Hello, I have upgrade my Samba PDC to Samba AD and join a linux box to the AD. Using short domain name -- FOO Joined 'RTR-01' to realm 'foo' Wbinfo get users root at rtr-01:~# wbinfo -u | tail -1 FOO\user getent passwd do not getent passwd | tail -1 fetchmail:x:108:65534::/var/lib/fetchmail:/bin/false root at rtr-01:~# cat /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: compat winbind group: compat winbind shadow: compat winbind gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis root at rtr-01:~# dpkg -l | grep win ii libnewt0.52:amd64 0.52.17-1+b1 amd64 Not Erik's Windowing Toolkit - text mode windowing with slang ii libnss-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 Samba nameservice integration plugins ii libpam-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 Windows domain authentication integration plugin ii libwbclient0:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 Samba winbind client library ii libwind0-heimdal:amd64 1.6~rc2+dfsg-9 amd64 Heimdal Kerberos - stringprep implementation ii winbind 2:4.2.14+dfsg-0+deb8u2 amd64 service to resolve user and group information from Windows NT servers whats wrong there? Thanks for any help. Best regards basti
mathias dufresne
2017-Jan-30 11:12 UTC
[Samba] winbind -u works, getent passwd dont't work
Did you configure PAM ? 2017-01-30 11:59 GMT+01:00 basti via samba <samba at lists.samba.org>:> Hello, > I have upgrade my Samba PDC to Samba AD and join a linux box to the AD. > > Using short domain name -- FOO > Joined 'RTR-01' to realm 'foo' > > Wbinfo get users > root at rtr-01:~# wbinfo -u | tail -1 > FOO\user > > getent passwd do not > getent passwd | tail -1 > fetchmail:x:108:65534::/var/lib/fetchmail:/bin/false > > > root at rtr-01:~# cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat winbind > group: compat winbind > shadow: compat winbind > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > root at rtr-01:~# dpkg -l | grep win > ii libnewt0.52:amd64 0.52.17-1+b1 amd64 > Not Erik's Windowing Toolkit - text mode windowing with slang > ii libnss-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 > Samba nameservice integration plugins > ii libpam-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 > Windows domain authentication integration plugin > ii libwbclient0:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 > Samba winbind client library > ii libwind0-heimdal:amd64 1.6~rc2+dfsg-9 amd64 > Heimdal Kerberos - stringprep implementation > ii winbind 2:4.2.14+dfsg-0+deb8u2 amd64 > service to resolve user and group information from Windows NT servers > > whats wrong there? > Thanks for any help. > > Best regards basti > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Yes i think so. I run "pam-auth-update" * Kerberos authentication * Unix authentication * Winbind NT/Active Directory authentication * LDAP Authentication are checked. On 30.01.2017 12:12, mathias dufresne via samba wrote:> Did you configure PAM ? > > 2017-01-30 11:59 GMT+01:00 basti via samba <samba at lists.samba.org>: > >> Hello, >> I have upgrade my Samba PDC to Samba AD and join a linux box to the AD. >> >> Using short domain name -- FOO >> Joined 'RTR-01' to realm 'foo' >> >> Wbinfo get users >> root at rtr-01:~# wbinfo -u | tail -1 >> FOO\user >> >> getent passwd do not >> getent passwd | tail -1 >> fetchmail:x:108:65534::/var/lib/fetchmail:/bin/false >> >> >> root at rtr-01:~# cat /etc/nsswitch.conf >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages installed, try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd: compat winbind >> group: compat winbind >> shadow: compat winbind >> gshadow: files >> >> hosts: files dns >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> >> root at rtr-01:~# dpkg -l | grep win >> ii libnewt0.52:amd64 0.52.17-1+b1 amd64 >> Not Erik's Windowing Toolkit - text mode windowing with slang >> ii libnss-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 >> Samba nameservice integration plugins >> ii libpam-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 >> Windows domain authentication integration plugin >> ii libwbclient0:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 >> Samba winbind client library >> ii libwind0-heimdal:amd64 1.6~rc2+dfsg-9 amd64 >> Heimdal Kerberos - stringprep implementation >> ii winbind 2:4.2.14+dfsg-0+deb8u2 amd64 >> service to resolve user and group information from Windows NT servers >> >> whats wrong there? >> Thanks for any help. >> >> Best regards basti >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>
