Hi: I have one samba 4.7/4.8 DC, one samba member file server (rhel 7.5 with samba 4.7.1), and one windows 7 member PC. if I create an account (my-account) in samba DC, I can not see it in the member server with "id my-account" or "getent passwd my-account". but if I use windows member PC to access the file server with my-account, then immediately "id my-account" and "getent passwd my-account" will work in member server. is this behavior expected? can I let samba member server get the newly created account immediately? thanks a lot for help.
On Thu, 19 Jul 2018 23:06:50 +0800 d tbsky via samba <samba at lists.samba.org> wrote:> Hi: > > I have one samba 4.7/4.8 DC, one samba member file server (rhel 7.5 > with samba 4.7.1), and one windows 7 member PC. > > if I create an account (my-account) in samba DC, I can not see it > in the member server with "id my-account" or "getent passwd > my-account".How are you creating the user ?> > but if I use windows member PC to access the file server with > my-account, then immediately "id my-account" and "getent passwd > my-account" will work in member server. > > is this behavior expected? can I let samba member server get the > newly created account immediately?No, it isn't, it should work fairly immediately, please post the smb.conf from the Unix domain member. Rowland
2018-07-19 23:18 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:> On Thu, 19 Jul 2018 23:06:50 +0800 > d tbsky via samba <samba at lists.samba.org> wrote: > >> Hi: >> >> I have one samba 4.7/4.8 DC, one samba member file server (rhel 7.5 >> with samba 4.7.1), and one windows 7 member PC. >> >> if I create an account (my-account) in samba DC, I can not see it >> in the member server with "id my-account" or "getent passwd >> my-account". > > How are you creating the user ? > >> >> but if I use windows member PC to access the file server with >> my-account, then immediately "id my-account" and "getent passwd >> my-account" will work in member server. >> >> is this behavior expected? can I let samba member server get the >> newly created account immediately? > > No, it isn't, it should work fairly immediately, please post the > smb.conf from the Unix domain member. >thanks a lot for the quick help. I remember in old days it happened sometimes. but after upgrade rhel 7.5 (from samba 4.6.x to 4.7.1) and samba DC 4.7/4.8 it now happens every time. below is the smb.conf configuration from member server [global] workgroup = SAMDOM netbios name = backup realm = AD.SAMDOM.EXAMPLE.COM security = ads idmap backend = tdb idmap config *:backend = tdb idmap config *:range = 1000000-1999999 idmap config SAMDOM:backend = ad idmap config SAMDOM:default = yes idmap config SAMDOM:range = 1000-999999 idmap config SAMDOM:schema_mode = rfc2307 winbind enum users = yes winbind enum groups = yes winbind nested groups = no winbind use default domain = yes winbind offline logon = no obey pam restrictions = no # disable printer load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes
2018-07-19 23:18 GMT+08:00 Rowland Penny via samba <samba at lists.samba.org>:> On Thu, 19 Jul 2018 23:06:50 +0800 > d tbsky via samba <samba at lists.samba.org> wrote: > >> Hi: >> >> I have one samba 4.7/4.8 DC, one samba member file server (rhel 7.5 >> with samba 4.7.1), and one windows 7 member PC. >> >> if I create an account (my-account) in samba DC, I can not see it >> in the member server with "id my-account" or "getent passwd >> my-account". > > How are you creating the user ?sorry I forgot to answer the question. I tried to create user with samba-tool or windows Active Directory Users and Computers. both result are the same.