[Samba] How to join join Ubuntu desktop to AD

lingpanda101 lingpanda101 at gmail.com
Tue Dec 13 19:57:59 UTC 2016

On 12/12/2016 3:27 PM, lingpanda101 wrote:
> On 12/11/2016 8:59 AM, Brian Candler via samba wrote:
>> On 10/12/2016 16:25, Brian Candler wrote:
>>> I think there's plenty of emphasis now, but I think there is a part 
>>> which is misleading:
>>> > To enable Samba to retrieve user and group information from Active 
>>> Directory (AD):
>>> >
>>> > * Users must have at least the uidNumber and groups the gidNumber 
>>> attribute set. 
>> I'm so sorry: I misread this as "Users must have at least the 
>> uidNumber and gidNumber attribute set", which is of course *not* what 
>> it says.  Hence the text is accurate (if you read it correctly); it's 
>> my brain which is at fault.
>> I do still think that the alternative text I gave is clearer - for my 
>> brain anyway :-)
>> Regards,
>> Brian.
> OK finally solved. Added to my smb.conf
>     'winbind use default domain = yes'
> Disabling Avahi and using the above was the issue.  Next to attempt 
> actually signing in from the login screen and not via. SSH.

Following the wiki and I'm stuck at 'Authenticating Domain Users Using 
PAM'. I see the section

If you have compiled Samba, you need to add a symbolic links. 
Seepam_winbind Link 
<https://wiki.samba.org/index.php/Pam_winbind_Link>for OS specific 
information, where to place it.

If I follow the link it appears to take me to a page similar to 
'libnss_winbind' linking. I don't see any difference. I ran 
'pam-auth-update' and made sure to enable Winbind NT/Active Directory 
authentication. I did not manually edit pam config files. If I attempt 
to login with a domain account I get

user1 at DR210:/$ su domainuser


su: Authentication failure

Any ideas? Thanks.

- James

More information about the samba mailing list