On Wed, 2021-10-13 at 08:23 -0500, K.R. Foley wrote:> On 2021-10-13 08:19, Rowland Penny via samba wrote: > > On Wed, 2021-10-13 at 08:08 -0500, K. R. Foley via samba wrote: > > > On 10/13/21 1:38 AM, J?rgen Echter wrote: > > > > Hi, > > > > > > > > Am Mittwoch, Oktober 13, 2021 05:10 CEST, schrieb "K. R. Foley > > > > via > > > > samba" <samba at lists.samba.org>: > > > > > Hi, > > > > > > > > > > Should "getent passwd SAMDOM\\demo01" work from a Linux AD > > > > > member? > > > > > > > > > > > > > > > AD server running on CentOS Linux 7 > > > > > > > > > > Samba 4.11.13 built from source > > > > > > > > > > > > > > > Member server running on CentOS Linux 7 > > > > > > > > > > Samba 4.11.13 built from source > > > > > > > > > > Configured following > > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member. > > > > > > > > > > Joined using "# net ads join -U administrator" without > > > > > issue. > > > > > > > > > > "# wbinfo --ping-dc" works and reports the domain info > > > > > correctly. > > > > > > > > > > "getent passwd <local user>" works fine > > > > > > > > > > "getent passwd SAMDOM\\<domain user>" returns nothing. > > > > > > > > > > "getent group SAMDOM\\Domain Users" returns nothing. > > > > > > > > > > > > > > > Should this work? Any help troubleshooting this would be > > > > > appreciated. > > > > > > > > > > Thanks, > > > > > > > > > > kr > > > > > > > > > > > > > > > -- > > > > > To unsubscribe from this list go to the following URL and > > > > > read > > > > > the > > > > > instructions: https://lists.samba.org/mailman/options/samba > > > > maybe you missed something here: > > > > > > > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_the_Name_Service_Switch > > > > > > Thanks for your reply. I have configured nsswitch.conf. See > > > below: > > > > > > #passwd: files sss winbind > > > passwd: files winbind > > > shadow: files sss > > > #group: files sss winbind > > > group: files winbind > > > > > > Thanks, > > > > Are you using sssd on the computer as well ? > > > > Rowland > > > > I think it does by default on CentOS. As you can see above I tried > it > with/without sss in nsswitch.conf. Could this be causing a problem? > >Sorry, but as this always leads to a massive discussion (I know very little about sssd and believe it shouldn't be used with Samba), I cannot continue to help you whilst you use sssd. Rowland
On 10/13/21 08:48, Rowland Penny via samba wrote:> On Wed, 2021-10-13 at 08:23 -0500, K.R. Foley wrote: >> On 2021-10-13 08:19, Rowland Penny via samba wrote: >>> On Wed, 2021-10-13 at 08:08 -0500, K. R. Foley via samba wrote: >>>> On 10/13/21 1:38 AM, J?rgen Echter wrote: >>>>> Hi, >>>>> >>>>> Am Mittwoch, Oktober 13, 2021 05:10 CEST, schrieb "K. R. Foley >>>>> via >>>>> samba" <samba at lists.samba.org>: >>>>>> Hi, >>>>>> >>>>>> Should "getent passwd SAMDOM\\demo01" work from a Linux AD >>>>>> member? >>>>>> >>>>>> >>>>>> AD server running on CentOS Linux 7 >>>>>> >>>>>> Samba 4.11.13 built from source >>>>>> >>>>>> >>>>>> Member server running on CentOS Linux 7 >>>>>> >>>>>> Samba 4.11.13 built from source >>>>>> >>>>>> Configured following >>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member. >>>>>> >>>>>> Joined using "# net ads join -U administrator" without >>>>>> issue. >>>>>> >>>>>> "# wbinfo --ping-dc" works and reports the domain info >>>>>> correctly. >>>>>> >>>>>> "getent passwd <local user>" works fine >>>>>> >>>>>> "getent passwd SAMDOM\\<domain user>" returns nothing. >>>>>> >>>>>> "getent group SAMDOM\\Domain Users" returns nothing. >>>>>> >>>>>> >>>>>> Should this work? Any help troubleshooting this would be >>>>>> appreciated. