On Mon, 2022-02-28 at 15:42 +0000, spindles seven wrote:> > > > > I must be missing something here. If what you say above is true, > then why does the WiKi advise adding the "winbind enum" lines to the > smb.conf in order for the getent commands to show all AD users and > groups?It didn't (it seems to have been removed in the pruning of required information), it said to only to use them for testing purposes.> Also your other answer in this thread seems to contradict this as > well. I certainly cannot get the list to include AD users and > groups without the enum lines.I doubt I said that and if you must have the 'enum' lines in smb.conf for your Unix domain member to work, then you have something exceedingly strangely wrong with your set up.> > So what settings "when set up correctly" allow getent to display all > users and groups (without the 'enum' lines)?None, because you do not need them: rowland at devstation:~$ getent passwd | grep rowland rowland at devstation:~$ Just running the output of 'getent passwd' through grep with my name, produces no output. rowland at devstation:~$ getent passwd rowland rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash Yet adding my name to the getent command does. rowland at devstation:~$ cat /etc/passwd | grep rowland rowland at devstation:~$ My name is not in /etc/passwd rowland at devstation:~$ cat /etc/samba/smb.conf | grep 'enum' rowland at devstation:~$ I do not have the 'enum' lines in smb.conf, yet everything works. Rowland
Rowland - I think you didn't read the last para Roy posted in his OP. (late yesterday, at least in my TZ) ? ? --- ...the AD users are still *known* to the operating system as will be demonstrated by appending an AD user's name or group to the getent command. For example on my system getent passwd roy produces: roy at pi4b:~$ getent passwd roy roy:*:11601:10513:roy:/home/MICROLYNX/roy:/bin/bash? --- ? ? So, I don't actually think he was wrong in his initial post.? (Though I'd agree it was easy to read the first couple of paras and think he had it wrong.) ? --- Can we all agree that without the winbind enum line, you can't just do a getent group/passwd and get a full listing of all the group/user records in AD, but you CAN get individual records by specifying them? ? And as the wiki says (or should/may have said before it was hosed) the enum lines should generally only be used for troubleshooting/debugging since they place more load on the DC's - especially for large AD data-sets. ? :) ???> On Mon, 2022-02-28 at 15:42 +0000, spindles seven wrote:>> I must be missing something here. ?If what you say above is true, >> then why does the WiKi advise adding the "winbind enum" lines to the >> smb.conf in order for the getent commands to show all AD users and >> groups??> It didn't (it seems to have been removed in the pruning of required > information), it said to only to use them for testing purposes. > ?>> ? ? Also your other answer in this thread seems to contradict this as >> well. ? I certainly cannot get the list to include AD users and >> groups without the enum lines.> I doubt I said that and if you must have the 'enum' lines in smb.conf > for your Unix domain member to work, then you have something > exceedingly strangely wrong with your set up.>> So what settings "when set up correctly" allow getent to display all >> users and groups (without the 'enum' lines)?> None, because you do not need them:> rowland at devstation:~$ getent passwd | grep rowland > rowland at devstation:~$?> Just running the output of 'getent passwd' through grep with my name, > produces no output.> rowland at devstation:~$ getent passwd rowland > rowland:*:10000:10000:Rowland Penny:/home/rowland:/bin/bash> Yet adding my name to the getent command does.> rowland at devstation:~$ cat /etc/passwd | grep rowland > rowland at devstation:~$?> My name is not in /etc/passwd> rowland at devstation:~$ cat /etc/samba/smb.conf | grep 'enum' > rowland at devstation:~$?> I do not have the 'enum' lines in smb.conf, yet everything works.> Rowland
On 28 February 2022 16:04 Rowland Penny wrote:> On Mon, 2022-02-28 at 15:42 +0000, spindles seven wrote: > > > > > > > > > I must be missing something here. If what you say above is true, then > > why does the WiKi advise adding the "winbind enum" lines to the > > smb.conf in order for the getent commands to show all AD users and > > groups? > > It didn't (it seems to have been removed in the pruning of required information), it > said to only to use them for testing purposes. > > > Also your other answer in this thread seems to contradict this as > > well. I certainly cannot get the list to include AD users and > > groups without the enum lines. > > I doubt I said that and if you must have the 'enum' lines in smb.conf for your Unix > domain member to work, then you have something exceedingly strangely wrong with > your set up. > > > > > So what settings "when set up correctly" allow getent to display all > > users and groups (without the 'enum' lines)? > > None, because you do not need them: > > rowland at devstation:~$ getent passwd | grep rowland rowland at devstation:~$ > > Just running the output of 'getent passwd' through grep with my name, produces no > output. >Exactly. That's what I thought I said> rowland at devstation:~$ getent passwd rowland rowland:*:10000:10000:Rowland > Penny:/home/rowland:/bin/bash > > Yet adding my name to the getent command does. >Again that's what I said> rowland at devstation:~$ cat /etc/passwd | grep rowland rowland at devstation:~$ > > My name is not in /etc/passwd > > rowland at devstation:~$ cat /etc/samba/smb.conf | grep 'enum' > rowland at devstation:~$ > > I do not have the 'enum' lines in smb.conf, yet everything works. > > RowlandMine too, so not sure why you said my post was totally wrong. You clipped the remaidner of my post which demonstrated what you say above. Seems like I was totally right? Roy