L.P.H. van Belle
2017-Jan-30 11:53 UTC
[Samba] winbind -u works, getent passwd dont't work
This is all correct and by design. Try : getent passwd username If you running this on a Samba AD DC. If you want to see if you pam setup is done, run : pam-auth-update But still you only see the users with : getent passwd username Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens basti via samba > Verzonden: maandag 30 januari 2017 12:00 > Aan: samba at lists.samba.org > Onderwerp: [Samba] winbind -u works, getent passwd dont't work > > Hello, > I have upgrade my Samba PDC to Samba AD and join a linux box to the AD. > > Using short domain name -- FOO > Joined 'RTR-01' to realm 'foo' > > Wbinfo get users > root at rtr-01:~# wbinfo -u | tail -1 > FOO\user > > getent passwd do not > getent passwd | tail -1 > fetchmail:x:108:65534::/var/lib/fetchmail:/bin/false > > > root at rtr-01:~# cat /etc/nsswitch.conf > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, > try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: compat winbind > group: compat winbind > shadow: compat winbind > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > root at rtr-01:~# dpkg -l | grep win > ii libnewt0.52:amd64 0.52.17-1+b1 amd64 > Not Erik's Windowing Toolkit - text mode windowing with slang > ii libnss-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 > Samba nameservice integration plugins > ii libpam-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 > Windows domain authentication integration plugin > ii libwbclient0:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 > Samba winbind client library > ii libwind0-heimdal:amd64 1.6~rc2+dfsg-9 amd64 > Heimdal Kerberos - stringprep implementation > ii winbind 2:4.2.14+dfsg-0+deb8u2 amd64 > service to resolve user and group information from Windows NT servers > > whats wrong there? > Thanks for any help. > > Best regards basti > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
on the AD DC getent passwd username works on AD member getent passwd username dones not work wbinfo works on both On 30.01.2017 12:53, L.P.H. van Belle via samba wrote:> This is all correct and by design. > Try : getent passwd username > If you running this on a Samba AD DC. > > If you want to see if you pam setup is done, run : pam-auth-update > But still you only see the users with : getent passwd username > > Greetz, > > Louis > > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens basti via samba >> Verzonden: maandag 30 januari 2017 12:00 >> Aan: samba at lists.samba.org >> Onderwerp: [Samba] winbind -u works, getent passwd dont't work >> >> Hello, >> I have upgrade my Samba PDC to Samba AD and join a linux box to the AD. >> >> Using short domain name -- FOO >> Joined 'RTR-01' to realm 'foo' >> >> Wbinfo get users >> root at rtr-01:~# wbinfo -u | tail -1 >> FOO\user >> >> getent passwd do not >> getent passwd | tail -1 >> fetchmail:x:108:65534::/var/lib/fetchmail:/bin/false >> >> >> root at rtr-01:~# cat /etc/nsswitch.conf >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages installed, >> try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd: compat winbind >> group: compat winbind >> shadow: compat winbind >> gshadow: files >> >> hosts: files dns >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> >> root at rtr-01:~# dpkg -l | grep win >> ii libnewt0.52:amd64 0.52.17-1+b1 amd64 >> Not Erik's Windowing Toolkit - text mode windowing with slang >> ii libnss-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 >> Samba nameservice integration plugins >> ii libpam-winbind:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 >> Windows domain authentication integration plugin >> ii libwbclient0:amd64 2:4.2.14+dfsg-0+deb8u2 amd64 >> Samba winbind client library >> ii libwind0-heimdal:amd64 1.6~rc2+dfsg-9 amd64 >> Heimdal Kerberos - stringprep implementation >> ii winbind 2:4.2.14+dfsg-0+deb8u2 amd64 >> service to resolve user and group information from Windows NT servers >> >> whats wrong there? >> Thanks for any help. >> >> Best regards basti >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > > >