 server (MUST stay at 3.6) and I want to user the
> "ad" backend for usermapping. Here is my smb.conf:
> --------------
> [global]
> security = ADS
> workgroup = example
> realm = EXAMPLE.NET
> loglevel = 4
> 
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> idmap config * : backend = tdb
> idmap config * : range = 5000-7999
> idmap config EXAMPLE : backend = ad
> idmap config EXAMPLE : schema_mode = rfc2307
> idmap config EXAMPLE : range = 100000-399999
> template shell = /bin/bash
> template homedir = /home/%U
> --------------
> 
> It's a CentOS 6 System libnss_winbind is installed, I use the
> packages from the distribution. "wbinfo -u" is showing all users:
> --------------
> [root@samba3 ~]# wbinfo -u
> administrator
> tuser
> dns-dc1
> krbtgt
> guest
> stka
> --------------
> 
> A "getent passwd stka" is showing nothing. If I do a "wbinfo
> --verbose -i stka" I will see the following errormessage:
> --------------
> [root@samba3 ~]# wbinfo --verbose -i stka
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user stka
> --------------
> 
> The user has all the required Unix attributes set in AD, also the 
> default group has a UIDNumber set in AD.

When you say the user has all the required Unix attributes, I take it
you mean the user has a uidNumber attribute (at least) containing a
unique number inside the 100000-399999 range and that Domain Users has
a gidNumber attribute containing a number inside the same range.

Have you added 'winbind' to the passwd & group lines
in /etc/nsswitch.conf ?

Is winbind installed ?

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba