[Samba] Samba 3.0.24 + Winbind + Active Directory 2003 on RedHat AS 4.0

PO Michel pomichel74 at yahoo.fr
Tue Feb 13 09:24:39 GMT 2007

  Hello all,
    I have compiled the latest samba release (3.0.249 on a RedHat AS 4.0 platform with the following options :
    ./configure −−with−smbwrapper −−with−dce−dfs −−with−smbmount −−with−pam −−with−pam_smbpass −−with−syslog −−with−quotas −−with−libsmbclient −−with−acl−support −−with−winbind −−with−winbind−auth−challenge
    I have modified the smb startup script so that winbind starts with smb.
    The libnss_winbind.so and libnss_wins.so have been copied in the appropriate directory
    DNS is properly setup.
    Here is my smb.conf file :
    workgroup = WKG
  server string = server_name
  netbios name = server
  security = ADS
  password server = dc.wkg.ch
  realm = WKG.CH
  encrypt passwords = yes
  winbind separator = +
  idmap uid = 10000-20000
  idmap gid = 10000-20000
  winbind enum users = yes
  winbind enum groups = yes
  template homedir = /home/winnt/%D/%U
  template shell = /bin/bash
  winbind use default domain = no
  wins server = IP address
  client use spnego = no
  map acl inherit = yes
  nt acl support = yes
  allow trusted domains = no
  winbind use default domain = no
  obey pam restrictions = no
  My /etc/pam.d/login looks like the following :
    auth    required        pam_securetty.so
  auth    sufficient      pam_winbind.so
  auth    sufficient      pam_unix.so use_first_pass
  auth    required        pam_stack.so service=system-auth
  auth    required        pam_nologin.so
  account sufficient      pam_winbind.so
  account required        pam_stack.so service=system-auth
  password required       pam_stack.so service=system-auth
  session required        pam_stack.so service=system-auth
  session optional        pam_console.so
  My /etc/pam.d/samba looks like the following :
    auth            sufficient      pam_winbind.so
  auth            required        pam_unix.so nullok
  account         sufficient      pam_winbind.so
  account         required        pam_unix.so
  session         required        pam_unix.so
  password        required        pam_unix.so
    My Samba server has successfully joined the domain with the net ads command.
    wbinfo –u and wbinfo –g commands the list of users and groups from the main and the trusted domain (though I would like to get only the main domain info).
    I have set the winbind authentication user with the wbinfo –set-auth-user command.
    I can see the Samba server in my Windows XP’s network neighbourhood but not in the WKG domain. I cannot browse the shares I have created.
    Here are the last lines of my winbindd.log file :
    [2007/02/13 10:01:14, 1] nsswitch/winbindd_ads.c:query_user_list(218)
    Not a user account? atype=0x30000000
Any idea ?

Many thanks,


 Découvrez une nouvelle façon d'obtenir des réponses à toutes vos questions ! Profitez des connaissances, des opinions et des expériences des internautes sur Yahoo! Questions/Réponses.

More information about the samba mailing list