[Samba] Domain member seems to work, wbinfo -u not

Rowland penny rpenny at samba.org
Fri Apr 15 11:50:24 UTC 2016

On 15/04/16 12:05, Oktay Akbal wrote:
>>> I don't see where exactly the ways differ. I already played with idmap settings and keytab. It makes no difference.
>>> BTW the wiki entry does not explain how to create the keytab, so the setting is not really useful if you just follow that page.
>> With the 'old system' you just have one range, this is now depreciated
>> and you should use the new 'idmap config' . The old system could be removed.
>> The wiki entry does explain how to create the keytab:
>> net ads join -U administrator
>> The keytab will created for you during the join.
>> Does 'Sure' mean you are running winbindd ?
>> Are you also using 'sssd' ?
> Already tried the idmap config and it does not make a difference. Will keep it.
> Indeed the join creates that file. Since I already was in domain I had to create it.
> Rejoined domain, keytab gets created. Still no difference. Everything works. wbinfo -u not.
> Yes I use winbind and no to sssd.
> I see other comments on how the latest updates broke domain authentication to some users (debian-list, centos7 forum etc.). I fear that there is a deeper problem with that patch.

OK, so your smb.conf is similar to the one on the wiki page, which idmap 
backend did you use ?
If it was the 'rid' backend then everything should work.
If it was the 'ad' backend, do your users have a unique 'uidNumber' 
attribute in AD and does 'Domain Users' have a 'gidNumber' attribute ?

Lets rule everything else out first, before pointing the finger at the 


More information about the samba mailing list