SAMBA4 - getent passwd - uniquement users locaux

Support Debian
#1

Bonjour,

Voici mon soucis.

J’ai installé un serveur de fichier à l’aide de samba4. Je l’ai intégré au domaine et réussi bien à récupérer les users/groups via winbind (wbinfo -u/-g)

par contre, getent ne me donne que les utilisateurs locaux. j’ai fouillé un peu partout mais je n’ai pas trouvé de solution.

Merci de votre aide

Voici ma conf

Debian Jessie
Samba 4.1.17
Mon controleur de domaine est en samba 4.2.3

krb5.conf

[libdefaults]
        dns_lookup_realm = true
        dns_lookup_kdc = true
	default_realm = MONDOMAINE.LAN
        clockskew = 3600

# The following krb5.conf variables are only for MIT Kerberos.
	krb4_config = /etc/krb.conf
	krb4_realms = /etc/krb.realms
	kdc_timesync = 1
	ccache_type = 4
	forwardable = true
	proxiable = true

# The following encryption type specification will be used by MIT Kerberos
# if uncommented.  In general, the defaults in the MIT Kerberos code are
# correct and overriding these specifications only serves to disable new
# encryption types as they are added, creating interoperability problems.
#
# Thie only time when you might need to uncomment these lines and change
# the enctypes is if you have local software that will break on ticket
# caches containing ticket encryption types it doesn't know about (such as
# old versions of Sun Java).

#	default_tgs_enctypes = des3-hmac-sha1
#	default_tkt_enctypes = des3-hmac-sha1
#	permitted_enctypes = des3-hmac-sha1

# The following libdefaults parameters are only for Heimdal Kerberos.
	v4_instance_resolve = false
	v4_name_convert = {
		host = {
			rcmd = host
			ftp = ftp
		}
		plain = {
			something = something-else
		}
	}
	fcc-mit-ticketflags = true

[realms]
	ATHENA.MIT.EDU = {
		kdc = kerberos.mit.edu:88
		kdc = kerberos-1.mit.edu:88
		kdc = kerberos-2.mit.edu:88
		admin_server = kerberos.mit.edu
		default_domain = mit.edu
	}
	MEDIA-LAB.MIT.EDU = {
		kdc = kerberos.media.mit.edu
		admin_server = kerberos.media.mit.edu
	}
	ZONE.MIT.EDU = {
		kdc = casio.mit.edu
		kdc = seiko.mit.edu
		admin_server = casio.mit.edu
	}
	MOOF.MIT.EDU = {
		kdc = three-headed-dogcow.mit.edu:88
		kdc = three-headed-dogcow-1.mit.edu:88
		admin_server = three-headed-dogcow.mit.edu
	}
	CSAIL.MIT.EDU = {
		kdc = kerberos-1.csail.mit.edu
		kdc = kerberos-2.csail.mit.edu
		admin_server = kerberos.csail.mit.edu
		default_domain = csail.mit.edu
		krb524_server = krb524.csail.mit.edu
	}
	IHTFP.ORG = {
		kdc = kerberos.ihtfp.org
		admin_server = kerberos.ihtfp.org
	}
	GNU.ORG = {
		kdc = kerberos.gnu.org
		kdc = kerberos-2.gnu.org
		kdc = kerberos-3.gnu.org
		admin_server = kerberos.gnu.org
	}
	1TS.ORG = {
		kdc = kerberos.1ts.org
		admin_server = kerberos.1ts.org
	}
	GRATUITOUS.ORG = {
		kdc = kerberos.gratuitous.org
		admin_server = kerberos.gratuitous.org
	}
	DOOMCOM.ORG = {
		kdc = kerberos.doomcom.org
		admin_server = kerberos.doomcom.org
	}
	ANDREW.CMU.EDU = {
		kdc = kerberos.andrew.cmu.edu
		kdc = kerberos2.andrew.cmu.edu
		kdc = kerberos3.andrew.cmu.edu
		admin_server = kerberos.andrew.cmu.edu
		default_domain = andrew.cmu.edu
	}
	CS.CMU.EDU = {
		kdc = kerberos.cs.cmu.edu
		kdc = kerberos-2.srv.cs.cmu.edu
		admin_server = kerberos.cs.cmu.edu
	}
	DEMENTIA.ORG = {
		kdc = kerberos.dementix.org
		kdc = kerberos2.dementix.org
		admin_server = kerberos.dementix.org
	}
	stanford.edu = {
		kdc = krb5auth1.stanford.edu
		kdc = krb5auth2.stanford.edu
		kdc = krb5auth3.stanford.edu
		master_kdc = krb5auth1.stanford.edu
		admin_server = krb5-admin.stanford.edu
		default_domain = stanford.edu
	}
        UTORONTO.CA = {
                kdc = kerberos1.utoronto.ca
                kdc = kerberos2.utoronto.ca
                kdc = kerberos3.utoronto.ca
                admin_server = kerberos1.utoronto.ca
                default_domain = utoronto.ca
	}

[domain_realm]
	.mit.edu = ATHENA.MIT.EDU
	mit.edu = ATHENA.MIT.EDU
	.media.mit.edu = MEDIA-LAB.MIT.EDU
	media.mit.edu = MEDIA-LAB.MIT.EDU
	.csail.mit.edu = CSAIL.MIT.EDU
	csail.mit.edu = CSAIL.MIT.EDU
	.whoi.edu = ATHENA.MIT.EDU
	whoi.edu = ATHENA.MIT.EDU
	.stanford.edu = stanford.edu
	.slac.stanford.edu = SLAC.STANFORD.EDU
        .toronto.edu = UTORONTO.CA
        .utoronto.ca = UTORONTO.CA

[login]
	krb4_convert = true
	krb4_get_tickets = false

smb.conf

[code][global]
netbios name = SRVFICHIERS2
workgroup = MONDOMAINE
security = ADS
realm = MONDOMAINE.LAN
encrypt passwords = yes

idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config MONDOMAINE:backend = ad
idmap config MONDOMAINE:schema_mode = rfc2307
idmap config MONDOMAINE:range = 3000000-4000000

winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes

vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes

[test]
path=/home/test
browseable = yes
read only = no
guest ok = yes
writeable = yes
admin users = “@MONDOMAINE\Domain Admins”

[/code]

nsswitch

[code]# /etc/nsswitch.conf

Example configuration of GNU Name Service Switch functionality.

If you have the glibc-doc-reference' andinfo’ packages installed, try:

`info libc “Name Service Switch”’ for information about this file.

passwd: compat winbind
group: compat winbind
shadow: compat winbind
gshadow: files

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis
[/code]