[Samba] Winbind Problem

Peter Eckhardt peter.eckhardt at dadi-linux.de
Mon Nov 8 16:02:15 GMT 2004


we are running samba-3.0.7 on a suse 9.0 installation. Everything works
fine so far only winbind authentication fails.

Samba runs as an ads client in a windows domain. Domain join worked
without problems. Winbind also started without problems.

The ADS Domain Server is responsible for the MED-DUS domain and has a
trust to a NT4 Server which serves the MEDOIL domain.

After some time winbind stops resolving MED-DUS names. MEDOIL names do
not have problems. After restarting winbind everything is back to normal
until the problem happens again ....

Here is my samba config

# Samba config file created using SWAT
# from (
# Date: 2004/03/09 08:30:06

# Global parameters
         encrypt passwords = yes
         ; printcap name = cups
         server string = fileservices
         realm = MED-DUS.LAN.MEDOIL.DE
         socket options = TCP_NODELAY
         os level = 20
         preferred master = no
         local master = no
         domain master = no
         winbind uid = 10000-20000
         password server = hpnt13.med-dus.lan.medoil.de
         ; printing = cups
         workgroup = MED-DUS
         ; unix password sync = yes
         unix charset = LOCALE
         ; wins server = hpnt13.med-dus.lan.medoil.de
         null passwords = yes
         interfaces = eth0 eth1
         template homedir = /home/%D/%u
         winbind gid = 10000-20000
         security = ads
         client use spnego = yes
;       winbind use default domain = yes
;       winbind enable local accounts = yes
         ldap ssl = no
         winbind separator = _
         template primary group = domusers
         winbind enum users = yes
         winbind enum groups = yes
         bind interfaces only = Yes
         show add printer wizard = no

         root preexec = test -d %H || /usr/local/bin/createhomedir.sh %H
%D %U
         browseable = no
         writeable = yes
         inherit acls = yes
         map acl inherit = yes
         inherit acls = yes

The domain is quite small (around 80 users). There is no wins server 
running. DNS works fine.

Are there known problems with winbind?
Might there be problems with kerberos?

Thanks for help


dadi-linux                       www.dadi-linux.de

Peter Eckhardt                   Fon: +49 6071 951256
Weberstr. 36B                    Fax: +49 6071 951257
64846 Groß-Zimmern               peter.eckhardt at dadi-linux.de

More information about the samba mailing list