[Samba] Winbind do not maintains mappings between UIDs, GIDs and SIDs

Jiří Červenka cervenka at sps-pi.cz
Wed Dec 6 11:59:05 GMT 2006

I´m trying to use winbind to allow my AD users to logon to our linux 
I´m using FC6 and Samba 3.0.23c-2.
I have several problems:

1. When I start linux machine and immediately ofter logging in I try to 
check trust secret by running wbinfo -t
 I receive this error:
checking the trust secret via RPC calls failed
error code was NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
could not check secret

When I try to run wbinfo -t after a short while it returns:
checking the trust secret via RPC calls succeeded.

Is this normal behaviour?

2.Winbind do not maintain mappings between UIDs, GIDs and SIDs
Winbindd and smbd are running, but when I run getent passwd I receive 
list of
linux local users. And I´m not able to login to my linux machine until I 
add information about user in \etc\paswd. But this is unacceptable for 
me because I have
600+ users in my domain. Is there way how to make winbind to 
automaticaly update user mappings?

3. When I manually add informations about user into passwd I´m able to 
login but
after inserting username I have to insert my password twice. Where can 
be the problem?

My configuration files:

My smb.conf:
 workgroup = MYDOMAIN.COM
 server string = Samba Server
 security = domain
 winbind separator = \
idmap uid = 16777216-33554431
 idmap gid = 16777216-33554431
 winbind enum users = yes
 winbind enum groups = yes
 template homedir = /home/winnt/%U
 template shell = /bin/bash
 winbind use default domain = true
 winbind cache time = 10
 encrypt passwords = yes
winbind trusted domains only = yes
 obey pam restrictions = yes
 password server = server.mydomain.com
 comment = Home Directories
 browseable = no
 writable = yes

My nsswitch.conf:

passwd:     files winbind
shadow:     files winbind
group:      files winbind
hosts:      files dns
bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind
netgroup:   files winbind
publickey:  nisplus
automount:  files winbind
aliases:    files nisplus

My pam.d configuration:
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     sufficient    pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass 
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in 
crond quiet use_uid
session     required      pam_unix.so

session     required    pam_mkhomedir.so skel=/etc/skel/ umask=0022

Thanks for any help.


More information about the samba mailing list