getent group is not working in an opensuse 13.1 member server for an active directory samba 4 domain
wbinfo -u, wbinfo -g, wbinfo -t and getent passwd | grep SIENIC are working, these are my configuration files and the output of the commands.
Note: the domain controller has samba installed from source (4.1.11), the member server has the distro packages
installed (4.1.0)
/etc/nsswitch.conf
/etc/krb5
/etc/samba/smb.conf
wbinfo -u, wbinfo -g, wbinfo -t and getent passwd | grep SIENIC are working, these are my configuration files and the output of the commands.
Note: the domain controller has samba installed from source (4.1.11), the member server has the distro packages
installed (4.1.0)
Code:
blue25:/home/SIENIC/administrator # wbinfo -u
SIENIC\administrator
SIENIC\dns-server01
SIENIC\krbtgt
SIENIC\guest
Code:
blue25:/home/SIENIC/administrator # wbinfo -g
SIENIC\allowed rodc password replication group
SIENIC\enterprise read-only domain controllers
SIENIC\denied rodc password replication group
SIENIC\read-only domain controllers
SIENIC\group policy creator owners
SIENIC\ras and ias servers
SIENIC\domain controllers
SIENIC\enterprise admins
SIENIC\domain computers
SIENIC\cert publishers
SIENIC\dnsupdateproxy
SIENIC\domain admins
SIENIC\domain guests
SIENIC\schema admins
SIENIC\domain users
SIENIC\dnsadmins
Code:
blue25:/home/SIENIC/administrator # wbinfo -t
checking the trust secret for domain SIENIC via RPC calls succeeded
Code:
blue25:/home/SIENIC/administrator # getent passwd | grep SIENIC
SIENIC\administrator:*:10000:10004:Administrator:/home/SIENIC/administrator:/bin/bash
SIENIC\dns-server01:*:10001:10004:dns-server01:/home/SIENIC/dns-server01:/bin/bash
SIENIC\krbtgt:*:10002:10004:krbtgt:/home/SIENIC/krbtgt:/bin/bash
SIENIC\guest:*:10003:10011:Guest:/home/SIENIC/guest:/bin/bash
Code:
blue25:/home/SIENIC/administrator # getent group | grep SIENIC
blue25:/home/SIENIC/administrator # getent group
/etc/nsswitch.conf
Code:
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# compat Use compatibility setup
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# [NOTFOUND=return] Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#
# passwd: files nis
# shadow: files nis
# group: files nis
passwd: compat winbind
group: compat winbind
hosts: files mdns_minimal [NOTFOUND=return] dns
networks: files dns
services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files nis
publickey: files
bootparams: files
automount: files nis
aliases: files
Code:
[libdefaults]
default_realm = SIENIC.SITE
clockskew = 300
# default_realm = EXAMPLE.COM
[realms]
SIENIC.SITE = {
kdc = server01.sienic.site
default_domain = sienic.site
admin_server = server01.sienic.site
}
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.sienic.site = SIENIC.SITE
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
minimum_uid = 1
}
Code:
[global]
workgroup = SIENIC
passdb backend = tdbsam
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
include = /etc/samba/dhcp.conf
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = No
#idmap gid = 10000-20000
#idmap uid = 10000-20000
kerberos method = secrets and keytab
realm = SIENIC.SITE
security = ADS
template homedir = /home/%D/%U
template shell = /bin/bash
usershare max shares = 100
winbind offline logon = yes
winbind refresh tickets = yes
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
idmap config *:range = 50000-60000
idmap config SIENIC:backend = ad
idmap config SIENIC:schema_mode = rfc2307
idmap config SIENIC:range = 10000-20000
winbind enum users = yes
winbind enum groups = yes