Web lists-archives.com

[Samba] AD Domain member - getent passwd truncated to only 18 users


Due to some legacy php app I have to integrate an Ubuntu 14.04 server on my AD structure. AD DC is a Ubuntu 18.04 with canonical packages running Samba 4.7 (4.7.6+dfsg~ubuntu-0ubuntu2.5) and member server runs Samba 4.3 (4.3.11+dfsg-0ubuntu0.14.04.19).

After installing the 14.04 member server, installed samba packages and dependencies according to wiki and no errors. I get all users on 'wbinfo -u' but 'getent passwd' returns exactly 18 users only.

I run '/usr/sbin/winbindd -F -S -i --no-process-group -d 4', asked for 'getent passwd', got only those 18 users and I have "ads query_user_list gave 235 entries" on winbindd output, which matches 'wbinfo -u | wc -l'. Asking 'id someuser' not listed on getent fails, 'id'ing one of those 18 users works fine.

I have no idea what to check next, appreciate any help or hint. I added winbind enum options and password server to smb.conf just for debug.

root@marte:~# cat /etc/nsswitch.conf
passwd:     compat winbind
group:      compat winbind
shadow:     compat

hosts:      files dns
networks:   files

protocols:  db files
services:   db files
ethers:     db files
rpc:        db files

netgroup:   nis
sudoers     files
root@marte:~# cat /etc/krb5.conf
default_realm = AD.TLD

AD.TLD = {
  kdc = eucalipto.ad.TLD

  .TLD      = AD.TLD
  TLD       = AD.TLD
 .kerberos.server = AD.TLD
root@marte:~# cat /etc/samba/smb.conf
    security = ADS
    netbios name = Marte
    realm = AD.TLD
    workgroup = A1

    log file = /var/log/samba/%m.log
    log level = 1

    winbind use default domain = yes
    idmap config * : backend = tdb
    idmap config * : range = 70000-70999

    idmap config A1 :backend = ad
    idmap config A1 :schema_mode = rfc2307
    idmap config A1 :range = 500-65300
    idmap config A1 :unix_nss_info = yes
    idmap config A1 :unix_primary_group = yes

    username map = /etc/samba/user.map

    local master = no
    domain master = no
    preferred master = no
    dns proxy = no
    encrypt passwords = yes
    winbind use default domain = yes
    winbind offline logon = false
    winbind separator = +
    winbind enum users = Yes
    winbind enum groups = Yes
    password server = eucalipto.ad.TLD

Thank you, best regards.

*Marcio Merlone*

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba