[Samba] Winbind?

Derek Harkness dharknes at umd.umich.edu
Tue Jul 13 17:36:23 GMT 2004 

I've been fighting with winbind for several months now have yet to get 
it to work according to the documentation.

I've got a Samba 3.0.4 PDC, named PDC, running on a Debian linux box, 
and I'm trying to add a second linux box, FCSPRTSRV.  I can successful 
join the domain using net rpc join -U dharknes and at the point I can 
access the samba server resources, I can do a ntlm_auth --username 
dharknes and that works, and wbinfo -t succeeds.  But if I try to use 
winbind in pam or nss then it fails.  wbinfo -u or -g both fail and 
wbinfo -m lists BUILTIN and FCSPRTSRV but not the UMD domain.  If I do 
a winbind -i then I get the following out put.

Added domain UMD  S-0-0
Added domain BUILTIN  S-1-5-32
Added domain FCSPRTSRV  S-1-5-21-3155517584-1503604126-1704732448

I'm just guessing but shouldn't the first line list the sid for the 
domain?

Here is the PDC config.
[global]
         workgroup = UMD
         netbios name = PDC
         password server = *
         nt status support = yes
         lanman auth = no
         wide links = no
         time server = Yes
         server signing = auto
         load printers = No
         add machine script = /usr/sbin/dadduser %m$
         domain logons = Yes
         os level = 36
         security = user
         local master = Yes
         preferred master = Yes
         domain master = Yes
         wins server = x1d.its.umd.umich.edu
         idmap uid = 100000-200000
         idmap gid = 100000-200000
         winbind trusted domains only = Yes
         socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192

Here is the domain member server config.
[global]

    workgroup = UMD
    wins server =  x1d.its.umd.umich.edu
    name resolve order = host wins
    encrypt passwords = yes
    security = DOMAIN
    password server = PDC
    invalid users = root
    printing = cups
    printcap name = cups
    socket options = TCP_NODELAY
    idmap uid = 100000-200000
    idmap gid = 100000-200000
    winbind enum users = yes
    winbind enum groups = yes
    winbind separator = +
    winbind cache time = 15
    winbind use default domain = yes
    template shell = /bin/bash

It is easier to fix Unix than to live with NT.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba/attachments/20040713/6f948d23/PGP.bin

More information about the samba mailing list