[Samba] Samba3 File Server + Winbind -- AD Authentication Flaky/Inconsistent/Unreliable

[Michael Ray]

Hey all, 

So, there are about a billion guides on the interwebs about how to have a samba3 file share authenticate against a samba4 AD. 

However, I am having two giant problems: one problem is that my problems are not consistent and the second problem is that it isn't working (presently). 

Long, sad story in a nut shell: my co-worker and I had spent several hours Monday/Tuesday futzing with this to work and at one point had it working. wbinfo -u, wbinfo -g, getent passwd and getent group were all returning local and AD users/groups. The world was wonderful. A snapshot of that working VM was taken the following morning (the **only** thing that happened to that VM between it working and the snapshot being taken was it was shutdown). 

When I fired it up today though, it did not work. wbinfo still gave AD info, but getent just would not have it. I restored to the snapshot just to be sure nothing had happened and the same issue persisted. 

I checked the various logs and I did not see any errors of any kind. 

This is a link to pastebin that shows my configuration files for krb5, nsswitch and smb as they were saved the morning after I got this working. 

I do not know what could have gone wrong, but it has. I will be trying to go through my documented procedure on Monday with a clean VM and then trying it with various random internet procedures if that fails. 

Any ideas / clues as to what blew up would be appreciated, as well as links to guides that people have used successfully. 


Thanks much, 
Mike Ray