[Samba] Cannot retrieve user/group information

Adam Nielsen adam.nielsen at uq.edu.au
Thu Nov 19 22:51:49 MST 2009

> workgroup     = FOO
> security           = ads
> realm              = FOO.BAR.BAZ
> idmap backend      = ad
> idmap range = 1000-999999
> password server    = foo.bar.baz
> winbind nss info           = rfc2307
> winbind separator          = /
> winbind use default domain = yes
> winbind nested groups      = yes

Do you really need to specify a password server?  IIRC this is used in
standalone mode when you want to authenticate against a Windows machine.
 I don't know whether it would cause any confusion if you want AD to
handle authentication but then tell it not to use AD but another box

Given that the error message reports it can't find the login server,
that would seem to indicate that either your DNS isn't set up properly
for the domain, the machine can't resolve it properly, or there's some
sort of firewall blocking some or all of the communication with the AD

Can you run Wireshark/tcpdump while the problems are happening to see
where the box is trying to connect to, and if it's receiving any responses?


More information about the samba mailing list