getent passwd username on winbind enabled CentOS returns nothing

Written by James McDonald

January 16, 2014

Problem: Added a CentOS 6.5 server to a Windows SBS 2011 domain. And discovered that I got an empty reply when running:

# where jamesmcd is your Windows domain username
getent passwd jamesmcd

If this is the case you will not be able to use your domain account and password to access the Linux Box via ssh or telnet.

Cause: Missing information in /etc/pam.d/system-auth and /etc/samba/smb.conf

Resolution: I think this is the fix… This assumes that you have successfully joined the domain using the net ads join command and can get a domain user  / group list using wbinfo -u wbinfo -g But are having trouble returning usernames with getent

In smb.conf it should like as follows
Note:  “winbind use default domain = Yes” so getent passwd doesn’t return the names using DOMAIN\username format.


        workgroup = AXXXXXS
        realm = AXXXXXS.LOCAL
        server string = Samba Server Version %v
        security = ADS
        log file = /var/log/samba/log.%m
        max log size = 50
        load printers = No
        template shell = /bin/bash
        winbind use default domain = Yes
        idmap config * : range = 16777216-33554431
        idmap config * : backend = tdb
        cups options = raw

use authconfig-tui to configure winbind authentication this will modify /etc/pam.d/system-auth with the correct pam_winbind entries see screen shots below.

after using the above /etc/nsswitch.conf should have

passwd: files winbind
shadow: files winbind
group: files winbind


service smb restart
service winbind restart


Enable “Use Winbind” and “Use Winbind Authentication”




Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.

You May Also Like…