[Samba] how to make 'winbind nss info = sfu' work in v >= 3.0.26a

Jonathan Detert Jonathan.Detert at msoe.edu
Tue Apr 15 20:40:53 GMT 2008

There is an instance of Ms.Active Directory that has had the 'Services
For Unix' applied.

I use winbind v3.0.24 to get user/group info from that Ms.Active directory
instance like so:
-------- begin smb.conf snippet: ------------
security = ADS
realm = mydomain.com
workgroup = MYDOMAIN

winbind enum groups = yes
winbind enum users = yes
winbind nested groups = yes
winbind nss info = sfu
winbind separator = +
winbind use default domain = yes

idmap gid = 500-45000
idmap uid = 500-45000
idmap backend = ad
-------- end   smb.conf snippet: ------------

that works fine on ubuntu v7.04.

The same config, shown above, does not work under winbind v3.0.26a
running on ubuntu v7.10.  I can turn an name into a sid, and the sid
back into a name (via wbinfo -n and -s, respectively), but I can't turn
a sid into a unix uid or gid (via the -S argument).  Also, 'getent passwd'
doesn't return any users from Active Directory.

Any idea what's wrong?  Is it my config?
Jon Detert
IT Systems Administrator, Milwaukee School of Engineering
1025 N. Broadway, Milwaukee, Wisconsin 53202, U.S.A.
Linus Torvalds can divide by zero.

More information about the samba mailing list