[Samba] winbind joining NT4-style domain - two strange issues
Rowland Penny
rpenny at samba.org
Sat Dec 17 21:51:57 UTC 2016
On Sat, 17 Dec 2016 22:12:28 +0100
Stefan Froehlich via samba <samba at lists.samba.org> wrote:
> A new Debian(unstable) machine with Samba 4.5.2 is trying to join an
> NT4-style Samba domain hosted on a Debian(wheezy) Server with 3.6.6
> which can't be changed but has been working for some years now with a
> couple of windows clients.
>
> Joining the domain was quite easy (only surprise was "client ipc
> signing"), and "wbinfo -u" gives me a list with all domain users.
>
> BUT (issue one) "getent passwd" listed only local users in the
> beginning. Google has many hits for this with many different reasons.
> Learning from them I now have a smb.conf with the following relevant
> entries:
>
> | netbios name = DALET-STG
> | workgroup = SYNTH
> | wins support = no
> | wins server = herkules.synth.intern
> | client ipc signing = auto
> | server role = member server
> | security = domain
> | password server = herkules.synth.intern
> | idmap config *:backend = tdb
> | idmap config *:range = 1000-9999
> | idmap config SYNTH:backend = rid
> | idmap config SYNTH:range = 10000-19999
> | winbind separator = +
> | winbind enum groups = yes
> | winbind enum users = yes
> | winbind use default domain = no
>
From version 4.5.0, the default 'ntlm auth' option in smb.conf was
change from "yes" to "no". Try adding 'ntlm auth = yes' to your smb.conf
Rowland
More information about the samba
mailing list