Thomas Leavitt
2008-Jun-03 18:10 UTC
[Samba] wbinfo -u lists ADS users without domain, getent passwd returns only local users
I'm using Samba/Winbind for single-sign on in a network where Active
Directory is the authoritative authentication source. The active
directory server is Windows 2003 with Services for Unix installed so
that the schema is extended and the management interface has a "Unix
Attributes" tab.
wbinfo -u produces a list of users, without a DOMAIN+ prefix.
getent passwd lists only local users
although
getent passwd username produces the proper info. Same behavior for
groups.
Could SELinux interference be the problem? This happens even after I
completely disable it, leave the domain, and then rejoin the domain and
restart everything.
Everything is "working", but this strikes me as incorrect behavior.
Here's a dump of my samba config
[global]
workgroup = BLAH
realm = BLAHHQ.BLAH-INC.COM
server string = Samba Server Version %v
security = ADS
auth methods = winbind
password server = BLAH-DC-02.BLAHHQ.BLAH-INC.COM
BLAH-DC-04.BLAHHQ.BLAH-INC.COM
idmap domains = BLAHHQ.BLAH-INC.COM
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template homedir = /home/%U
template shell = /bin/bash
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = sfu
idmap config BLAHHQ.BLAH-INC.COM:range = 10000-40000
idmap config BLAHHQ.BLAH-INC.COM:backend = ad
idmap config BLAHHQ.BLAH-INC.COM:default = yes
idmap config BLAHHQ.BLAH-INC.COM:schema_mode = sfu
[homes]
comment = Home Directories
valid users = BLAHHQ.BLAH-INC.COM+%S
read only = No
browseable = No
nsswitch.conf lists "files winbind"
There's nothing particularly exotic going on here, as far as I can tell
(other than the hassle created by SELinux). What am I missing? If y'all
need more info, please tell me.
Regards,
Thomas Leavitt
Maybe Matching Threads
- SELinux and samba/winbind w/ADS on RHEL 4.6
- getent passwd and wbinfo -u returns machine names too
- getent passwd & wbinfo -u not working
- the winbind problem, 'wbinfo -u' have the user but 'getent passwd' haven't the user
- wbinfo -u works, getent passwd doesn't (samba 3.0.22 and 3.0.23rc1)
Wisdom of the Ancients
