[Samba] Authenticating Linux Against AD with Winbind

Jason Rotunno jrotunno at swarthmore.edu
Mon Oct 9 19:41:28 GMT 2006


I'm trying to set up a Linux box to authenticate users against AD (Win 
2003) using winbind by following the Official Samba-3 HOWTO 
(http://samba.org/samba/docs/man/Samba3-HOWTO/winbind.html). We're 
running Redhat AS 3 and Samba 3.0.9. Our smb.conf look like this:

[global]
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
template homedir = /home/winnt/%D/%U
template shell = /bin/bash
workgroup = garnet
server string = Samba Server
netbios name = testmail2
printcap name = /etc/printcap
load printers = yes
cups options = raw
log file = /var/log/samba/%m.log
max log size = 50
security = server
password server = sauger
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
local master = no
dns proxy = no
[homes]
comment = Home Directories
browseable = no
writable = yes
[printers]
comment = All Printers
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes


We get an error when trying to join the domain, but it apparently 
succeeds despite this:

[root at testmail2 root]# net rpc join -d 1 -S sauger -U our.username%our.pass
[2006/10/09 14:00:45, 1] utils/net_rpc.c:run_rpc_command(142)
  rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Joined domain GARNET.


It looks like we have a trust relationship established:

[root at testmail2 root]# wbinfo -t
checking the trust secret via RPC calls succeeded


We can query individual users on the domain and get their SIDs:

[root at testmail2 root]# wbinfo -n Administrator
S-1-5-21-464344880-1607010998-1540833222-5703 User (1)


We're not able to list all of the users on the domain, though:

[root at testmail2 root]# wbinfo -u
Error looking up domain users


Also, when we try to retrieve the groups it only shows the built in groups:

[root at testmail2 root]# wbinfo -g
BUILTIN+System Operators
BUILTIN+Replicators
BUILTIN+Guests
BUILTIN+Power Users
BUILTIN+Print Operators
BUILTIN+Administrators
BUILTIN+Account Operators
BUILTIN+Backup Operators
BUILTIN+Users


I'm stuck at this point and although google shows a number of instances 
of people having similar problems, none seem to help here. Any 
suggestions? If more info is needed, just let me know.

Thanks a lot,
Jason


More information about the samba mailing list