getent passwd outputs only local users

I want to authenticate via Active Directory on a CentOS 6.4 server.

wbinfo -u and wbinfo -g display the domain users/groups. Authentication via wbinfo -a DOMAIN+user works. Authentication via kinit user works.

But for some reason, getent passwd and getent group only display local users/groups. I have found a lot of forum posts about this topic, but none provided a working solution.

Here is my /etc/samba/smb.conf:

[global]
        workgroup = DOMAIN
        realm = DOMAIN.LOCAL
        security = ADS
        max log size = 50
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config DOMAIN : schema_mode = rfc2307
        idmap config DOMAIN : range = 10000000-29999999
        idmap config DOMAIN : default = yes
        idmap config DOMAIN : backend = ad
        idmap config * : range = 20000-29999
        idmap config * : backend = tdb

/etc/krb5.conf:

[libdefaults]
 default_realm = DOMAIN.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 DOMAIN.LOCAL = {
  kdc = ADSERVER.DOMAIN.LOCAL
  admin_server = ADSERVER.DOMAIN.LOCAL
 }

/etc/nsswitch.conf:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

The AD server runs Windows Small Business Server 2008.

jgillich

Posted 2013-08-29T12:53:57.267

Reputation: 800

Answers

I used backend = ad, which requires additional configuration on the AD server. What I really wanted is backend = rid, everything works fine now.

jgillich

Posted 2013-08-29T12:53:57.267

Reputation: 800

What additional configuration on the AD server? – AWippler – 2014-05-08T16:31:08.067

@AWippler I am not sure because it wasn't what I needed anyway; this might help: https://www.samba.org/samba/docs/man/manpages/idmap_ad.8.html

– jgillich – 2014-05-08T18:24:25.977

My time sync was off. That is why i was having the same issue you were. – AWippler – 2014-05-08T18:26:21.840

I had the same problem. In my case it turned out I forgot to install the libnss-winbind and libpam-winbind packages on Ubuntu.

Hope this helps someone looking here with this problem ;)

acidtv

Posted 2013-08-29T12:53:57.267

Reputation: 243

Hello, welcome to superuser. your answer is not an answer and should be a comment or reworded into a question with your particular problems. Please see help at the top of the page to find guidance on how to use superuser Thankyou – mic84 – 2016-09-20T08:35:01.187

@mic84 Well, I could reword into a question, but the question would be same as this question, because I had exactly the same symptoms. Wouldn't it be better to have all possible solutions to these symptons in this place? Or would you rather create a new identical question for each one? – acidtv – 2016-09-21T07:22:04.183

1Your answer, be it a real answer or not, in fact helped me. Since the two libs aren't installed by default this is easily overlooked and I was glad someone took the time to post this at a place you eventually run into when looking for answers to that problem. – some-non-descript-user – 2017-04-26T09:10:00.707

None of the above worked for me on CentOS 7. What solved the problem was to open

/etc/nsswitch.conf

and suffix the following lines:

passwd:     files sss
shadow:     files sss
group:      files sss

with "winbind" as follows:

passwd:     files sss winbind
shadow:     files sss winbind
group:      files sss winbind

On saving the changes to the file, all of the following commands:

id <AD user name>
getent passwd
getent group

began working. No restart of smbd / nmbd / winbindd was required.

Pancho

Posted 2013-08-29T12:53:57.267

Reputation: 121

That's how I solved the problem.

change /etc/samba/smb.conf

change idmap config *:backend = ab to idmap config *:backend = tdb

This's OK。

this is my smb.conf

user3741566

Posted 2013-08-29T12:53:57.267

Reputation: 9

well, I have another problem after solving this problem.I have two centos machines, all joined in the Active Directory, and when I looked at the user id with getent passwd, I found that the same user was mapped to two different id on different machines. – user3741566 – 2017-08-03T10:41:46.617

finally, I solved this problem.i change idmap config *:backend = tdb to idmap config *:backend = rid , and the user id of all machine is same. there is a link to explain it,but you have to unstand chinese. 使用rid作为存储用户id的方式

– user3741566 – 2017-08-03T10:55:02.723

It appears you might have your own question. It is not possible for us to answer your question, since you submitted your question as an answer, and your non-english link (which contains the answer to your question) isn't helpful to the community as a large. Keep in mind the author's question while similar was not identical to your question (hence the reason they accepted an entirely different solution to their problem) and thus it's difficult to see the usefulness in your non-english solution. – Ramhound – 2017-08-21T19:36:14.813