[Samba] Must Samba4 AD be provisionned with rfc2307 to use winbind ?

Denis Cardon denis.cardon at tranquil-it-systems.fr
Fri Sep 27 03:13:07 MDT 2013

Hi Nicolas,

> (Trying to connect squid, postfix, dovecot, pptp, etc ... to AD)
> Samba 4.0.9, as PDC, on Ubuntu 12.04.3 server.
> Compiled with : ./configure --enable-debug --enable-selftest
> Domain provision : /usr/local/samba/bin/samba-tool domain provision
> Despite my reads and tries, I'm unable to list the AD users from Linux.
> /usr/local/samba/bin/wbinfo -t
> /usr/local/samba/bin/wbinfo -u
> /usr/local/samba/bin/wbinfo -g
> are OK
> but : getent passwd
> only lists Linux users.

in order to have getent password to work, you need to have the correct 
nss module in the path. It is not in the default path when compiling. 
Please take a look at http://wiki.samba.org/index.php/Samba4/Winbind

for a 32bit system, you can run :

ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/libnss_winbind.so
ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

However if you are not using rfc2307, you will have random idmap (no rid 
idmap yet).



> AD works OK and lot of work has been done onto.
> If the rfc2307 option if required during domain provision, can I launch
> it without loosing the whole AD configuration ?
> Thanks in advance for your time.
> Nicolas

Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, bâtiment A
12 avenue Jules Verne
44230 Saint Sébastien sur Loire
tel : +33 (0)

More information about the samba mailing list