samba - Feb 2015 - getent passwd not return the same number of records from a call to another call

Hello

On AD Server :
--------------------

We have migrated from S3 to S4 with samba-tools classicupgrade. All is 
ok : bind9, winbind but getent has a strange behavior.

getent passwd doesn't return the same number of records. So a AD user 
can be not present in the response of getent !!!!

it can have a big difference of records returned from a call to another 
call of getent passwd ...

On the other hand, wbinfo -u returns always the same number of records.

What can be the problem ?

(I'm on a debian jessie, rfc2307 is on, and the installation of samba 
has been done by apt-get ... )


On AD domain member :
--------------------------------

We have the same problem (same distribution and installation). 
Futhermore, "getent group" returns some groups with the same ID.

Maybe problems are bounded.


Regards

On 24/02/15 19:53, Herv? H?noch wrote:
> Hello
>
> On AD Server :
> --------------------
>
> We have migrated from S3 to S4 with samba-tools classicupgrade. All is 
> ok : bind9, winbind but getent has a strange behavior.
>
> getent passwd doesn't return the same number of records. So a AD user 
> can be not present in the response of getent !!!!
>
> it can have a big difference of records returned from a call to 
> another call of getent passwd ...
>
> On the other hand, wbinfo -u returns always the same number of records.
>
> What can be the problem ?
>
> (I'm on a debian jessie, rfc2307 is on, and the installation of samba 
> has been done by apt-get ... )
>
>
> On AD domain member :
> --------------------------------
>
> We have the same problem (same distribution and installation). 
> Futhermore, "getent group" returns some groups with the same ID.
>
> Maybe problems are bounded.
>
>
> Regards
>
>
Hi, I think that we need to see the smb.conf from both your machines.
It is normal to get more users from 'wbinfo -u' than 'getent
passwd',
but you should be able to see all your users via getent, as long as they 
have uidNumbers that are within the range set in smb.conf. What is more 
worrying is that you have groups with the same ID, you may have to 
resort ldbmodify to fix this.

Rowland

Hello Herv?,
 
what's your way of resolution? Are you using winbind, sssd,...?

Regards
Tim

Am 24. Februar 2015 20:53:15 MEZ, schrieb "Herv? H?noch" <h.henoch
at isc84.org>:
>Hello
>
>On AD Server :
>--------------------
>
>We have migrated from S3 to S4 with samba-tools classicupgrade. All is 
>ok : bind9, winbind but getent has a strange behavior.
>
>getent passwd doesn't return the same number of records. So a AD user 
>can be not present in the response of getent !!!!
>
>it can have a big difference of records returned from a call to another
>
>call of getent passwd ...
>
>On the other hand, wbinfo -u returns always the same number of records.
>
>What can be the problem ?
>
>(I'm on a debian jessie, rfc2307 is on, and the installation of samba 
>has been done by apt-get ... )
>
>
>On AD domain member :
>--------------------------------
>
>We have the same problem (same distribution and installation). 
>Futhermore, "getent group" returns some groups with the same ID.
>
>Maybe problems are bounded.
>
>
>Regards
>
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

Here is my smb.conf (on member domain) :

idmap config * : backend = tdb
idmap config * : range = 2000-9999
idmap config * : schema_mode = rfc2307
idmap config DOMAIN : backend = ad
idmap config DOMAIN : schema-_mode = rfc2307
idmap config DOMAIN : range = 10000-999999

winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes

getent group | grep 700001 gives :
domain users:x:70001:
info:x:70001:toto,titi,tutu

Same group id !!!



