[Samba] Auth errors with winbind on member server with Native AD

Paul_Krash codesup at alonsystems.com
Mon Apr 18 18:47:49 GMT 2005

John Stile wrote:
> So many people have posted this problem! 
> The steps to debug need to be in a FAQ.
> The short question is:
>    Can there be a disconnect between the short and long REALM names,
> leading to winbind-to-AD authentication errors? and How do I fix it?

Read this 1st (if you have not already).


I am assuming W2K3 server, your realm mapping in krb5.conf
looks fine. However, conversion from krb4 is not necessary.

What do the Windows Server Logs say?

Other thing I though might help:
in nsswitch.conf change to:

passwd:     files winbind
shadow:     files nisplus nis
group:      files winbind

hosts:      files dns winbind

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files

netgroup:   nisplus

publickey:  nisplus

automount:  files winbind nisplus
aliases:    files nisplus



More information about the samba mailing list