Samba AD Users not showing up in system, Groups do show up
Description
Problem/Justification
Impact
SmartDraw Connector
Katalon Manual Tests (BETA)
Activity
I'm glad you were able to figure it out.
So that was a whirlwind of debugging and questioning:
As soon as I put a gidNumber on the `Domain Users` group in Active Directory, getent passwd worked again.
None of this explains why I had users before, without any problems, and they suddenly went away, unless there was some odd caching going on.
I also didn't know I needed to have a GID on Domain Users for any of this to work.
I'm not sure there's a bug here any more, but omg, this was a huge amount of insane spaghetti to figure out what was actually going on here. I suppose it's technically my fault, because I didn't know that, somehow, the Domain Users group would prevent all users from being picked up, since they're in that group by default. Wow.
I seem to be having nearly the same symptoms as this forum post: https://www.ixsystems.com/community/threads/getent-does-not-list-passwd-from-ad-on-11-1.61426/
If it helps any, I have verified that the userID does in fact show up, I found these debugging steps on the samba mailing list, https://lists.samba.org/archive/samba/2015-November/196050.html. From what I can tell it should be showing up in getent passwd
root@freenas[/var/log/samba4]# wbinfo -n dkowis
S-1-5-21-2022112486-4111327446-4197854780-1103 SID_USER (1)
root@freenas[/var/log/samba4]# net cache flush
root@freenas[/var/log/samba4]# wbinfo -S S-1-5-21-2022112486-4111327446-4197854780-1103
10001I manually stopped and started the samba service and then when doing getent passwd on the command line, I found these logs:
[2020/05/06 20:43:55.120848, 3] ../../source3/winbindd/winbindd_ads.c:325(query_user_list)
ads: query_user_list
[2020/05/06 20:43:55.137414, 3] ../../source3/winbindd/winbindd_ads.c:405(query_user_list)
query_user_list: ads query_user_list gave 5 entries
[2020/05/06 20:44:00.003678, 3] ../../libcli/security/dom_sid.c:213(dom_sid_parse_endp)
string_to_sid: SID is not in a valid format
[2020/05/06 20:44:00.003747, 3] ../../source3/winbindd/winbindd_msrpc.c:246(msrpc_name_to_sid)
msrpc_name_to_sid: name=DEFIANCE\OPERATOR
[2020/05/06 20:44:00.003785, 3] ../../source3/winbindd/winbindd_msrpc.c:260(msrpc_name_to_sid)
name_to_sid [rpc] DEFIANCE\OPERATOR for domain DEFIANCEIt appears that 5 users were returned, but somehow, they're not being used in the the passwd table.
Details
Details
Assignee
Reporter
Components
Fix versions
Affects versions
Priority
LowMore fields
Time tracking
More fields
Time trackingKatalon Platform
Linked Test Cases, Katalon Defect Results, Katalon Studio Test Results
Katalon Platform
Users from Samba 4 AD don't show up, but groups do.
I've been having consistent problems with my freenas. My windows desktop will eventually no longer be able to access file shares. I'll get an error: "This account is not authorized to connect from this machine."
Usually a logout/login on windows solves it.
Now I'm seeing that there are no users on my free nas from the Active Directory server. The groups are showing up, but not users. Checking the ACL for the samba share is the easiest place to find it. I have attached a screenshot. That group is resolved from the AD server, and the user should be as well, but it is not.