samba - Jul 2016 - Getent passwd doesn't show Domain Members

Dear Support-Team,

i have a problem regarding the function of winbind on a samba4 Active Directory
Domain Controller.

I installed samba4 from the standard debian sources. 
Made the domain provisioning and installed Kerberos. 
After that I installed winbind and linked the libnss_winbind.so.2 ->
libnss_winbind.so.
Wbinfo -u and wbinfo -g do work properly.

The strange thing is, that 
"getent passwd administrator" gives back this line:
"administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
So it seems that winbind is working properly, but getent passwd alone
doesn't show the local users (same for getent group).

Can you help me with this?

I tried several tutorials and I read a lot of mails regarding this topic but I
didn’t find a good answer to my problem.
I installed it in a lot of different orders (first winbind then samba, first
Kerberos then samba and then winbind... etc) after a lot of different
instructions.

Samba config:
[global]
	workgroup = PROCITEC
	realm = PROCITEC.DE
	netbios name = SAMBAPRO
	server role = active directory domain controller
	dns forwarder = 192.168.0.1
	idmap_ldb:use rfc2307 = yes
	registry shares = yes
	template homedir = /srv/samba/%D/%U

I edited the nsswitch.conf:
passwd:         compat winbind
group:          compat winbind

If you need further information please don’t hesitate to contact me

Kind regards

Timo Dachs-Wegmann

On 19/07/16 13:28, Timo Dachs-Wegmann wrote:
> Dear Support-Team,
>
> i have a problem regarding the function of winbind on a samba4 Active
Directory Domain Controller.
>
> I installed samba4 from the standard debian sources.
> Made the domain provisioning and installed Kerberos.
> After that I installed winbind and linked the libnss_winbind.so.2 ->
libnss_winbind.so.
> Wbinfo -u and wbinfo -g do work properly.
>
> The strange thing is, that
> "getent passwd administrator" gives back this line:
>
"administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
> So it seems that winbind is working properly, but getent passwd alone
doesn't show the local users (same for getent group).
>
> Can you help me with this?
>
> I tried several tutorials and I read a lot of mails regarding this topic
but I didn’t find a good answer to my problem.
> I installed it in a lot of different orders (first winbind then samba,
first Kerberos then samba and then winbind... etc) after a lot of different
instructions.
>
> Samba config:
> [global]
> 	workgroup = PROCITEC
> 	realm = PROCITEC.DE
> 	netbios name = SAMBAPRO
> 	server role = active directory domain controller
> 	dns forwarder = 192.168.0.1
> 	idmap_ldb:use rfc2307 = yes
> 	registry shares = yes
> 	template homedir = /srv/samba/%D/%U
>
> I edited the nsswitch.conf:
> passwd:         compat winbind
> group:          compat winbind
>
> If you need further information please don’t hesitate to contact me
>
> Kind regards
>
> Timo Dachs-Wegmann
>
>
>
>
Try adding:

winbind enum users = yes
winbind enum groups = yes

to smb.conf and restart samba.

Rowland

We already tried this without success...


Kind regards

Timo Dachs-Wegmann
-EDV- 

-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
penny
Gesendet: Dienstag, 19. Juli 2016 16:30
An: samba at lists.samba.org
Betreff: Re: [Samba] Getent passwd doesn't show Domain Members

On 19/07/16 13:28, Timo Dachs-Wegmann wrote:
> Dear Support-Team,
>
> i have a problem regarding the function of winbind on a samba4 Active
Directory Domain Controller.
>
> I installed samba4 from the standard debian sources.
> Made the domain provisioning and installed Kerberos.
> After that I installed winbind and linked the libnss_winbind.so.2 ->
libnss_winbind.so.
> Wbinfo -u and wbinfo -g do work properly.
>
> The strange thing is, that
> "getent passwd administrator" gives back this line:
>
"administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
> So it seems that winbind is working properly, but getent passwd alone
doesn't show the local users (same for getent group).
>
> Can you help me with this?
>
> I tried several tutorials and I read a lot of mails regarding this topic
but I didn’t find a good answer to my problem.
> I installed it in a lot of different orders (first winbind then samba,
first Kerberos then samba and then winbind... etc) after a lot of different
instructions.
>
> Samba config:
> [global]
> 	workgroup = PROCITEC
> 	realm = PROCITEC.DE
> 	netbios name = SAMBAPRO
> 	server role = active directory domain controller
> 	dns forwarder = 192.168.0.1
> 	idmap_ldb:use rfc2307 = yes
> 	registry shares = yes
> 	template homedir = /srv/samba/%D/%U
>
> I edited the nsswitch.conf:
> passwd:         compat winbind
> group:          compat winbind
>
> If you need further information please don’t hesitate to contact me
>
> Kind regards
>
> Timo Dachs-Wegmann
>
>
>
>
Try adding:

