# Winbind Samba issue id user and getent



## hakhak91 (Jul 21, 2016)

Hello all,

I have an issue regarding the id user from AD.

```
root@xxxxx:/home/vlt-adm # id myuserAD
id: myuserAD: no such user
```
Also no result with 
`getent passwd | grep myuserAD`

But 
`wbinfo -g` and `wbinfo -u` are working 

I'm 10.2-RELEASE FreeBSD 10.2-RELEASE

and installed samba44-4.4.5_1 pam_mkhomedir krb5-114-1.14.2 pam_krb5-4.7_2

this is my kerberos file

```
#vi /etc/krb5.conf
[libdefaults]
  default_realm = MYDOMAIN.FR
  ticket_lifetime = 24000
  fowardable = true
  proxiable = true
  dns_fallback = no

[realms]
  MYDOMAIN.FR = {
  kdc = DC01.MYDOMAIN.FR
  kdc = DC02.MYDOMAIN.FR
  kdc = DC03.MYDOMAIN.FR
  admin_server = MYDOMAIN.FR
  default_domain = MYDOMAIN.FR
  }

[domain_realm]
  .MYDOMAIN.FR = MYDOMAIN.FR
MYDOMAIN.FR = MYDOMAIN.FR

klist and net joint
OK
```
Result of testparm(1)

```
root@xxxxx:/home/vlt-adm # testparm
Load smb config files from /usr/local/etc/smb4.conf
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER

Press enter to see a dump of your service definitions

# Global parameters
[global]
workgroup = MYDOMAIN
realm = MYDOMAIN.FR
security = ADS
os level = 0
preferred master = No
local master = No
domain master = No
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash
winbind separator = /
winbind cache time = 30
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config * : range = 10000-20000
idmap config * : backend = tdb

And from the server I try 
#su myuserAD
su: unknown login: myuserAD
```

Any ideas please?
Your help is welcome


----------



## acheron (Jul 21, 2016)

What is the content of /etc/nsswitch.conf?


----------



## hakhak91 (Jul 21, 2016)

`vlt-adm@xxx:~ % more /etc/nsswitch.conf`


```
group: compat winbind
group_compat: nis
hosts: files dns
networks: files
passwd: compat winbind
passwd_compat: nis
shells: files
services: compat
services_compat: nis
protocols: files
rpc: files
```


----------



## acheron (Jul 21, 2016)

Can you try with this:

```
...
group: files winbind
passwd: files winbind
...
```


----------



## hakhak91 (Jul 21, 2016)

It works!
Thank you.

But what do "files" and "compat" mean, please?


----------



## SirDice (Jul 21, 2016)

hakhak91 said:


> But what do "files" and "compat" mean, please?


nsswitch.conf(5)


----------

