Rowland Penny
2023-Apr-26 15:34 UTC
[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
On 26/04/2023 16:24, Gary Dale via samba wrote:>> > > Further to above, I tried the testing it suggested and got this: > root at transponder:~# wbinfo -g > domain controllers > domain computers > group policy creator owners > dnsadmins > denied rodc password replication group > protected users > schema admins > read-only domain controllers > enterprise admins > allowed rodc password replication group > domain admins > ras and ias servers > enterprise read-only domain controllers > dnsupdateproxy > cert publishers > domain guests > domain users > root at transponder:~# wbinfo -u > krbtgt > gary > guest > administrator > > which clearly are from the domain - I don't have a local user named > "gary", for example. However the getent tests only show the local users, > which is also what I get when I use it to find domain users - it fails > to find them. > >Have you been running commands such as 'getent passwd' and 'getent group' and not getting any domain users or groups ? If so, this is by design, try something like 'getent passwd gary' Rowland
Gary Dale
2023-Apr-26 17:27 UTC
[Samba] DNS problems (still) with Linux domain members - using Samba's internal DNS backend
On 2023-04-26 11:34, Rowland Penny via samba wrote:> > > On 26/04/2023 16:24, Gary Dale via samba wrote: >>> >> >> Further to above, I tried the testing it suggested and got this: >> root at transponder:~# wbinfo -g >> domain controllers >> domain computers >> group policy creator owners >> dnsadmins >> denied rodc password replication group >> protected users >> schema admins >> read-only domain controllers >> enterprise admins >> allowed rodc password replication group >> domain admins >> ras and ias servers >> enterprise read-only domain controllers >> dnsupdateproxy >> cert publishers >> domain guests >> domain users >> root at transponder:~# wbinfo -u >> krbtgt >> gary >> guest >> administrator >> >> which clearly are from the domain - I don't have a local user named >> "gary", for example. However the getent tests only show the local >> users, which is also what I get when I use it to find domain users - >> it fails to find them. >> >> > > Have you been running commands such as 'getent passwd' and 'getent > group' and not getting any domain users or groups ? > If so, this is by design, try something like 'getent passwd gary' > > Rowland >No. I am running the tests suggested by the various Samba wiki pages. I can do a getent passwd <local account> on my workstation and on my file & print server but I can't do a getent passwd <domain account> except on my DC. I explicitly showed that in the message before the one you replied to. I also showed how I can't do a login to a domain account except on the DC. This failure to get domain account information seems likely to be at the heart of the problems I'm having.