[Samba] Winbind not able to start

Timo Altun olol13.samba at the-1337.org
Sat Apr 11 06:01:33 MDT 2015

Hi guys,

we're testing the domain join of a Debian Wheezy machine to an Samba 4.17
AD with BIND9 backend (Debian Jessie). I can join the domain with "net ads
join" alright, but "wbinfo -u" delivers nothing, cause winbind is not able
to start.

/etc/init.d/winbind status tells me it is not running.

If I try winbindd -S -F I receive:

initialize_winbindd_cache: clearing cache and re-creating with version
number 2
create_local_token failed: NT_STATUS_NO_SUCH_USER

Is it possibly a rights issue? Some additional information:
- the machine was on squeezy before and we did a dist-upgrade to wheezy
- pam-auth-update lists kerberos and windows-nt/active directory
authentication as possible auth methods.
- windows machines can join the domain and communicate fine with the ad dc.
Samba Version 3.6.6.
Following the configs of the domain member to be (wheezy), they worked for
a fresh wheezy install for the same domain:


netbios name = WheezyTest
workgroup = MAYWEG.NET
security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab

idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config MAYWEG.NET:backend = ad
idmap config MAYWEG.NET:schema_mode = rfc2307
idmap config MAYWEG.NET:range = 10000-99999

winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users  = yes
winbind enum groups = yes
winbind refresh tickets = Yes

template homedir = /home/%U
template shell = /bin/bash


passwd:         compat winbind
group:          compat winbind
shadow:         compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

default_realm = INTRANET.MAYWEG.NET
dns_lookup_realm = false
dns_lookup_kdc = true

search intranet.mayweg.net

As usual, I'm happy for every pointer or help I can get. Googling mostly
returned smbd not being able to start with this error, but that's running.


