thr3ads.net - samba - [Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain [Mar 2021]

If this information is useful, please help other people find it:
Share via:

David PAUGAM

2021-Mar-10 17:18 UTC

[Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain

Hello,

I'm facing a problem with a Linux Server I want to configure as a File 
Server, member of an Active Directory Domain.

OS: Linux Debian Buster

Smb.conf:

/[global]//
//??????? workgroup=MYDOM//
//??????? realm=MYDOM.FR//
//??????? security=ads//
//??????? winbind enum users=yes//
//??????? winbind enum groups=yes//
//??????? winbind use default domain=yes//
//?? idmap config * : backend = tdb//
//?? idmap config * : range = 3000-19999//
//?? idmap config IFR : backend = rid//
//?? idmap config IFR : range = 30000-999999//
//?? template homedir = /home/%U//
//?? template shell = /bin/bash//
//
//?? winbind refresh tickets = Yes//
//?? vfs objects = acl_xattr//
//?? map acl inherit = Yes//
//?? store dos attributes = Yes//
//
//dedicated keytab file = /etc/krb5.keytab//
//kerberos method = secrets and keytab//
//allow trusted domains = no//
//log file = /var/log/samba/log.%m//
//
//[export]//
//browseable????? = yes//
//comment???????? = Repertoire//
//create mask???? = 0770//
//directory mask? = 0770//
//path??????????? = /export///
//valid users???? = user1,user2//
//writable??????? = yes/


I joined correctly the server to the domain:

/?net ads testjoin//
//Join is OK/

/net ads info/ is OK too.


/Wbinfo -u/ returns every member of the domain, around 3400.

/getent passwd/ returns a truncated list. Around 1100 users.


User1 is able to access to the share from a Windows client through 
\\my_server\export

User2 is not.

/getent passwd user1/ returns a line

/getent passwd user2/ returns nothing.


It's like winbind could not see ALL the users.


Same "issue" when I try to chown the folder:

/?chown user1:mygroup /export/ /

is OK

/?chown user2:mygroup /export/ /

is K0

"chown: incorrect user: ? user2:mygroup?


Did anybody already face this kind of issue?

Does anyone know how to fix that?

Thanks in advance,

David

Rowland penny

2021-Mar-10 17:48 UTC

head link

[Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain

On 10/03/2021 17:18, David PAUGAM via samba wrote:> Hello,
>
> I'm facing a problem with a Linux Server I want to configure as a File 
> Server, member of an Active Directory Domain.
>
> OS: Linux Debian Buster
>
> Smb.conf:
>
> /[global]//
> //??????? workgroup=MYDOM//
>
> //?? idmap config IFR : backend = rid//
> //?? idmap config IFR : range = 30000-999999// 

Before we dive into the deep end, is your workgroup 'MYDOM' or
'IFR' ?

Also, how are the usernames truncated ?

Rowland

samba - Mar 2021 - List of users seems truncated or incomplete in file server member of an Active Directory Domain

[Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain

[Samba] List of users seems truncated or incomplete in file server member of an Active Directory Domain