winbind enum users = yes
winbind enum groups = yes

to smb.conf and restart samba.

Rowland


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On 19/07/16 15:55, Timo Dachs-Wegmann wrote:
> We already tried this without success...
>
>
> Kind regards
>
> Timo Dachs-Wegmann
> -EDV-
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
penny
> Gesendet: Dienstag, 19. Juli 2016 16:30
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Getent passwd doesn't show Domain Members
>
> On 19/07/16 13:28, Timo Dachs-Wegmann wrote:
>> Dear Support-Team,
>>
>> i have a problem regarding the function of winbind on a samba4 Active
Directory Domain Controller.
>>
>> I installed samba4 from the standard debian sources.
>> Made the domain provisioning and installed Kerberos.
>> After that I installed winbind and linked the libnss_winbind.so.2 ->
libnss_winbind.so.
>> Wbinfo -u and wbinfo -g do work properly.
>>
>> The strange thing is, that
>> "getent passwd administrator" gives back this line:
>>
"administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
>> So it seems that winbind is working properly, but getent passwd alone
doesn't show the local users (same for getent group).
>>
>> Can you help me with this?
>>
>> I tried several tutorials and I read a lot of mails regarding this
topic but I didn’t find a good answer to my problem.
>> I installed it in a lot of different orders (first winbind then samba,
first Kerberos then samba and then winbind... etc) after a lot of different
instructions.
>>
>> Samba config:
>> [global]
>> 	workgroup = PROCITEC
>> 	realm = PROCITEC.DE
>> 	netbios name = SAMBAPRO
>> 	server role = active directory domain controller
>> 	dns forwarder = 192.168.0.1
>> 	idmap_ldb:use rfc2307 = yes
>> 	registry shares = yes
>> 	template homedir = /srv/samba/%D/%U
>>
>> I edited the nsswitch.conf:
>> passwd:         compat winbind
>> group:          compat winbind
>>
>> If you need further information please don’t hesitate to contact me
>>
>> Kind regards
>>
>> Timo Dachs-Wegmann
>>
>>
>>
>>
> Try adding:
>
> winbind enum users = yes
> winbind enum groups = yes
>
> to smb.conf and restart samba.
>
> Rowland
>
>
It should.

You posted this:

I installed samba4 from the standard debian sources.
Made the domain provisioning and installed Kerberos.
After that I installed winbind and linked the libnss_winbind.so.2 -> 
libnss_winbind.so.

When you installed from debian sources, do you mean you installed the 
debian packages or that you used them to compile your own ?
If you just installed packages, then you don't need to create the links, 
just install libnss-winbind and libpam-winbind

You also say that you installed kerberos, do you mean the client 
packages or server packages ?

