[Samba] samba-kerboros-winbind

Shade, William M GARRISON william.shade1 at us.army.mil
Tue Mar 18 16:55:35 GMT 2003

I would like to be able to use Windows Active Directory accounts for logon to a
Linux RH8 desktop.  I have successfully used Kerberos to add the desktop to the
AD domain.  I am also able to use Kerberos or rpc to view users & groups.  I
have not been able to use winbind.  I am using the Samba3.aplha22 RPM. Our AD
domain has restrict anonymous set to 1 for the DC's.  Following the How-To for
Winbind when I attempt run wbinfo -u or -g, I get the error message "Error
looking up domain groups/users".

Any clue as to what I'm doing wrong?  Do I need winbind or can I just use
Kerberos?  Is it possible to create the equivalent of the Domain Users group
being the member of the local Users group and Domain Admins being the member of
the local Administrators group on a SAMBA enabled Linux box as it occurs in
Windows 2000?

Please find below my smb & nsswitch settings with a certain amount of

# Global parameters
        workgroup = "my Pre-Windows 2000 Domain Name"
        server string = Linux Desktop
        security = DOMAIN
        password server = "DC List"
        passwd program = /usr/bin/passwd %u
        passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n
        unix password sync = Yes
        log file = /var/log/samba/log.%m
        max log size = 50
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        wins server = "wins server ip"
        winbind uid = 10000-20000
        winbind gid = 10000-20000
        template homedir = /home/winnt/%D/%U
        template shell = /bin/bash
        winbind separator = +

        comment = Home Directories
        read only = No
        browseable = No

        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

        comment = Public Samba Doc
        path = /usr/share/doc/samba-3.0alpha22/docs/htmldocs
        write list = @admin
        guest ok = Yes

# /etc/nsswitch.conf
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
# Legal entries are:
#	nisplus or nis+		Use NIS+ (NIS version 3)
#	nis or yp		Use NIS (NIS version 2), also called YP
#	dns			Use DNS (Domain Name Service)
#	files			Use the local files
#	db			Use the local database (.db) files
#	compat			Use NIS on compat mode
#	hesiod			Use Hesiod for user lookups
#	[NOTFOUND=return]	Stop searching if not found so far

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files winbind
shadow:     files
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files     

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   files

publickey:  nisplus

automount:  files
aliases:    files nisplus

William.shade at redstone.army.mil

More information about the samba mailing list