getent passwd outputs only local users

I want to authenticate via Active Directory on a CentOS 6.4 server.

wbinfo -u and wbinfo -g display the domain users/groups. Authentication via wbinfo -a DOMAIN+user works. Authentication via kinit user works.

But for some reason, getent passwd and getent group only display local users/groups. I have found a lot of forum posts about this topic, but none provided a working solution.

Here is my /etc/samba/smb.conf:

[global]
        workgroup = DOMAIN
        realm = DOMAIN.LOCAL
        security = ADS
        max log size = 50
        template shell = /bin/bash
        winbind separator = +
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind use default domain = Yes
        idmap config DOMAIN : schema_mode = rfc2307
        idmap config DOMAIN : range = 10000000-29999999
        idmap config DOMAIN : default = yes
        idmap config DOMAIN : backend = ad
        idmap config * : range = 20000-29999
        idmap config * : backend = tdb

/etc/krb5.conf:

[libdefaults]
 default_realm = DOMAIN.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 DOMAIN.LOCAL = {
  kdc = ADSERVER.DOMAIN.LOCAL
  admin_server = ADSERVER.DOMAIN.LOCAL
 }

/etc/nsswitch.conf:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

The AD server runs Windows Small Business Server 2008.

I had the same problem. In my case it turned out I forgot to install the libnss-winbind and libpam-winbind packages on Ubuntu.

Hope this helps someone looking here with this problem ;)

I used backend = ad, which requires additional configuration on the AD server. What I really wanted is backend = rid, everything works fine now.