Rowland

Am 19.07.2016 um 16:55 schrieb Timo Dachs-Wegmann:
> We already tried this without success...
>
>
> Kind regards
>
> Timo Dachs-Wegmann
> -EDV-
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
penny
> Gesendet: Dienstag, 19. Juli 2016 16:30
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Getent passwd doesn't show Domain Members
>
> On 19/07/16 13:28, Timo Dachs-Wegmann wrote:
>> Dear Support-Team,
>>
>> i have a problem regarding the function of winbind on a samba4 Active
Directory Domain Controller.
>>
>> I installed samba4 from the standard debian sources.
>> Made the domain provisioning and installed Kerberos.
>> After that I installed winbind and linked the libnss_winbind.so.2 ->
libnss_winbind.so.
>> Wbinfo -u and wbinfo -g do work properly.
>>
>> The strange thing is, that
>> "getent passwd administrator" gives back this line:
>>
"administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
>> So it seems that winbind is working properly, but getent passwd alone
doesn't show the local users (same for getent group).
>>
>> Can you help me with this?
>>
>> I tried several tutorials and I read a lot of mails regarding this
topic but I didn’t find a good answer to my problem.
>> I installed it in a lot of different orders (first winbind then samba,
first Kerberos then samba and then winbind... etc) after a lot of different
instructions.
>>
>> Samba config:
>> [global]
>> 	workgroup = PROCITEC
>> 	realm = PROCITEC.DE
>> 	netbios name = SAMBAPRO
>> 	server role = active directory domain controller
>> 	dns forwarder = 192.168.0.1
>> 	idmap_ldb:use rfc2307 = yes
>> 	registry shares = yes
>> 	template homedir = /srv/samba/%D/%U
>>
>> I edited the nsswitch.conf:
>> passwd:         compat winbind
>> group:          compat winbind
>>
>> If you need further information please don’t hesitate to contact me
>>
>> Kind regards
>>
>> Timo Dachs-Wegmann
>>
>>
>>
>>
> Try adding:
>
> winbind enum users = yes
> winbind enum groups = yes
>
> to smb.conf and restart samba.
>
> Rowland
In my debian jessie test environment this does not work with jessies 4.2 
packages.
With backported 4.4.5 packages from sid it works.
Also on my production servers the enumeration of groups and users 
stopped working after the 4.1-4.2 upgrade (sernet packages). It did not 
cause issues there last few month.

achim~

Okay, i tried to install the server without winbind but with libnss-winbind.

Still the same problem. Getent passwd administrator works but the result of
getent passwd only shows local users.
This seems to be the same bug as achims. 
We are running a Debian 4.8 with samba 4.2 packages...

A few months ago I installed a test environement for samba with samba version
4.1.17. There the getent command works perfectly. So I guess this is a bug in
the latest version...

Can I report this bug somewhere or is there a workaround? 

Kind regards

Timo Dachs-Wegmann
-EDV- 


-------------------------------------
PROCITEC GmbH Rastatter Strasse 41
D-75179 Pforzheim
Fon: +49 7231 15561-29
Fax: +49 7231 15561-11
Mailto: t.wegmann at procitec.de 

Mannheim HRB 504702
Geschäftsführer: Dipl.-Ing. (FH) Dipl.-Inf. (FH) Jens Heyen

-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Achim
Gottinger
Gesendet: Dienstag, 19. Juli 2016 18:28
An: samba at lists.samba.org
Betreff: Re: [Samba] Getent passwd doesn't show Domain Members



Am 19.07.2016 um 16:55 schrieb Timo Dachs-Wegmann:
> We already tried this without success...
>
>
> Kind regards
>
> Timo Dachs-Wegmann
> -EDV-
>
> -----Ursprüngliche Nachricht-----
> Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von 
> Rowland penny
> Gesendet: Dienstag, 19. Juli 2016 16:30
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Getent passwd doesn't show Domain Members
>
> On 19/07/16 13:28, Timo Dachs-Wegmann wrote:
>> Dear Support-Team,
>>
>> i have a problem regarding the function of winbind on a samba4 Active
Directory Domain Controller.
>>
>> I installed samba4 from the standard debian sources.
>> Made the domain provisioning and installed Kerberos.
>> After that I installed winbind and linked the libnss_winbind.so.2 ->
libnss_winbind.so.
>> Wbinfo -u and wbinfo -g do work properly.
>>
>> The strange thing is, that
>> "getent passwd administrator" gives back this line:
>>
"administrator:*:0:100::/srv/samba/USERS/administrator:/bin/false"
>> So it seems that winbind is working properly, but getent passwd alone
doesn't show the local users (same for getent group).
>>
>> Can you help me with this?
>>
>> I tried several tutorials and I read a lot of mails regarding this
topic but I didn’t find a good answer to my problem.
>> I installed it in a lot of different orders (first winbind then samba,
first Kerberos then samba and then winbind... etc) after a lot of different
instructions.
>>
>> Samba config:
>> [global]
>> 	workgroup = PROCITEC
>> 	realm = PROCITEC.DE
>> 	netbios name = SAMBAPRO
>> 	server role = active directory domain controller
>> 	dns forwarder = 192.168.0.1
>> 	idmap_ldb:use rfc2307 = yes
>> 	registry shares = yes
>> 	template homedir = /srv/samba/%D/%U
>>
>> I edited the nsswitch.conf:
>> passwd:         compat winbind
>> group:          compat winbind
>>
>> If you need further information please don’t hesitate to contact me
>>
>> Kind regards
>>
>> Timo Dachs-Wegmann
>>
>>
>>
>>
> Try adding:
>
> winbind enum users = yes
> winbind enum groups = yes
>
> to smb.conf and restart samba.
>
> Rowland
In my debian jessie test environment this does not work with jessies 4.2
packages.
With backported 4.4.5 packages from sid it works.
Also on my production servers the enumeration of groups and users stopped
working after the 4.1-4.2 upgrade (sernet packages). It did not cause issues
there last few month.