Le 24/02/2015 21:34, Tim a ?crit :
> Hello Herv?,
>
> what's your way of resolution? Are you using winbind, sssd,...?
>
> Regards
> Tim
>
> Am 24. Februar 2015 20:53:15 MEZ, schrieb "Herv? H?noch" 
> <h.henoch at isc84.org>:
>
>     Hello
>
>     On AD Server :
>     --------------------
>
>     We have migrated from S3 to S4 with samba-tools classicupgrade. All is
>     ok : bind9, winbind but getent has a strange behavior.
>
>     getent passwd doesn't return the same number of records. So a AD
user
>     can be not present in the response of getent !!!!
>
>     it can have a big difference of records returned from a call to another
>     call of getent passwd ...
>
>     On the other hand, wbinfo -u returns always the same number of records.
>
>     What can be the problem ?
>
>     (I'm on a debian jessie, rfc2307 is on, and the installation of
samba
>     has been done by apt-get ... )
>
>
>     On AD domain member :
>    
------------------------------------------------------------------------
>
>
>     We have the same problem (same distribution and installation).
>     Futhermore, "getent group" returns some groups with the same
ID.
>
>     Maybe problems are bounded.
>
>
>     Regards
>
-- 

Herv? H?noch
Responsable informatique
Institut Sainte Catherine
250 chemin de Baigne-Pieds
CS 80005 ? 84918 AVIGNON cedex 9
T?l?phone : 04.90.27.57.44

really, this getent with grep should not return anyting. 

because : 700001 is not 70001   ;-) 
>getent group | grep 700001 gives :
>domain users:x:70001:
>info:x:70001:toto,titi,tutu
exist both groups only in the AD DC directory, or are ther also linux groups
here.
are both assigned a GID how? 

Greetz, 

Louis

>-----Oorspronkelijk bericht-----
>Van: h.henoch at isc84.org [mailto:samba-bounces at lists.samba.org] 
>Namens Herv? H?noch
>Verzonden: woensdag 25 februari 2015 9:19
>Aan: Tim; samba at lists.samba.org
>Onderwerp: Re: [Samba] getent passwd not return the same 
>number of records from a call to another call
>
>Here is my smb.conf (on member domain) :
>
>idmap config * : backend = tdb
>idmap config * : range = 2000-9999
>idmap config * : schema_mode = rfc2307
>idmap config DOMAIN : backend = ad
>idmap config DOMAIN : schema-_mode = rfc2307
>idmap config DOMAIN : range = 10000-999999
>
>winbind nss info = rfc2307
>winbind trusted domains only = no
>winbind use default domain = yes
>winbind enum users = yes
>winbind enum groups = yes
>winbind refresh tickets = yes
>
>getent group | grep 700001 gives :
>domain users:x:70001:
>info:x:70001:toto,titi,tutu
>
>Same group id !!!
>
>
>
>Le 24/02/2015 21:34, Tim a ?crit :
>> Hello Herv?,
>>
>> what's your way of resolution? Are you using winbind, sssd,...?
>>
>> Regards
>> Tim
>>
>> Am 24. Februar 2015 20:53:15 MEZ, schrieb "Herv? H?noch" 
>> <h.henoch at isc84.org>:
>>
>>     Hello
>>
>>     On AD Server :
>>     --------------------
>>
>>     We have migrated from S3 to S4 with samba-tools 
>classicupgrade. All is
>>     ok : bind9, winbind but getent has a strange behavior.
>>
>>     getent passwd doesn't return the same number of records. 
>So a AD user
>>     can be not present in the response of getent !!!!
>>
>>     it can have a big difference of records returned from a 
>call to another
>>     call of getent passwd ...
>>
>>     On the other hand, wbinfo -u returns always the same 
>number of records.
>>
>>     What can be the problem ?
>>
>>     (I'm on a debian jessie, rfc2307 is on, and the 
>installation of samba
>>     has been done by apt-get ... )
>>
>>
>>     On AD domain member :
>>     
>---------------------------------------------------------------
>---------
>>
>>
>>     We have the same problem (same distribution and installation).
>>     Futhermore, "getent group" returns some groups with the
same ID.
>>
>>     Maybe problems are bounded.
>>
>>
>>     Regards
>>
>
>-- 
>
>Herv? H?noch
>Responsable informatique
>Institut Sainte Catherine
>250 chemin de Baigne-Pieds
>CS 80005 ? 84918 AVIGNON cedex 9
>T?l?phone : 04.90.27.57.44
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba
>