[Samba] Winbind not able to start

Rowland Penny rowlandpenny at googlemail.com
Sat Apr 11 06:52:14 MDT 2015 

On 11/04/15 13:01, Timo Altun wrote:
> Hi guys,
>
> we're testing the domain join of a Debian Wheezy machine to an Samba 4.17
> AD with BIND9 backend (Debian Jessie). I can join the domain with "net ads
> join" alright, but "wbinfo -u" delivers nothing, cause winbind is not able
> to start.
>
> /etc/init.d/winbind status tells me it is not running.
>
> If I try winbindd -S -F I receive:
>
> initialize_winbindd_cache: clearing cache and re-creating with version
> number 2
> create_local_token failed: NT_STATUS_NO_SUCH_USER
>
> Is it possibly a rights issue? Some additional information:
> - the machine was on squeezy before and we did a dist-upgrade to wheezy
> - pam-auth-update lists kerberos and windows-nt/active directory
> authentication as possible auth methods.
> - windows machines can join the domain and communicate fine with the ad dc.
> Samba Version 3.6.6.
> Following the configs of the domain member to be (wheezy), they worked for
> a fresh wheezy install for the same domain:
>
>
> *smb.conf:*
> [global]
>
> netbios name = WheezyTest
> workgroup = MAYWEG.NET
> security = ADS
> realm = INTRANET.MAYWEG.NET
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
>
> idmap config *:backend = tdb
> idmap config *:range = 2000-9999
> idmap config MAYWEG.NET:backend = ad
> idmap config MAYWEG.NET:schema_mode = rfc2307
> idmap config MAYWEG.NET:range = 10000-99999
>
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users  = yes
> winbind enum groups = yes
> winbind refresh tickets = Yes
>
> template homedir = /home/%U
> template shell = /bin/bash
>
> *nsswitch.conf:*
>
> passwd:         compat winbind
> group:          compat winbind
> shadow:         compat
>
> hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
> networks:       files
>
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
>
> netgroup:       nis
>
>
> *krb5.conf:*
> [libdefaults]
> default_realm = INTRANET.MAYWEG.NET
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> *hosts:*
> nameserver 192.168.111.90
> search intranet.mayweg.net
>
> As usual, I'm happy for every pointer or help I can get. Googling mostly
> returned smbd not being able to start with this error, but that's running.
>
> Greetings,
> Timo

You seem to be using the realm name for the workgroup, what is in the 
smb.conf on the Samba AD DC ?

If you are updating to wheezy then you might as well use samba from 
backports, this will give you a version that isn't EOL.

Rowland

More information about the samba mailing list