[Samba] Samba 3.4.2 and Active Directory auth

Rick Barnes linux at sitevision.com
Mon Nov 9 11:12:09 MST 2009

I am trying to setup 2 workstations installed with Fedora 11 and samba 3.4.2. One is x86_64 and the other is i686 and I have the same issue with both. Neither machine will allow domain users from AD (Server 2003 R2) to authenticate. I have successfully send up samba on multiple CentOS 5.4 servers but they are still on 3.0.33 not 3.4.2.

At this point, I have joined the workstations and both wbinfo -u and wbinfo -g show the domain users and groups. Also, getent passwd shows the user info including UIDs and GIDs.


   workgroup = DOM
   netbios name = wkstn1
   realm = DOM.LOCAL
   security = ads
   server string = wkstn1
   idmap backend = ad
   ldap idmap suffix = dc=dom,dc=local
   ldap admin dn = cn=ldap,ou=Users,dc=dom,dc=local
   idmap uid = 500-100000000
   idmap gid = 500-100000000
   winbind separator = +
   winbind use default domain = true
   ;winbind offline logon = true
   winbind nested groups = true
   map untrusted to domain = yes
   log level = 10

login: pam_winbind(login:account): [pamh: 0x661170] ENTER: pam_sm_acct_mgmt (flags: 0x0000)
login: pam_winbind(login:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
login: pam_winbind(login:account): [pamh: 0x661170] LEAVE: pam_sm_acct_mgmt returning 3 (PAM_SERVICE_ERR)

I do not know what i should be looking for from log.winbindd, but I do see this:
[2009/11/09 13:04:19,  5] winbindd/winbindd_idmap.c:246(winbindd_sid2uid_recv)
  sid2uid returned an error
[2009/11/09 13:04:19,  5] winbindd/winbindd_user.c:339(getpwsid_sid2uid_recv)
  Could not query uid for user DOM\rick

# wbinfo -i rick
Could not get info for user rick
# id rick
uid=10000(rick) gid=10001(Domain Users) groups=10001(Domain Users)

Which is the uid set in Active Directory.


More information about the samba mailing list