achim~


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On 20/07/16 08:22, Timo Dachs-Wegmann wrote:
> Okay, i tried to install the server without winbind but with
libnss-winbind.
>
> Still the same problem. Getent passwd administrator works but the result of
getent passwd only shows local users.
> This seems to be the same bug as achims.
> We are running a Debian 4.8 with samba 4.2 packages...
>
> A few months ago I installed a test environement for samba with samba
version 4.1.17. There the getent command works perfectly. So I guess this is a
bug in the latest version...
>
> Can I report this bug somewhere or is there a workaround?
OK, I have installed Samba 4.2.0 using distro packages on Devuan in a VM 
and set it up as I would normally do.
 From my testing, 'getent passwd' and 'getent group' works, so
the
question seems to be, how have you set up your domain member ?

The VM I set up uses a fixed IP and this is the list of packages I 
installed:

samba samba-common-bin samba-common samba-libs samba-vfs-modules 
samba-dsdb-modules libwbclient0 libsmbclient winbind acl attr 
krb5-config libnss-winbind libpam-winbind libpam-krb5 krb5-user

/etc/resolv.conf contains this:

search samdom.example.com
nameserver 192.168.0.5
nameserver 192.168.0.6

The nameservers are my two DCs

/etc/hosts contains this:

127.0.0.1       localhost
192.168.0.8     devtest.samdom.example.com      devtest

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

If the computer was using dhcp, the '192.168.0.8' line wouldn't be
there.

/etc/krb5.conf contains:

[libdefaults]
         default_realm = SAMDOM.EXAMPLE.COM
         dns_lookup_realm = false
         dns_lookup_kdc = true

It doesn't need to contain anything else.

/etc/samba/smb.conf contains this:

[global]
     workgroup = SAMDOM
     security = ADS
     realm = SAMDOM.EXAMPLE.COM

     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     server string = Samba 4 Client %h

     winbind enum users = yes
     winbind enum groups = yes
     winbind use default domain = yes
     winbind expand groups = 4
     winbind nss info = rfc2307
     winbind refresh tickets = Yes
     winbind offline logon = yes
     winbind normalize names = Yes

     ## map ids outside of domain to tdb files.
      idmap config *:backend = tdb
     idmap config *:range = 2000-9999
     ## map ids from the domain  the ranges may not overlap !
     idmap config SAMDOM : backend = ad
     idmap config SAMDOM : schema_mode = rfc2307
     idmap config SAMDOM : range = 10000-999999

     domain master = no
     local master = no
     preferred master = no
     os level = 20
     map to guest = bad user
     host msdfs = no

     # user Administrator workaround, without it you are unable to set 
privileges
     username map = /etc/samba/user.map

     # For ACL support on domain member
     vfs objects = acl_xattr
     map acl inherit = Yes
     store dos attributes = Yes

     # Share Setting Globally
     unix extensions = no
     reset on zero vc = yes
     veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
     hide unreadable = yes

     log file = /usr/local/samba/var/log.%m

[homes]
     path = /home/%U
     read only = no

/etc/samba/user.map contains this:

!root = SAMDOM\Administrator SAMDOM\administrator Administrator 
administrator

The relevant lines in /etc/nsswitch.conf look like this:

passwd:         compat winbind
group:          compat winbind

Which leads to this:

root at devtest:~# getent passwd
root:x:0:0:root:/root:/bin/bash
.......
.......