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> kr >>>>>> >>>>>> >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and >>>>>> read >>>>>> the >>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> maybe you missed something here: >>>>> >>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_the_Name_Service_Switch >>>> >>>> Thanks for your reply. I have configured nsswitch.conf. See >>>> below: >>>> >>>> #passwd: files sss winbind >>>> passwd: files winbind >>>> shadow: files sss >>>> #group: files sss winbind >>>> group: files winbind >>>> >>>> Thanks, >>> >>> Are you using sssd on the computer as well ? >>> >>> Rowland >>> >> >> I think it does by default on CentOS. As you can see above I tried >> it >> with/without sss in nsswitch.conf. Could this be causing a problem? >> >> > > Sorry, but as this always leads to a massive discussion (I know very > little about sssd and believe it shouldn't be used with Samba), I > cannot continue to help you whilst you use sssd. >What id mapping are you using in smb.conf? Usually when I have this problem it's because the host has dropped out of the domain due to an expired Kerberos ticket.> Rowland > > >
On 10/13/21 8:48 AM, Rowland Penny via samba wrote:> On Wed, 2021-10-13 at 08:23 -0500, K.R. Foley wrote: >> On 2021-10-13 08:19, Rowland Penny via samba wrote: >>> On Wed, 2021-10-13 at 08:08 -0500, K. R. Foley via samba wrote: >>>> On 10/13/21 1:38 AM, J?rgen Echter wrote: >>>>> Hi, >>>>> >>>>> Am Mittwoch, Oktober 13, 2021 05:10 CEST, schrieb "K. R. Foley >>>>> via >>>>> samba" <samba at lists.samba.org>: >>>>>> Hi, >>>>>> >>>>>> Should "getent passwd SAMDOM\\demo01" work from a Linux AD >>>>>> member? >>>>>> >>>>>> >>>>>> AD server running on CentOS Linux 7 >>>>>> >>>>>> Samba 4.11.13 built from source >>>>>> >>>>>> >>>>>> Member server running on CentOS Linux 7 >>>>>> >>>>>> Samba 4.11.13 built from source >>>>>> >>>>>> Configured following >>>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member. >>>>>> >>>>>> Joined using "# net ads join -U administrator" without >>>>>> issue. >>>>>> >>>>>> "# wbinfo --ping-dc" works and reports the domain info >>>>>> correctly. >>>>>> >>>>>> "getent passwd <local user>" works fine >>>>>> >>>>>> "getent passwd SAMDOM\\<domain user>" returns nothing. >>>>>> >>>>>> "getent group SAMDOM\\Domain Users" returns nothing. >>>>>> >>>>>> >>>>>> Should this work? Any help troubleshooting this would be >>>>>> appreciated. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> kr >>>>>> >>>>>> >>>>>> -- >>>>>> To unsubscribe from this list go to the following URL and >>>>>> read >>>>>> the >>>>>> instructions: https://lists.samba.org/mailman/options/samba >>>>> maybe you missed something here: >>>>> >>>>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Configuring_the_Name_Service_Switch >>>> Thanks for your reply. I have configured nsswitch.conf. See >>>> below: >>>> >>>> #passwd: files sss winbind >>>> passwd: files winbind >>>> shadow: files sss >>>> #group: files sss winbind >>>> group: files winbind >>>> >>>> Thanks, >>> Are you using sssd on the computer as well ? >>> >>> Rowland >>> >> I think it does by default on CentOS. As you can see above I tried >> it >> with/without sss in nsswitch.conf. Could this be causing a problem? >> >> > Sorry, but as this always leads to a massive discussion (I know very > little about sssd and believe it shouldn't be used with Samba), I > cannot continue to help you whilst you use sssd. > > Rowland > > >I am just getting back to troubleshooting this. I do not think that sssd is enabled. In fact I do not think it is even installed on this system.