getent group is not working

getent group is not working in an opensuse 13.1 member server for an active directory samba 4 domain
wbinfo -u, wbinfo -g, wbinfo -t and getent passwd | grep SIENIC are working, these are my configuration files and the output of the commands.

Note: the domain controller has samba installed from source (4.1.11), the member server has the distro packages

installed (4.1.0)


blue25:/home/SIENIC/administrator # wbinfo -u
SIENIC\administrator
SIENIC\dns-server01
SIENIC\krbtgt
SIENIC\guest
blue25:/home/SIENIC/administrator # wbinfo -g
SIENIC\allowed rodc password replication group
SIENIC\enterprise read-only domain controllers
SIENIC\denied rodc password replication group
SIENIC\read-only domain controllers
SIENIC\group policy creator owners
SIENIC\ras and ias servers
SIENIC\domain controllers
SIENIC\enterprise admins
SIENIC\domain computers
SIENIC\cert publishers
SIENIC\dnsupdateproxy
SIENIC\domain admins
SIENIC\domain guests
SIENIC\schema admins
SIENIC\domain users
SIENIC\dnsadmins
blue25:/home/SIENIC/administrator # wbinfo -t
checking the trust secret for domain SIENIC via RPC calls succeeded
blue25:/home/SIENIC/administrator # getent passwd | grep SIENIC
SIENIC\administrator:*:10000:10004:Administrator:/home/SIENIC/administrator:/bin/bash
SIENIC\dns-server01:*:10001:10004:dns-server01:/home/SIENIC/dns-server01:/bin/bash
SIENIC\krbtgt:*:10002:10004:krbtgt:/home/SIENIC/krbtgt:/bin/bash
SIENIC\guest:*:10003:10011:Guest:/home/SIENIC/guest:/bin/bash
blue25:/home/SIENIC/administrator # getent group | grep SIENIC

blue25:/home/SIENIC/administrator # getent group

/etc/nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       compat                  Use compatibility setup
#       nisplus                 Use NIS+ (NIS version 3)
#       nis                     Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       [NOTFOUND=return]       Stop searching if not found so far
#
# For more information, please read the nsswitch.conf.5 manual page.
#

# passwd: files nis
# shadow: files nis
# group:  files nis

passwd:    compat winbind
group:    compat winbind

hosts:    files mdns_minimal [NOTFOUND=return] dns
networks:    files dns

services:    files
protocols:    files
rpc:    files
ethers:    files
netmasks:    files
netgroup:    files nis
publickey:    files

bootparams:    files
automount:    files nis
aliases:    files


/etc/krb5


[libdefaults]
    default_realm = SIENIC.SITE
    clockskew = 300
#    default_realm = EXAMPLE.COM 

[realms]
SIENIC.SITE = {
    kdc = server01.sienic.site
    default_domain = sienic.site
    admin_server = server01.sienic.site
}
#    EXAMPLE.COM = {
#                kdc = kerberos.example.com
#        admin_server = kerberos.example.com
#    }

[logging]
    kdc = FILE:/var/log/krb5/krb5kdc.log
    admin_server = FILE:/var/log/krb5/kadmind.log
    default = SYSLOG:NOTICE:DAEMON
[domain_realm]
    .sienic.site = SIENIC.SITE
[appdefaults]
pam = {
    ticket_lifetime = 1d
    renew_lifetime = 1d
    forwardable = true
    proxiable = false
    minimum_uid = 1
}


/etc/samba/smb.conf

[global]
    workgroup = SIENIC
    passdb backend = tdbsam
    printing = cups
    printcap name = cups
    printcap cache time = 750
    cups options = raw
    map to guest = Bad User
    include = /etc/samba/dhcp.conf
    logon path = \\%L\profiles\.msprofile
    logon home = \\%L\%U\.9xprofile
    logon drive = P:
    usershare allow guests = No
    #idmap gid = 10000-20000
    #idmap uid = 10000-20000
    kerberos method = secrets and keytab
    realm = SIENIC.SITE
    security = ADS
    template homedir = /home/%D/%U
    template shell = /bin/bash
    usershare max shares = 100
    winbind offline logon = yes
    winbind refresh tickets = yes
    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes
    idmap config *:range = 50000-60000
    idmap config SIENIC:backend = ad
    idmap config SIENIC:schema_mode = rfc2307
    idmap config SIENIC:range = 10000-20000
    winbind enum users = yes
    winbind enum groups = yes


Hello,
It might help to describe what you are trying to do, what this User Group(?) is expected to do for you.

Read your posted code which might be useful if I understood what you’re trying to accomplish…
:slight_smile:

I suppose it would also be useful to post the reference you’re using to setup
And although I can derive the various relevant machine names in your Domain, the various AD User and Group names and possibly local User and Group names, it would be nice to list them so there is no mis-understanding.

I’m not sure, is the DC you’re connecting to really called server01.SIENIC.SITE ?

TSU