[Samba] Mixed success with Samba 3.0.28 and ADS

Daren Russell darenr at madaboutcable.com
Mon Jan 14 10:19:20 GMT 2008


I'm running FreeBSD with Samba 3.0.28 and have had success previously 
with FreeBSD and an earlier version of Samba, and am in the process of 
setting up a member server to act as a file server using the above 

I have created a kerberos ticket, and successfully joined the domain:

ksm-smb# net ads join -UAdministrator%password
Using short domain name -- END-DESIGN
Joined 'KSM-SMB' to realm 'END-DESIGN.PRI'
ksm-smb# net ads testjoin
Join is OK

However, I get from log.winbindd-idmap:
[2008/01/14 09:57:38, 1] nsswitch/idmap.c:idmap_init(377)
   Initializing idmap domains
[2008/01/14 10:02:37, 0] 
   async_request_timeout_handler: child pid 24842 is not responding. 
Closing connection to it.
[2008/01/14 10:02:37, 1] nsswitch/winbindd_util.c:trustdom_recv(235)
   Could not receive trustdoms

Doing a wbinfo -u or -g, receives a list of users and groups from the 
DC, although they do not get preceded by the short domain name as in all 
the examples (they are definitely valid users and groups on the DC 
though), however doing a wbinfo -i administrator tells me it could not 
get info for user administrator.

Trying 'getent passwd administrator' comes back blank, and 'getent 
passwd' only lists the local users.  The /etc/nsswitch file:

ksm-smb# cat /etc/nsswitch.conf
group: files winbind
group_compat: nis
passwd: files winbind
passwd_compat: nis
shells: files
shadow: files winbind

hosts: files dns
networks: files dns

services: files
protocols: files
rpc: files
ethers: files
netmasks: files
netgroup: files
publickey: files

bootparams: files
automount: files
aliases: files

Also, using wbinfo -a / -K also succeeds in authentication, and wbinfo 
-t comes back as succeeded.

Additionally, using the 'net ads' commands 'info' and 'status' comes 
back with lots of information suggesting it can talk to the AD server ok.

All this is the same config as the older server which has had to be 
replaced, so I am at a loss as to why this appears to work, but fails 
when it comes to users.

If anybody has any ideas, or has seen this before, I would most 
appreciate any ideas as to why this all seems to have joined perfectly, 
but doesn't seem able to get all the user information required.

Best Regards

More information about the samba mailing list