Hi there.
Feel like I'm getting nowhere.
Code:
FreeBSD samba 3.6.6 ; connected to a Windows 2008 R2 AD
wbinfo -u and wbinfo -g will properly show all the users and groups ;
but for some reasons, I can get getent with winbind to show any
users...
I've must have tried over 100 different configuration, read all the
tutorials I could find ; I never got it to work :(
smb.conf:
[global]
security = ADS
workgroup = MEL
realm = mel.domain.com
wins server = ad.domain.com
password server = ad.domain.com
winbind uid = 1000 - 20000
winbind gid = 1000 - 20000
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind refresh tickets = Yes
winbind nested groups = No
#winbind separator = +
idmap uid = 1000 - 20000
idmap gid = 1000 - 20000
idmap config MEL : backend = rid
idmap config MEL : base_rid = 1000
idmap config MEL : range = 1000 - 20000
map untrusted to domain = Yes
I also compiled samba with -DDEBUG_NSS in order to determine what was going on.
wbinfo -u and wbinfo -g properly shows all the username and groups
defined on the AD
however, getent passwd only return the local users:
Code:
group: files winbind
#group_compat: ldap
hosts: files dns
networks: files
passwd: files winbind
#passwd: compat
#passwd_compat: winbind
shells: files
services: files
protocols: files
rpc: files
getend passwd returns:
Code:
# getent passwd
[22522]: endpwent
[22522]: endpwent returns NSS_STATUS_SUCCESS (1)
... list of local users
[22522]: getpwent
[22522]: getpwent returns NSS_STATUS_NOTFOUND (0)
[22522]: setpwent
[22522]: setpwent returns NSS_STATUS_SUCCESS (1)
That is shows the debug information leads me to believe that
nss_winbind is properly called.
Code:
# net ads info
LDAP server: 192.168.0.3
LDAP server name: ad.domain.com
Realm: MEL.DOMAIN.COM
Bind Path: dc=MEL,dc=DOMAIN,dc=COM
LDAP port: 389
Server time: Sat, 05 Feb 2011 20:13:24 EST
KDC server: 192.168.0.3
Server time offset: 9
So what am i missing ????
Thank you for your help
Jean-Yves