[Samba] Samba as fileserver in an Windows AD Domain

Daniel Bauer mlist at dsb-gmbh.de
Wed Oct 28 12:46:44 MDT 2009


I tried to setup a SuSE10.2 with samba 3.0.23d (but the same trouble with 

I got a valid Kerberos Ticket and joined successfully the domain (with net 

Users and group are displayed with wbinfo -u / -g . I could also verify 
accounts with wbinfo -a user%pass.

When I tried to access the shares, the dialog apears to give the 
credentials. It doesn't matter what you fill in, there is no access.

I also could not get users and groups with getent passwd / group. I tried 
different configs of
/etc/nsswitch.conf with different results:

only local accounts will be showed:
passwd: compat
group: compat

local account and the group BUILTIN
passwd: files winbind
group: files winbind

here are the local account, the BUILTIN group and a new entry like this: 
"+::0:" are displayed
I think there is a problem with matching Windows LDAP with *nix LDAP
passwd: files winbind ldap
group: files winbind ldap

My /etc/smb.conf:
        workgroup = WIN2003SRV
        security = ADS
        realm = win2003srv.loc
        idmap backend = ad
        idmap uid = 10000-20000
        idmap gid = 10000-20000
        template homedir = /home/%D/%U
        winbind separator = +
        password server =
        domain master = No
        ldap ssl = no
        winbind use default domain = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind nested groups = yes
        encrypt passwords = yes
        client use spnego = yes
        wins server =

I see successful logins at the Windows DC.
Do I need LDAP, or is Kerberos enough?
Could somebody tell me what I do wrong?

Thanks a lot

More information about the samba mailing list