Bug 692652

Summary: After setting up winbind identification and authentication, no users are listed using wbinfo -u
Product: [Fedora] Fedora Reporter: Oded Arbel <oded>
Component: sambaAssignee: Guenther Deschner <gdeschner>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 15CC: gdeschner, jlayton, ssorce
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-03 23:45:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Oded Arbel 2011-03-31 19:11:20 UTC 
Description of problem:
In a new Fedora 15 installation, I've ran authconfig to set up winbind authentication in exactly the same way I did for Fedora 14. The setup completed without an error or warning (including joining the domain).

After the setup is completed, nsswitch.conf is configured propertly, wbinfo -t returns "succeeded" but 'getent passwd' does not list any domain users, nor does wbinfo -u or wbinfo -g lists any groups. 

Running 'net ads user -UAdministrator' and 'net ads group -UAdministrator' shows the complete list, while 'net rpc user -UAdministrator' fails with the error "Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)"

Version-Release number of selected component (if applicable):
3.6.0-64pre1.fc15.1

How reproducible:
Not sure - only did this once but it was pretty straight forward so I believe it is reproducible.

Steps to Reproduce:
1. Install Fedora 15 from live CD
2. Log in as root and install samba-winbind
3. Start authentication configuration and set up winbind authentication
  
Actual results:
getent passwd shows no ActiveDirectory users.

Expected results:
getent shows all users and groups from ActiveDirectory

Additional info:
Without user information, no log in with an ActiveDirectory user can succeed, obviously, so its very important to get that working.
Comment 1 Simo Sorce 2011-04-03 23:45:08 UTC 
This has been the default behaviour for winbind for a long time (years).

See smb.conf man page on how to enable account enumeration if you need to enumerate all users/groups.

Note that retrieving a specific user|group is always possible by simply explicitly requesting it by name or id (getent passwd|group foobar) independently of whether enumeration is enabled.
Comment 2 Oded Arbel 2011-04-04 07:08:51 UTC 
As far as I understand, winbind will not enumerate users by default using getent, but wbinfo -u should always enumerate users - and as I've described above it doesn't work.

Also, requesting a user by name, for example using 'getent passwd oded.a' fails and that's why logins with ActiveDirectory users fails as well.

I'm changing the bug description to specify that wbinfo will not enumerate users either.