Winbind not authenticating

Rowland Penny repenny241155 at gmail.com
Tue Aug 20 13:20:46 MDT 2013 

On 20/08/13 19:40, Juan Pablo Lorier wrote:
> Hi Rowland,
>
> Thanks for the answer. I understood from the mail you sent before that 
> the uid and gid were needed for ad backend. I changed it to tdb as a 
> result of your post.
> I haven't set anything in the AD, so there should be no gid and uid. I 
> thought that winbind maps the sid to uids and gids locally using a 
> local database, didn't know that the AD should have any extra 
> information at all.
> If you can send me the howto, I'll be very thankful so I can get this 
> done.
> Regards,
>
> On 19/08/13 16:05, Rowland Penny wrote:
>> On 19/08/13 19:20, Juan Pablo Lorier wrote:
>>> Hi,
>>>
>>> I've opened a new thread as the last one got stucked (thanks all the
>>> ones that tried to help in that one).
>>> I'm setting up a file server with samba4 (first 3.6 without success) 
>>> and
>>> winbind is not getting the users from the win2003 domain servers. 
>>> Wbinfo
>>> -u and -g work and I've created the kerberos tickets and joined the
>>> domain without troubles.
>>> Samba 4 is from the centos repo, version 4.0.rc4. Centos is 6.4
>>> I'm aware that this release is far from the git version, but is the one
>>> arround in every repo.
>>> If anybody can help on this, I'd be very thankful.
>>> Regards,
>>>
>>> Juan Pablo
>> Hi Juan,
>> I am sure that I have said this before, do your users on the win2003 
>> server have uidNumbers & gidNumbers?
>> If they do not have these attributes, then there is nothing for 
>> winbind in ad backend mode to get, also if they do have the 
>> attributes but they are outside the range you have used for the 
>> domain in smb.conf, you will again get nothing.
>>
>> If you are interested I can send you an howto that works, last tested 
>> on friday in a vm on a minimal install.
>>
>> Rowland
>>
>>
>
Hi, you need to have uidNumber & gidNumber attributes in each users DN, 
it also helps if the Domain Users & Domain Admins groups have a 
gidNumber, you also need to use either the rid or ad backend, do not use 
tdb for the domain.

I will send you the howto.

Rowland

More information about the samba-technical mailing list