samba - Oct 2007 - getent passwd not listing domain users, nsswitch.conf is configured

Using Samba 3.0.25c on OpenSolaris nv72.

wbinfo -u lists domain users as expected.
getent passwd only lists local users.
nsswitch.conf has the following lines:
    passwd:     files winbind
    group:      files winbind

My smb.conf is below. Where should I start to troubleshoot?

[global]
 realm = FNB.LOCAL
 workgroup = FNB
 security = ADS
 use kerberos keytab = true
; password server = my-server.fnb.local
 encrypt passwords = yes
 server string = Samba ADS
 client use spnego = yes

# winbind configuration:
 winbind use default domain = yes
 winbind nested groups = yes
 idmap backend = ad
 winbind nss info = rfc2307
 winbind separator = /
 winbind enum users = yes
 winbind enum groups = yes
# idmap uid = 10000-20000
# idmap gid = 10000-20000
 ; template homedir = /samba/pchome/%D/%U

#  idmap domains = FNB
#  idmap config FNB:default = yes
#  idmap config FNB:backend = tdb
#  idmap config FNB:range = 10000-20000
# this tells Samba to use a separate log file for each machine
# that connects
   log file = /var/samba/log/log.%m
   log level = 10
# Put a capping on the size of the log files (in Kb).
   max log size = 1024

# Most people will find that this option gives better performance.
# See the chapter 'Samba performance issues' in the Samba HOWTO
Collection
# and the manual pages for details.
;   socket options = TCP_NODELAY

>
>  Peter,
>
>  Comment the "idmap backend" and "winbind nss info"
parameters to let
> samba/winbind use the defaults.  If it now works, this means that samba was
> not retrieving the info from the AD server.
>  I ran into this problem, gave up, and used the defaults.  You may be more
> persistent than me and prefer to dig deeper.
>  Also, you will need to set values for "idmap uid" and
"idmap gid".  Try
> using the values that you currently have commented out.
>
Still no luck. Any other thoughts? I've tried running winbind in
interactive mode and didn't get any response from the getent command.
Where can I find log info?

-- 
Pete

On 10/17/07, Peter Baumgartner <sgt.hulka@gmail.com>
wrote:
> Using Samba 3.0.25c on OpenSolaris nv72.
>
> wbinfo -u lists domain users as expected.
> getent passwd only lists local users.
> nsswitch.conf has the following lines:
>     passwd:     files winbind
>     group:      files winbind
>
> My smb.conf is below. Where should I start to troubleshoot?
Hi,

this also recently came up in a thread I started (called "default
kerberos realm??"). It may have multiple reasons.

-- 
Frank Van Damme   A: Because it destroys the flow of the conversation
                  Q: Why is it bad?
                  A: No, it's bad.
                  Q: Should I top post in replies to mails or on usenet?

This is one that took me a while to figure out. By default, the newer versions
of samba tell winbind not to enumerate users or groups, because this could cause
a performance drop for large (10000+ users I believe) networks. The way to fix
this is to set these two options in smb.conf:
 
winbind enum users = yes
winbind enum groups = yes
 
Hope that helps some.> Date: Wed, 17 Oct 2007 11:03:13 -0600> From:
sgt.hulka@gmail.com> To: samba@lists.samba.org> Subject: [Samba] getent
passwd not listing domain users, nsswitch.conf is configured> > Using
Samba 3.0.25c on OpenSolaris nv72.> > wbinfo -u lists domain users as
expected.> getent passwd only lists local users.> nsswitch.conf has the
following lines:> passwd: files winbind> group: files winbind> > My
smb.conf is below. Where should I start to troubleshoot?> > [global]>
realm = FNB.LOCAL> workgroup = FNB> security = ADS> use kerberos keytab
= true> ; password server = my-server.fnb.local> encrypt passwords =
yes> server string = Samba ADS> client use spnego = yes> > # winbind
configuration:> winbind use default domain = yes> winbind nested groups =
yes> idmap backend = ad> winbind nss info = rfc2307> winbind separator
= /> winbind enum users = yes> winbind enum groups = yes> # idmap uid =
10000-20000> # idmap gid = 10000-20000> ; template homedir =
/samba/pchome/%D/%U> > # idmap domains = FNB> # idmap config
FNB:default = yes> # idmap config FNB:backend = tdb> # idmap config
FNB:range = 10000-20000> # this tells Samba to use a separate log file for
each machine> # that connects> log file = /var/samba/log/log.%m> log
level = 10> # Put a capping on the size of the log files (in Kb).> max log
size = 1024> > # Most people will find that this option gives better
performance.> # See the chapter 'Samba performance issues' in the
Samba HOWTO Collection> # and the manual pages for details.> ; socket
options = TCP_NODELAY> -- > To unsubscribe from this list go to the
following URL and read the> instructions:
https://lists.samba.org/mailman/listinfo/samba
_________________________________________________________________
Climb to the top of the charts!? Play Star Shuffle:? the word scramble challenge
with star power.
http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_oct