On Mon, 2022-02-28 at 08:10 +0000, spindles seven via samba wrote:> On 27 February 2022 23:48 Michael Evans wrote: > > Someone I expect knows much more about samba than I do has stated > > that winbind emum is incorrect > > for exposing that user and group list to NSS services (so that > > they're shown with getent passwd and > > getent group; as well as any programs that want to validate > > usernames / etc): So what should I and > > others do instead? > > The winbind enum line in smb.conf is purely to "enumerate" the list > of users so that you can use "getent passwd" or "getent group" to get > a list of users a groups, including AD users and groups. > Remove that line from smb.conf and all you will get are local users > and groups when you use the getent commands.Wrong, totally wrong. Provided that everything else is set up correctly, getent will display all individual users & groups without the 'enum' lines. Rowland
On 28 February 2022 09:24 Rowland Penny wrote:> > The winbind enum line in smb.conf is purely to "enumerate" the list of > > users so that you can use "getent passwd" or "getent group" to get a > > list of users a groups, including AD users and groups. > > Remove that line from smb.conf and all you will get are local users > > and groups when you use the getent commands. > > Wrong, totally wrong. > Provided that everything else is set up correctly, getent will display all individual > users & groups without the 'enum' lines. > > RowlandI must be missing something here. If what you say above is true, then why does the WiKi advise adding the "winbind enum" lines to the smb.conf in order for the getent commands to show all AD users and groups? Also your other answer in this thread seems to contradict this as well. I certainly cannot get the list to include AD users and groups without the enum lines. So what settings "when set up correctly" allow getent to display all users and groups (without the 'enum' lines)? Roy