[Samba] Configuring Samba as a file server to use AD authentication

Kyle Manel Kyle.Manel at inbaytech.com
Thu Aug 25 15:29:46 UTC 2016

Thanks for the information,

I am unclear how to implement the winbind 'rid' backend.  I've identified that winbindd is not operating on my demo server (fresh installation of Ubuntu 16), and am looking for some assistance if possible.

1] 'apt-get install winbind' informs me that the package is already installed (v4.3.9), yet it is not operating;
2] Lsof -Pnl +M -i4 provides:
root at smb-srv:/home/inbay# lsof -Pnl +M -i4
dhclient  2976        0    6u  IPv4  20143      0t0  UDP *:68
lwsmd     3217        0   17u  IPv4  59606      0t0  TCP> (ESTABLISHED)
lwsmd     3231        0   24u  IPv4  64193      0t0  TCP> (ESTABLISHED)
lwsmd     3231        0   26u  IPv4  64244      0t0  TCP> (ESTABLISHED)
lwsmd     3231        0   32u  IPv4  64190      0t0  TCP> (ESTABLISHED)
sshd      9140        0    3u  IPv4  37379      0t0  TCP *:22 (LISTEN)
nmbd     28134        0   16u  IPv4  62715      0t0  UDP *:137
nmbd     28134        0   17u  IPv4  62716      0t0  UDP *:138
nmbd     28134        0   18u  IPv4  62718      0t0  UDP
nmbd     28134        0   19u  IPv4  62719      0t0  UDP
nmbd     28134        0   20u  IPv4  62720      0t0  UDP
nmbd     28134        0   21u  IPv4  62721      0t0  UDP
smbd     28247        0   37u  IPv4  63448      0t0  TCP *:445 (LISTEN)
smbd     28247        0   38u  IPv4  63449      0t0  TCP *:139 (LISTEN)
sshd     28317        0    3u  IPv4  63824      0t0  TCP> (ESTABLISHED)
sshd     28397     1000    3u  IPv4  63824      0t0  TCP> (ESTABLISHED)

3] To start winbindd I visited this site https://ubuntuforums.org/showthread.php?t=1865647 which informed to run 'net ads join -U administrator' with my own id, which returns:
'Joined 'SMB-SRV-001' to dns domain 'domain' No DNS domain configured for SMB-SRV.  Unable to perform DNS update.  DNS update failed: NT_STATUS_INVALID_PARAMETER'

Upon review of the [3] winbindd is still not implemented, and I would like to know how to get it running, as from my understanding it is part of the samba package, and I will require it.

-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Wednesday, August 24, 2016 2:54 AM
To: samba at lists.samba.org
Subject: Re: [Samba] Configuring Samba as a file server to use AD authentication

On Tue, 23 Aug 2016 21:58:43 +0000
Kyle Manel via samba <samba at lists.samba.org> wrote:

> Hello,
> I am attempting to install Samba as a file server within an Active 
> Directory domain to use the AD server for group authentication. I have 
> worked through various guides, but all leave me unable to authenticate 
> into the samba shares using my organizations existing user groups in 
> Active Directory. I need the following configuration:
> Share - users : description
> Admin - Admin : This share is exclusive to its user group Media - 
> media users : This share is exclusive to its user group and the Admin 
> group Junk - all users : This share is accessible to everyone
> There are 3 different user groups that will be using this server, 
> Admin, Media and Everyone.
> I have a Microsoft Active Directory Server (2012R2) operating as my AD 
> server, and an Ubuntu server operating for Samba.
> I would like:
> users to be authenticated each access to the share, the process of 
> adding/removing users to be done by the AD server.

Because you are using 2012R2 it will be a little harder, but it should be do-able. See here:


Because of 2012R2 (no IDMU), you will need to use the winbind 'rid'


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list