samba - Nov 2016 - getent only displays local users & groups

Getent will only show accounts with a uidnumber and gidnumber. Administrator in
new install does not have these.

Sent from my android device.

-----Original Message-----
From: Henry via samba <samba at lists.samba.org>
To: samba at lists.samba.org
Sent: Thu, 24 Nov 2016 3:21
Subject: [Samba] getent only displays local users & groups

I have read numerous posts regarding this issue without finding a
resolution. I have a fresh Samba AD DC & a Samba Member server. the
member server has been setup using idmap config ad

wbinfo -u & wbinfo -g both work and list the domain users & groups
getent passwd & getent group both only display the local member server
users and groups

From what I have read I understand getent passwd & getent group should
display the domain users & groups. "getent passwd administrator"
returns nothing

Any help would be greatly appreciated...



root at ares:/# cat /etc/samba/smb.conf
# Global parameters
[global]
    workgroup = SAMDOM
    realm = INT.SAMDOM.COM.AU
    netbios name = ARES
    server role = active directory domain controller
    dns forwarder = 192.168.1.254
    idmap_ldb:use rfc2307 = yes

[netlogon]
    path = /var/lib/samba/sysvol/int.samdom.com.au/scripts
    read only = No

[sysvol]
    path = /var/lib/samba/sysvol
    read only = No



root at aphrodite:/# cat /etc/samba/smb.conf
[global]
       security = ADS
       workgroup = SAMDOM
       realm = INT.SAMDOM.COM.AU

       log file = /var/log/samba/%m.log
       log level = 1

       # Default idmap config used for BUILTIN and local windows accounts/groups
       idmap config *:backend = tdb
       idmap config *:range = 2000-9999

       # idmap config for domain SAMDOM
       idmap config SAMDOM:backend = ad
       idmap config SAMDOM:schema_mode = rfc2307
       idmap config SAMDOM:range = 10000-99999

       # Use settings from AD for login shell and home directory
       winbind nss info = rfc2307



root at aphrodite:/# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed,
try:
# `info libc "Name Service Switch"' for information about this
file.

#passwd:         compat
passwd:         files winbind
#group:          compat
group:          files winbind
shadow:         compat
gshadow:        files

hosts:          files dns
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba
--
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
This email is not intended to, nor should it be taken to, constitute advice.
The information provided is correct to our knowledge & belief and must not
be used as a substitute for obtaining tax, regulatory, investment, legal or
any other appropriate advice.

"Transact" is operated by Integrated Financial Arrangements Ltd.
29 Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300.
(Registered office: as above; Registered in England and Wales under
number: 3727592). Authorised and regulated by the Financial Conduct
Authority (entered on the Financial Services Register; no. 190856)