Re: [Samba] getent passwd not adding users
You need to add idmap uid with the same range as the gid, well at least that is what I've always have done. Jamie Gordon wrote: I'm running Samba version Version 3.0.25b-1.el5_1.2 on RH Enterprise Linux 5. I've configured the SMB server to get users from a Windows 2003 Server Active Directory tree. I was able to join the machine to the domain with no problem. Here's the smb.conf Quote: [global] idmap gid = 6-9 winbind trusted domains only = yes encrypt passwords = yes show add printer wizard = No winbind use default domain = Yes realm = domain netbios name = servername printing = cups idmap uid = 1-5 password server = dcname workgroup = domain os level = 20 printcap name = cups security = domain winbind separator = \ disable spoolss = Yes winbind enum groups = yes winbind enum users = yes My nsswitch.conf has the following; Quote: passwd: files winbind shadow: files group: files winbind wbinfo -u and wbinfo-g work well, returning a list of users and groups. However, when I issue 'getent passwd' my winbind log (/var/log/samba/winbindd.log) shows a long list of the following and no users are added to the passwd db; Quote: [2007/12/04 12:11:03, 1] nsswitch/winbindd_ads.c:query_user_list(209) Not a user account? atype=0x3000 Not sure where to go from here. Any help or hints would be appreciated. Jamie Gordon QA Manager WideOrbit [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] You can't make what you can't measure, 'cause you don't know when you've got it made. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] getent passwd not adding users
Thanks Nathan. Perhaps I misspoke. My understanding is that if winbind is configured correctly, if I issue 'getent passwd' then I should see local and domain users listed. I only see local users and my windbindd log has the aforementioned errors. Jamie Gordon QA Manager WideOrbit [EMAIL PROTECTED] You can't make what you can't measure, 'cause you don't know when you've got it made. -Original Message- From: Nathan VanHoudnos [mailto:[EMAIL PROTECTED] Sent: Friday, December 07, 2007 12:32 PM To: Jamie Gordon Cc: samba Subject: Re: [Samba] getent passwd not adding users wbinfo -u and wbinfo-g work well, returning a list of users and groups. However, when I issue 'getent passwd' my winbind log (/var/log/samba/winbindd.log) shows a long list of the following and no users are added to the passwd db; Perhaps I misunderstand you, but getent is a query tool, not something that you use to add entries to /etc/passwd or /etc/group. If you wanted to use it to add entries, you'd need to do something like: getent passwd | grep YOURDOMAIN+ /etc/passwd But, then that would defeat the purpose of using winbind anyway. Hope this helps, Nathan VanHoudnos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] getent passwd not adding users
wbinfo -u and wbinfo-g work well, returning a list of users and groups. However, when I issue 'getent passwd' my winbind log (/var/log/samba/winbindd.log) shows a long list of the following and no users are added to the passwd db; Perhaps I misunderstand you, but getent is a query tool, not something that you use to add entries to /etc/passwd or /etc/group. If you wanted to use it to add entries, you'd need to do something like: getent passwd | grep YOURDOMAIN+ /etc/passwd But, then that would defeat the purpose of using winbind anyway. Hope this helps, Nathan VanHoudnos -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] getent passwd not adding users
(forgot to copy list) Thanks Nathan. Perhaps I misspoke. My understanding is that if winbind is configured correctly, if I issue 'getent passwd' then I should see local and domain users listed. I only see local users and my windbindd log has the aforementioned errors. Yes, that's true. I noticed that your config file has security = domain If you change that to security = ads It might work. I don't know, I'm not a samba expert! The other thing I might try is to change your winbind seperator from / to +. Perhaps getent can't handle / in a username, but why it would give you that winbind error, I don't know. I do know, however, that + works. The other thing your error message makes me think of is the service account that you may or may not have set as windbind's authorized user. But, that wouldn't make much sense, since you reported that wbinfo -u and wbinfo -g work well. To check it, try: wbinfo --get-auth-user One thing though, that will echo your service accounts password to the screen in plain text. So, you have to run it as root, and you have to be careful who's behind you. Cheers, Nathan -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
