[Samba] Winbind multiple client authentication

John Musbach johnmusbach1 at gmail.com
Wed Jan 25 08:22:25 MST 2012

Hello, I have two CentOS 5.6 clients I'm trying to join to my Active
Directory domain for authentication. I have configured my smb.conf

realm = SYSLAB.DC
idmap backend = rid
idmap uid = 10000-20000
idmap gid = 10000-20000

and have been able to join both to the domain via:

kinit Administrator at SYSLAB.DC
net ads join -U Administrator

Then I added krb5 to pam.d auth section and configured passwd, group
and shadow in nsswitch.conf for "compat winbind". This works fine on
the first configured client, but the second one always says it is
unable to resolve the accounts to a uid/gid pair, even though manual
tests like "getent passwd Administrator" work.

HOWEVER, one oddity in my setup is that the second client is a virtual
machine clone of the first... Is it possible that as a result samba
joined the second computer with a kerberos property that conflicts
with the first client's AD object? Is it not possible to have a cloned
virtual machine authenticate in this way at the same time as its
original (mac address and IP are unique)?

Thanks for any advice you can offer, please cc me when replying as I
receive list postings in digest.

Best Regards,

John Musbach

More information about the samba mailing list