It displays no AD users, but if you run it again

root at devtest:~# getent passwd
root:x:0:0:root:/root:/bin/bash
.......
.......
albert:*:10004:10000:Albert Tatlock:/home/albert:/bin/false
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
........
........

It doesn't really matter if 'getent passwd' doesn't display all
your
users, as long as it will display individual users:

root at devtest:~# getent passwd rowland
rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash

Rowland

Well, thank you for your support. 
I guess you can't tell when debian will release new packages?

I think we'll work with the 4.2.10 (4.2.11) packages until debian releases
the new version :)

Kind regards

Timo Dachs-Wegmann
-EDV- 

-----Ursprüngliche Nachricht-----
Von: samba [mailto:samba-bounces at lists.samba.org] Im Auftrag von Rowland
penny
Gesendet: Mittwoch, 20. Juli 2016 17:59
An: samba at lists.samba.org
Betreff: Re: [Samba] Getent passwd doesn't show Domain Members

On 20/07/16 11:56, Rowland penny wrote:
> On 20/07/16 11:49, Achim Gottinger wrote:
>>
>>
>> Am 20.07.2016 um 11:33 schrieb Rowland penny:
>>> On 20/07/16 08:22, Timo Dachs-Wegmann wrote:
>>>> Okay, i tried to install the server without winbind but with 
>>>> libnss-winbind.
>>>>
>>>> Still the same problem. Getent passwd administrator works but
the
>>>> result of getent passwd only shows local users.
>>>> This seems to be the same bug as achims.
>>>> We are running a Debian 4.8 with samba 4.2 packages...
>>>>
>>>> A few months ago I installed a test environement for samba with
>>>> samba version 4.1.17. There the getent command works perfectly.
So
>>>> I guess this is a bug in the latest version...
>>>>
>>>> Can I report this bug somewhere or is there a workaround?
>>>
>>> OK, I have installed Samba 4.2.0 using distro packages on Devuan in
>>> a VM and set it up as I would normally do.
>>> From my testing, 'getent passwd' and 'getent group'
works, so the
>>> question seems to be, how have you set up your domain member ?
>>>
>>> The VM I set up uses a fixed IP and this is the list of packages I
>>> installed:
>>>
>>> samba samba-common-bin samba-common samba-libs samba-vfs-modules 
>>> samba-dsdb-modules libwbclient0 libsmbclient winbind acl attr 
>>> krb5-config libnss-winbind libpam-winbind libpam-krb5 krb5-user
>>>
>>> /etc/resolv.conf contains this:
>>>
>>> search samdom.example.com
>>> nameserver 192.168.0.5
>>> nameserver 192.168.0.6
>>>
>>> The nameservers are my two DCs
>>>
>>> /etc/hosts contains this:
>>>
>>> 127.0.0.1       localhost
>>> 192.168.0.8     devtest.samdom.example.com      devtest
>>>
>>> # The following lines are desirable for IPv6 capable hosts
>>> ::1     localhost ip6-localhost ip6-loopback
>>> ff02::1 ip6-allnodes
>>> ff02::2 ip6-allrouters
>>>
>>> If the computer was using dhcp, the '192.168.0.8' line
wouldn't be
>>> there.
>>>
>>> /etc/krb5.conf contains:
>>>
>>> [libdefaults]
>>>         default_realm = SAMDOM.EXAMPLE.COM
>>>         dns_lookup_realm = false
>>>         dns_lookup_kdc = true
>>>
>>> It doesn't need to contain anything else.
>>>
>>> /etc/samba/smb.conf contains this:
>>>
>>> [global]
>>>     workgroup = SAMDOM
>>>     security = ADS
>>>     realm = SAMDOM.EXAMPLE.COM
>>>
>>>     dedicated keytab file = /etc/krb5.keytab
>>>     kerberos method = secrets and keytab
>>>     server string = Samba 4 Client %h
>>>
>>>     winbind enum users = yes
>>>     winbind enum groups = yes
>>>     winbind use default domain = yes
