[Samba] RE: Samba with ADS

Edward Ned Harvey samba at nedharvey.com
Mon Jun 15 23:51:28 GMT 2009 

> Environment: Sun Solaris 9 sparc
> Software: Samba-3.3.3, KRB5-1.6.3, OpenLDAP-2.4.11
> Problem:
> Am trying to create shares with Samba so that users can map to folders
> on this server using Active Directory. I am successful in creating a
> Kerberos ticket; I can join the domain; and wbinfo -u and -g give me
> users in the AD. However, getent passwd only gives me a list of users
> on the server and not in the AD. The winbindd.log file has a lot of
> these lines:
> 
> [2009/06/15 10:41:59,  0] winbindd/winbindd.c:request_len_recv(616)
>   request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:43:29,  0] winbindd/winbindd.c:request_len_recv(616)
>   request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:47:54,  0] winbindd/winbindd.c:request_len_recv(616)
>   request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:47:54,  0] winbindd/winbindd.c:request_len_recv(616)
>   request_len_recv: Invalid request size received: 2088 (expected 2096)
> [2009/06/15 10:47:54,  0] winbindd/winbindd.c:request_len_recv(616)
>   request_len_recv: Invalid request size received: 2088 (expected 2096)
> 
> If you have any advice and/or guidance, I would greatly appreciate it.
> Thank you!

I don't think you need to use winbind.  In all of my situations, winbind
only got in the way, and I always have more success with winbind disabled.
It's been a while since I read what winbind was for - I think it's meant to
keep track of UID/username mappings, to ensure consistency among multiple
samba servers if you have more than one.  For this purpose, I just use the
regular passwd files or NIS, both of which I think are more reliable and
simpler to manage.  

Instead of winbind, I just use "net join -w DOMAIN -U administrator" and use
smb.conf like this:
[global]
        workgroup = DOMAIN
        realm = DOMAIN.COM
        server string = Samba Server
        security = DOMAIN
        log file = /var/samba/log/log.%m
        max log size = 50
        unix extensions = No
        load printers = No
        printcap name = /dev/null
        dns proxy = No
        wins server = 192.168.x.y
        ldap ssl = no
        create mask = 0660
        security mask = 0660
        directory mask = 0770
        directory security mask = 0770

[share]
        path = /share
        read only = No

More information about the samba mailing list