TrueNAS not populating domain users in getent passwd, but groups are shown

Hello,

i am actually at the end of my thinking capacity. I am trying to set up a Active Directory (Univention based) with TrueNAS. The AD connection is working fine.

I am mounting a folder to a server with nfs and I would like the users, that get authenticated with univention to have to priviliges I can set there. Which means I need mapping between those users.

When I use the RID mapping for Truenas there is of course no link between the users and I can not use it. When I use the AD idmap I can get users in wbinfo -u and all the groups in wbinfo -g. I am also able to read the correct groups with getent group, but nothing from the domain is shown with getent passwd.

The nsswitch.conf does contain

passwd file winbind

I set the range of allowed mappings from 2000 - 9999 which is where the users are created (range 2000+). The groups that can be listed are in the range of 5000+. I tried the settings on CORE and SCALE and it’s both the same result.

Does anyone have any more ideas where I am wrong?

Thank you all.

Perhaps try the “unix primary group” checkbox in the idmap configuration.

Generally winbindd not listing a user indicates that it was unable to get enough information to fully populate a passwd struct (which means it’s either (1) looking in wrong place for attribute or (2) LDAP entry is missing vital data). NOTE: this applies to AD idmap backend. The RID backend generates data algorithmically and so doesn’t have this edge case.

Thanks for your help.

The checkbox is set but also without it being set, the search fails. Currently my guess is that the AD is missing data or sending wrong data. So I’ll try my luck at the other end.