On Fri, 3 May 2019 17:16:41 +0200 Vincent Ducot via samba <samba at lists.samba.org> wrote:> getent passwd still only shows local unix accounts, and I got the > error "getpwent failed: NT_STATUS_NO_MORE_ENTRIES" in log.winbindd. > > getent passwd vincent shows nothing and I got in the log file: > > winbindd_getpwnam: My domain -- rejecting getpwnam() for RC\vducot.Hmm, asking 'getent passwd vincent', but 'RC\vducot' is being rejected, is your workgroup 'RC' ? and is your username 'vducot' ? Does 'wbinfo -u | grep 'vincent' return anything Does 'wbinfo -u | grep 'vducot' return anything ? Rowland
Hi, sorry for the mistake, I meaned getent passwd vincent shows nothing and I got in the log file: winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent. 'wbinfo -u | grep 'vincent' returns vincent, it's the good username. Thanks, Vincent Le 03/05/2019 à 17:58, Rowland Penny via samba a écrit :> On Fri, 3 May 2019 17:16:41 +0200 > Vincent Ducot via samba <samba at lists.samba.org> wrote: > >> getent passwd still only shows local unix accounts, and I got the >> error "getpwent failed: NT_STATUS_NO_MORE_ENTRIES" in log.winbindd. >> >> getent passwd vincent shows nothing and I got in the log file: >> >> winbindd_getpwnam: My domain -- rejecting getpwnam() for RC\vducot. > Hmm, asking 'getent passwd vincent', but 'RC\vducot' is being rejected, > is your workgroup 'RC' ? and is your username 'vducot' ? > > Does 'wbinfo -u | grep 'vincent' return anything > > Does 'wbinfo -u | grep 'vducot' return anything ? > > Rowland >
On Mon, 6 May 2019 09:08:10 +0200 Vincent Ducot <vincent.ducot at rubycat-labs.com> wrote:> Hi, > > sorry for the mistake, I meaned > > getent passwd vincent shows nothing and I got in the log file: > > winbindd_getpwnam: My domain -- rejecting getpwnam() for FOO\vincent. > > 'wbinfo -u | grep 'vincent' returns vincent, it's the good username. >Just because 'wbinfo' shows a user, doesn't mean that a Unix OS will know the user, even if the smb.conf appears to be correct. You originally posted this: idmap config FOO:backend = ad idmap config FOO:schema_mode = rfc2307 idmap config FOO:range = 10000-999999 idmap config FOO:unix_nss_info = yes idmap config FOO:unix_primary_group = yes So, does 'vincent' have a uidNumber attribute containing a number inside the range '10000-99999999' AND either a gidnumber attribute containing the gidNumber of an AD group, or does Domain Users have gidNumber attribute ? The gidNumber must be inside the same range. Rowland