Web lists-archives.com

[Samba] `getent passwd` not working with ad backend




Hi all,
I've been reading and it seems like ad backend has many features that I'd like to use. However, despite browsing many forums and docs, I am still unable to get domain users list using `getent passwd` while using `ad backend`. If I change backend to tdb, then I can get usernames on the clients. Authentication works fine too when using `tdb backend`. I think the only issue is with the mapping part. Otherwise the domain is working pretty fine.

All boxes are running Debian Stretch.

===================================================
Server's smb.conf
===================================================
# Global parameters
[global]
netbios name = DC1
realm = SAMDOM.EXAMPLE.COM
workgroup = SAMDOM
dns forwarder = 10.0.5.200
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash

[netlogon]
path = /var/lib/samba/sysvol/samdom.example.com/scripts
read only = No

[sysvol]
path = /var/lib/samba/sysvol
read only = No

===================================================
Client's smb.conf
===================================================
[global]
netbios name = client1
realm = SAMDOM.EXAMPLE.COM
workgroup = SAMDOM
security = ADS
kerberos method = secrets and keytab
winbind trusted domains only = no
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nss info = rfc2307
#   FOR Samba-share `getent` testing
#    password server = dc1.samdom.example.com
#    client signing = auto
#    server signing = auto

idmap config * : backend = tdb
idmap config * : range = 10000-20000

idmap config SAMDOM : backend = ad
idmap config SAMDOM : range = 21000-200000
-------------------------------------------------------------------------

**With ad backend:**
1. wbinfo -u lists all domain users
2. `getent passwd` doesn't list domain users

**WIth tdb backend:**
1. wbinfo -u lists all domain users
2. `getent passwd` also lists all domain users

Just by commenting out the `idmap config SAMDOM` lines in the client's smb.conf, all other things start working such as `getent passwd`, authentication, etc.

I tried adding multiple Unix groups and users following instructions on Samba Wiki, but the result it always the same. I've been trying to sort it out for a couple of weeks and its now driving me insane.
Any help would be appreciated!

Kind regards,
Harp
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba