[Samba] Domain users not resolving...

Ryan Ashley ryana at reachtechfp.com
Fri Aug 22 18:19:42 MDT 2014

Rowland, I did not do this. This is a new client who dropped their old 
IT support due to issues on the network. I found out it was not having 
access to the sysvol. That is where I figured out what I have. I do use 
FHS in my builds, but I would never put it into a root directory like 
this. I guess the other team was testing Samba and using a client to 
test on! I do agree 100% that the issue is the path. However, I can feel 
good that I didn't do such a bone-headed move!

Sorry for the lack of files, I had to figure out how it was set up. 
Everything, including the configuration file is in "/samba", which 
appears to be a separate partition. Here is what you requested.

Samba 4.1.11 64bit
Debian Squeeze 64bit

# Global parameters
         workgroup = DOMAIN
         realm = DOMAIN.LOCAL
         netbios name = DC01
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbind, ntp_signd, kcc, dnsupdate
         interfaces =,

         path = /samba/var/locks/sysvol/kigm.local/scripts
         read only = No

         path = /samba/var/locks/sysvol
         read only = No

         default_realm = DOMAIN.LOCAL
         dns_lookup_realm = false
         dns_lookup_kdc = true

Rowland's Request:
root at dc01:~# /samba/sbin/samba -b
Samba version: 4.1.11
Build environment:
    Build host:  Linux dc01 2.6.32-5-amd64 #1 SMP Tue May 13 16:34:35 
UTC 2014 x86_64 GNU/Linux
    BINDIR: /samba/bin
    SBINDIR: /samba/sbin
    CONFIGFILE: /samba/etc/smb.conf
    NCALRPCDIR: /samba/var/run/ncalrpc
    LOGFILEBASE: /samba/var
    LMHOSTSFILE: /samba/etc/lmhosts
    DATADIR: /samba/share
    MODULESDIR: /samba/lib
    LOCKDIR: /samba/var/lock
    STATEDIR: /samba/var/locks
    CACHEDIR: /samba/var/cache
    PIDDIR: /samba/var/run
    PRIVATE_DIR: /samba/private
    CODEPAGEDIR: /samba/share/codepages
    SETUPDIR: /samba/share/setup
    WINBINDD_SOCKET_DIR: /samba/var/run/winbindd
    WINBINDD_PRIVILEGED_SOCKET_DIR: /samba/var/lib/winbindd_privileged
    NTP_SIGND_SOCKET_DIR: /samba/var/lib/ntp_signd

No ID's have been setup. The rfc2307 stuff is there, but they're not 
using it. They have two Samba DC's and everything else is Windows 7. 
They were using rsync to sync the sysvol, which had caused issues with 
GID/UID on the second DC, but I fixed that already. Well, tried to 
anyway. It is setup the EXACT same way. It also has issues with this stuff.

I have a theory as to how to fix this but want advice first. If I am 
wrong, so be it. I would like to build Samba the STANDARD way (FHS, bin 
files go to /bin, etc) but have one concern. If I do this, do I simply 
need to adjust the paths in the configuration file and move the sysvol 
to the proper location? On all of the systems I do, this is always 
"/var/lib/samba/sysvol". I would obviously have to move the tdb files 
and such to "/var/lib/samba" as well. Would that work, or am I going to 
have to deal with this the way it is?

If you need anything else, please ask. Remember, this is a DC and while 
rfc2307 attributes exist, they're not being used. Probably due to no 
Linux member servers.

On 8/22/2014 4:54 PM, Rowland Penny wrote:
> On 22/08/14 21:40, Marc Muehlfeld wrote:
>> Hello,
>> Am 22.08.2014 20:48, schrieb Ryan Ashley:
>>> I stepped into a setup where Samba was compiled and installed into
>>> "/samba". The configure command on the DC is "configure
>>> --prefix=/samba". The links for libnss_wins.so.2 and 
>>> libnss_winbind.so.2
>>> are there and nsswitch.conf is told to use winbind. However, "getent
>>> group" returns only local users, "id" finds NO domain users, and 
>>> "getent
>>> passwd" returns only local users. I did do a rebuild of Samba after
>>> verifying the dependencies were there and configured/installed the same
>>> way so everything is in place. Still no dice. This guy was still 
>>> running
>>> Debian Squeeze so the install is probably old. Things seem to run, but
>>> no systems can access the sysvol even after a reset, which led to this
>>> discovery.
>>> Now, my thinking is that maybe the binaries in "/samba/bin" should be
>>> linked to "/bin" and the same goes for the sbin stuff. Is this my issue
>>> or what am I looking at? Yes, I stepped into it this time...
>> It would be much easier to help, if you give some information about your
>> environment.
>> - smb.conf
>> - Samba version
>> - IDs, etc. configured in your backend (depending on your Idmap config)
>> - etc.
>> Regards,
>> Marc
> It would also help if you followed the howto and didn't change bits 
> that you don't like, just why did you install into /samba instead of 
> /usr/local/samba ?
> Everything out there is based on self compiling into /usr/local/samba, 
> the wiki gives you the instructions based on this.
> having said this, it is possibly/probably a path problem, could you 
> please post (along with what Marc has asked for) the result of 'samba -b'
> Rowland

More information about the samba mailing list