[Samba] Can't get users from AD tree

Jamie Gordon jgordon at wideorbit.com
Thu Dec 27 23:48:13 GMT 2007

I'm running Samba version Version 3.0.25b-1.el5_1.2 on RH Enterprise
Linux 5. I've configured the SMB server to get users from a Windows 2003
Server Active Directory tree. I was able to join the machine to the
domain with no problem.


Here's the smb.conf



idmap gid = 60000-90000

winbind trusted domains only = yes

encrypt passwords = yes

show add printer wizard = No

winbind use default domain = Yes

realm = <domain>;

netbios name = <servername>;

printing = cups

idmap uid = 10000-50000

password server = <dcname>;

workgroup = <domain>;

os level = 20

printcap name = cups

security = domain

winbind separator = 

disable spoolss = Yes 

winbind enum groups = yes 

winbind enum users = yes


My nsswitch.conf has the following;


passwd: files winbind

shadow: files

group: files winbind


wbinfo -u and wbinfo-g work well, returning a list of users and groups.
However, when I issue 'getent passwd' my winbind log

(/var/log/samba/winbindd.log) shows a long list of the following and no
users are added to the passwd db;


[2007/12/04 12:11:03, 1] nsswitch/winbindd_ads.c:query_user_list(209)

Not a user account? atype=0x30000000


Also if I run PDBedit -L, I get a long list of the following;


build_sam_account: smbpasswd database is corrupt!  username joeuser with
uid 10350 is not in unix passwd database!


Not sure where to go from here. 

Any help would be appreciated.


Jamie Gordon

QA Manager


jgordon at wideorbit.com <mailto:jgordon at wideorbit.com> 


"You can't make what you can't measure, 'cause you don't know when
you've got it made."


More information about the samba mailing list