[Samba] help, please, troubleshooting winbind testing during setup of Samba 4 AD member server

BISI d3r3kshaw at gmail.com
Thu Jan 8 20:16:26 MST 2015 

Hello, all!

Well, third time is *not* the charm for me. (I've been through the 
process 3 times with 3 different DCs).

I am trying to set up a member server, using Samba 4.1.14, and washing 
out when getting to the winbind testing. I've tried ignoring the failure 
and pressing on, but that didn't get anywhere.

In this instance, I have a freshly-installed, configured and functioning 
Server 2008r2 Domain Controller, operating at server 2003 forest and 
domain functional level.

following the instructions in:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
https://wiki.samba.org/index.php/OS_Requirements


Completely stock compile from the tarball.  I am using Debian 7.7 
(wheezy), and samba 4.1.14,

./configure --with-ads --with-shared-modules=idmap_ad --enable-cups \
             --enable-selftest

make quicktest passes:
make quicktest
  ...ALL OK (2086 tests in 310 testsuites)

  ...A summary with detailed information can be found in:
  ...  ./st/summary
  ...'testonly' finished successfully (11m24.779s)

./st/summary is found here:
http://pastebin.com/zjkHDYUX


daemons started manually with
/usr/local/samba/sbin/smbd --daemon -l /var/log/samba/ -d 1
/usr/local/samba/sbin/nmbd --daemon -l /var/log/samba/ -d 1
/usr/local/samba/sbin/winbindd --daemon -l /var/log/samba/ -d 1


The commands:
wbinfo -u
wbinfo -g
show the users and groups from the AD Domain.

but the other tests
# id DomainUser
# getent passwd
# getent group
# chown DomainUser:DomainGroup file
# chgrp DomainGroup file
etc.
do not get any information from the domain, seemingly only working with 
the local user information.

Where do I begin troubleshooting?

Any help/guidance is greatly appreciated.

my smb.conf is here:
http://pastebin.com/QJfh4RLN

log.winbindd  (created with debug level 1) is here:
http://pastebin.com/S2maUADf

Kerberos seems to be working:
root at testmember:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: userID at HO.NAME.ORG

Valid starting    Expires           Service principal
08/01/2015 18:46  09/01/2015 04:46  krbtgt/HO.NAME.ORG at HO.NAME.ORG
	renew until 09/01/2015 18:46


root at testmember:~# cat /etc/nsswitch.conf
# /etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind
shadow:         compat
<snip>

DNS seems to be working:
root at testmember:~# host -t SRV _ldap._tcp.ho.name.org.
_ldap._tcp.ho.name.org has SRV record 0 100 389 namedc.ho.name.org.

root at testmember:~# host -t SRV _kerberos._udp.ho.name.org.
_kerberos._udp.ho.name.org has SRV record 0 100 88 namedc.ho.name.org.

root at testmember:~# host -t A namedc.ho.name.org.
namedc.ho.name.org has address 192.168.8.1

Thanks in advance for any help!
d.

More information about the samba mailing list