I do have the entries in /etc/nswitch.conf
The "getent passwd" won't list the winbind users although I can get
details on a specific user with the "getent passwd
SOMEDOMAIN\\someuser" common
I looked in the /var/samba/locks directory -
I have a winbindd_cache.tdb file that is current. I don't have a
current idmap_cache.tdb file anymore. Not sure I need one. I
initially stated with samba 3.0.x, then upgraded to 3.4.x, then to
3.5.x, and it seems with .X upgrade that the configuration for winbind
and idmapping changes.
This may be a bug in Solaris itself rather than samba.
On 06/06/2011 02:28 PM, timothy mcdaniel wrote:
I have been looking at
http://samba.2283325.n4.nabble.com/Trusted-domain-users-unwantedly-mapping-onto-local-domain-users-td3005928.html
and I think that if you add this in your nsswitch.conf like it says in the
website above:
if you already have the passwd: files ldap and group: files ldap in your
nsswitch.conf then just add winbind to the end of the lines of the passwd
and group lines. just like it is shown below: If you need any more help just
email me back, and I will try to help you.
*passwd*: files ldap winbind
group: files ldap winbind
---------- Forwarded message ----------
From: Gaiseric Vandal<[email protected]>
To: Samba<[email protected]>
Date: Mon, 06 Jun 2011 12:04:14 -0400
Subject: [Samba] getent passwd does not list trusted users
I am running Samba 3.5.5 on Solaris 10. This is the latest Sun/Oracle
provided build. I have an ldap backend for everything (unix+samba accounts,
idmapping for domain trusts.) The Samba server is a PDC for a domain we can
call "SAMBA." Each samba account is tied to a unix account.
I have a one-way domain trust setup with a Windows 2003 domain which we
can call "WIN2003." SAMBA trusts WIN2003. "getent passwd" and "getent
group" seem to fundamentally be working (depending on syntax) BUT "getent
passwd" does NOT list trusted users.
On the solaris machine:
---------------------------------------------------------------------------------------------------------------------------------------------------------------
"wbinfo -u" and "wbinfo -g" lists all users in this domain + the
WIN2003 domain. For the SAMBA users, the domain name is stripped out.
"getent passwd" - lists all "unix" users (in ldap or /etc/passwd.)
It does not list the samba users - which is the expected and
desired behaviour.
I had expected it to list users from the WIN2003 domain.
"getent group" - lists all "unix" groups (in ldap or /etc/passwd)
It does not listed the SAMBA groups - which is the expected and
desired behaviour.
It does list WIN2003 groups- which is also the expected and
desired behaviour.
"getent passwd SAMBA\\user" - shows uid, gid, home directory, shell
"getent passwd WIN2003\\user" - shows uid, gid, home directory, shell
"getent group SAMBA\\group" - shows gid, members
"getent group WIN2003\\group" - shows gid, members
"id SAMBA\\user" - shows uid and gid
"id WIN2003 \\user" - shows uid and gid
---------------------------------------------------------------------------------------------------------------------------------------------------------------
I can use chown and other commands from solaris command line to grant
rights to a user from the trusted domain. However, in a Windows machine in
samba domain, when setting file permissions, I can not see the trusted
domain.
Any thoughts?
Thanks
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