>>>     winbind expand groups = 4
>>>     winbind nss info = rfc2307
>>>     winbind refresh tickets = Yes
>>>     winbind offline logon = yes
>>>     winbind normalize names = Yes
>>>
>>>     ## map ids outside of domain to tdb files.
>>>      idmap config *:backend = tdb
>>>     idmap config *:range = 2000-9999
>>>     ## map ids from the domain  the ranges may not overlap !
>>>     idmap config SAMDOM : backend = ad
>>>     idmap config SAMDOM : schema_mode = rfc2307
>>>     idmap config SAMDOM : range = 10000-999999
>>>
>>>     domain master = no
>>>     local master = no
>>>     preferred master = no
>>>     os level = 20
>>>     map to guest = bad user
>>>     host msdfs = no
>>>
>>>     # user Administrator workaround, without it you are unable to 
>>> set privileges
>>>     username map = /etc/samba/user.map
>>>
>>>     # For ACL support on domain member
>>>     vfs objects = acl_xattr
>>>     map acl inherit = Yes
>>>     store dos attributes = Yes
>>>
>>>     # Share Setting Globally
>>>     unix extensions = no
>>>     reset on zero vc = yes
>>>     veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
>>>     hide unreadable = yes
>>>
>>>     log file = /usr/local/samba/var/log.%m
>>>
>>> [homes]
>>>     path = /home/%U
>>>     read only = no
>>>
>>> /etc/samba/user.map contains this:
>>>
>>> !root = SAMDOM\Administrator SAMDOM\administrator Administrator 
>>> administrator
>>>
>>> The relevant lines in /etc/nsswitch.conf look like this:
>>>
>>> passwd:         compat winbind
>>> group:          compat winbind
>>>
>>> Which leads to this:
>>>
>>> root at devtest:~# getent passwd
>>> root:x:0:0:root:/root:/bin/bash
>>> .......
>>> .......
>>>
>>> It displays no AD users, but if you run it again
>>>
>>> root at devtest:~# getent passwd
>>> root:x:0:0:root:/root:/bin/bash
>>> .......
>>> .......
>>> albert:*:10004:10000:Albert Tatlock:/home/albert:/bin/false 
>>> rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash
........
>>> ........
>>>
>>> It doesn't really matter if 'getent passwd' doesn't
display all your
>>> users, as long as it will display individual users:
>>>
>>> root at devtest:~# getent passwd rowland
rowland:*:10000:10000:Rowland
>>> Penny:/home/rowland:/bin/bash
>>>
>>> Rowland
>>>
>>>
>> Hi Rowland,
>>
>> The OP is running in ADDC mode!
>>
>> achim~
>>
>>
>
> Ah, missed that, I will go and try again and report back, it should work.
>
> Rowland
>
>
OK, I know what is wrong now, the debian Samba package (version 4.2.10 that is
really 4.2.11) is the one that came out after the badlock patches were released.
A few regressions were introduced by the badlock patches and these have been
fixed in later releases. To put it bluntly, debian needs to release a later
version, even more so, when you take into account that 4.5.0 is nearing release,
at which point, the 4.2.x series will go EOL.

Your choices if you need 'getent passwd' to work (if 'getent passwd
username' isn't enough) are a bit limited, you could use the Sernet
packages (free or paid for), wait until debian releases a later package or
compile Samba yourself.

Rowland

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On 21/07/16 07:08, Timo Dachs-Wegmann wrote:
> Well, thank you for your support.
> I guess you can't tell when debian will release new packages?
No, but perhaps Andrew Bartlett can ?

Rowland
>
> I think we'll work with the 4.2.10 (4.2.11) packages until debian
releases the new version :)
>
> Kind regards
>
> Timo Dachs-Wegmann
> -EDV-
>
>