[Samba] SAMBA 4 Member Server - Help please

David Thompson david at digitaltransitions.ca
Wed Jan 14 14:46:38 MST 2015

Hi all,

I'm quite stuck here at the moment. I have tried this multiple times to get built and can't seem to get it working properly. I have a test virtual server running as a domain controller with Samba 4.1.15 using (9.10.1) bind_dlz as the back end and all works properly. I have the server setup as domain controller and have added a user and I can look that user up with the samba-tool command. 

I cannot however get the users to appear when issue any of the commands such as ID or getent.

I have followed the following articles located here and both seem to compile and configure without issue.

Samba Domain Controller: https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Introduction
Samba Domain Member: https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server#Introduction

Kerberos works fine as I can run kinit and kdestroy on both the DC and member server and they work fine. Time is set to  the default time servers right now as installed by the ntp install, but both servers are in sync for their time and working correctly.

On the member server, I am able to get it bound to the domain without issue and I can see that it adds its name into the DNS service.
I cannot however get it to lookup any users either, which is odd, since when I setup a SAMBA3 server to be a member server, I am able to get winbindd, smbd, and nmbd playing nicely together and can look users up without issue against the DC.

I'm not exactly sure what I'm missing here so I thought I would turn to the list. I saw on the list last week that there was a similar issue but that was with an Actual windows DC and not a SambaDC, so that issue doesn't apply to me here.

Here is the relevant information (I think) that's needed and I appreciate any help anyone can provide me with in order to get this working properly.

Base systems are both Debian Wheezy 64 Bit with all applied updates and patches.
Samba: 4.1.15 (compiled by hand on both)
Samba: 4.1.15 on member server: ./configure --with-ads --with-shared-modules=idmap_ad
Bind: 9.10.1 (compiled by hand on DC)

SMB.CONF file on DC Server
# Global parameters

 workgroup = DIGIDNS
 netbios name = DC01
 server role = active directory domain controller
 server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
 idmap_ldb:use rfc2307 = yes

 path = /usr/local/samba/var/locks/sysvol/digidns.private/scripts
 read only = No

 path = /usr/local/samba/var/locks/sysvol
 read only = No

 path = /home/
 read only = no


SMB.CONF file on member Server

   netbios name = fs 
   workgroup = DIGIDNS
   security = ADS
   encrypt passwords = yes

   idmap config *:backend = tdb
   idmap config *:range = 70001-80000
   idmap config DIGIDNS:backend = ad
   idmap config DIGIDNS:schema_mode = rfc2307
   idmap config DIGIDNS:range = 500-40000

   winbind nss info = rfc2307
   winbind trusted domains only = no
   winbind use default domain = yes
   winbind enum users  = yes
   winbind enum groups = yes


nsswitch.conf file on member server:


passwd:         compat winbind
group:          compat winbind
shadow:         compat


Please let me know if you any other information is required or if its best for me to attend clown college instead...especially if its to attend clown college.



More information about the samba mailing list