Samba AD Users not showing up in system, Groups do show up

Description

Users from Samba 4 AD don't show up, but groups do.

I've been having consistent problems with my freenas. My windows desktop will eventually no longer be able to access file shares. I'll get an error: "This account is not authorized to connect from this machine."

Usually a logout/login on windows solves it.

Now I'm seeing that there are no users on my free nas from the Active Directory server. The groups are showing up, but not users. Checking the ACL for the samba share is the easiest place to find it. I have attached a screenshot. That group is resolved from the AD server, and the user should be as well, but it is not.

Problem/Justification

None

Impact

None

SmartDraw Connector

Katalon Manual Tests (BETA)

Activity

Andrew Walker 
May 7, 2020 at 11:02 AM

I'm glad you were able to figure it out.

David Kowis 
May 7, 2020 at 2:55 AM

So that was a whirlwind of debugging and questioning:

https://bytesandbones.wordpress.com/2018/04/05/samba-wbcgetpwnam-wbc_err_domain_not_found-on-linux-domain-member/

As soon as I put a gidNumber on the `Domain Users` group in Active Directory, getent passwd worked again.

None of this explains why I had users before, without any problems, and they suddenly went away, unless there was some odd caching going on.

I also didn't know I needed to have a GID on Domain Users for any of this to work.

I'm not sure there's a bug here any more, but omg, this was a huge amount of insane spaghetti to figure out what was actually going on here. I suppose it's technically my fault, because I didn't know that, somehow, the Domain Users group would prevent all users from being picked up, since they're in that group by default. Wow.

David Kowis 
May 7, 2020 at 2:24 AM

I seem to be having nearly the same symptoms as this forum post: https://www.ixsystems.com/community/threads/getent-does-not-list-passwd-from-ad-on-11-1.61426/

David Kowis 
May 7, 2020 at 1:55 AM

If it helps any, I have verified that the userID does in fact show up, I found these debugging steps on the samba mailing list, https://lists.samba.org/archive/samba/2015-November/196050.html. From what I can tell it should be showing up in getent passwd

David Kowis 
May 7, 2020 at 1:45 AM

I manually stopped and started the samba service and then when doing getent passwd on the command line, I found these logs:

It appears that 5 users were returned, but somehow, they're not being used in the the passwd table.

User Configuration Error

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

More fields

Katalon Platform

Created May 6, 2020 at 11:58 PM
Updated July 1, 2022 at 4:53 PM
Resolved May 7, 2020 at 11:02 AM