[Samba] wbinfo -u lists ADS users without domain,getent passwd returns only local users

I'm using Samba/Winbind for single-sign on in a network where Active
Directory is the authoritative authentication source. The active
directory server is Windows 2003 with Services for Unix installed so
that the schema is extended and the management interface has a "Unix
Attributes" tab.



wbinfo -u produces a list of users, without a DOMAIN+ prefix.



getent passwd lists only local users



although



getent passwd username produces the proper info. Same behavior for
groups.



Could SELinux interference be the problem? This happens even after I
completely disable it, leave the domain, and then rejoin the domain and
restart everything.



Everything is "working", but this strikes me as incorrect behavior.



Here's a dump of my samba config



[global]

workgroup = BLAH

realm = BLAHHQ.BLAH-INC.COM

server string = Samba Server Version %v

security = ADS

auth methods = winbind

password server = BLAH-DC-02.BLAHHQ.BLAH-INC.COM
BLAH-DC-04.BLAHHQ.BLAH-INC.COM

idmap domains = BLAHHQ.BLAH-INC.COM

idmap uid = 16777216-33554431

idmap gid = 16777216-33554431

template homedir = /home/%U

template shell = /bin/bash

winbind separator = +

winbind enum users = Yes

winbind enum groups = Yes

winbind use default domain = Yes

winbind nss info = sfu

idmap config BLAHHQ.BLAH-INC.COM:range = 10000-40000

idmap config BLAHHQ.BLAH-INC.COM:backend = ad

idmap config BLAHHQ.BLAH-INC.COM:default = yes

idmap config BLAHHQ.BLAH-INC.COM:schema_mode = sfu



[homes]

comment = Home Directories

valid users = BLAHHQ.BLAH-INC.COM+%S

read only = No

browseable = No



nsswitch.conf lists "files winbind"



There's nothing particularly exotic going on here, as far as I can tell
(other than the hassle created by SELinux). What am I missing? If y'all
need more info, please tell me.



Regards,

Thomas Leavitt

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba