[Samba] Samba + Winbind + Windows 2003 AD

Mucke, Tobias, FCI4 tobias.mucke at mbda-systems.de
Sun Jul 18 00:58:37 MDT 2010

Hi Henrik,

I am also fighting with Winbind for a few days now experiencing some weird behaviour.

Regarding your explanation I assume you have SFU running in your AD Domain. Do you really have a RFC2307 complaint schema in AD or do you still stick to SFU schema?

For debugging the winbind it was helpful to me to start it in a shell as a foreground process with debugging on, e. g.

/usr/sbin/winbindd -SFi -d3

Now you should be able to see the different Winbind behaviour regarding the login and getent.

Good luck.

Tobias Mucke

LFK-Lenkflugkörpersysteme GmbH
Serverpool, FCI4
Landshuter Straße 26, 85716 Unterschleißheim, GERMANY
Phone: +49 89 3179 8438
Fax: +49 89 3179 8927
Mobile: +49 170 635 3830
E-Mail: tobias.mucke at mbda-systems.de


Chairman of the Supervisory Board: Antoine Bouvier
Managing Director: Werner Kaltenegger
Registered Office: Schrobenhausen
Commercial Register: Amtsgericht Ingolstadt, HRB 4365
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Henrik Dige Semark
Sent: Sunday, July 18, 2010 1:35 AM
To: samba at lists.samba.org
Subject: [Samba] Samba + Winbind + Windows 2003 AD

Hey out there.

I have to join my UNIX server with an existing Win2k3 AD network.

My system info:
Debian Lenny
Samba   - 3.4.8
Winbind - 3.4.8

Windows Server 2003 with 2000-style-AD

My problem is that, I have en UNIX server that have to run auth up against our existing windows 2003 AD.

I have successfully joined my UNIX server to the AD, without problems.
# net ads join -U Administrator
Enter Administrator's password:
Using short domain name -- TEST
Joined 'MAIL' to realm 'TEST.LOCAL'

My Samba config: http://pastebin.com/ZqaA0Ypn

After the join I'm able to lookup peoples with # wbinfo -u [...] XX hds XXX [...]

# wbinfo -g
bg XX
bg hds
bg XXX

Now the problem, getent only returns the local users and not the users from the AD The funny thing is that if a user is local on the UNIX and in the AD, I can login with the password from both local and AD, so I know that it can lookup people and passwords

# getent passwd hs ; echo $?

When I debug on getent it returns 2, witch means that it can't find the user.

I know there can be a problem with this if the resolv-names is not working

PING addc.birke-gym.dk ( 56(84) bytes of data.
64 bytes from bgdc.birke-gym.dk ( icmp_seq=1 ttl=128
time=0.211 ms
64 bytes from bgdc.birke-gym.dk ( icmp_seq=2 ttl=128
time=0.207 ms

PING mail.birke-gym.dk ( 56(84) bytes of data.
64 bytes from mail.birke-gym.dk ( icmp_seq=1 ttl=64 time=0.099 ms
64 bytes from mail.birke-gym.dk ( icmp_seq=2 ttl=64 time=0.094 ms

Is there anyone that can see where I have done something rung in my samba-config.?

Med Venlig Hilsen / Best Regards
Henrik Dige Semark

More information about the samba mailing list