[Samba] Samba 4.1.17-Debian as ADS member

Stefan G. Weichinger lists at xunil.at
Wed Feb 24 11:49:31 UTC 2016

I lose track here and I have to fix this as users get angry (we all know
that ...)

debian 8.3, samba 4.1.17

(substituted customer name by "CUST" below ...)

	workgroup = CUST
	realm = MABC.CUST
	security = ADS
	map untrusted to domain = Yes
	load printers = No
	printcap name = /dev/null
	disable spoolss = Yes
	template shell = /bin/bash
	winbind enum users = Yes
	winbind enum groups = Yes
	winbind use default domain = Yes
	idmap config CUST:range = 10000-99999
	idmap config CUST:backend = ad
	idmap config *:range = 2000-9999
	idmap config * : backend = tdb


# /etc/nsswitch.conf

passwd:         compat winbind
group:          compat winbind
shadow:         compat


I have correct time.

I have a valid join:

# net ads testjoin
Join is OK

# wbinfo -t
checking the trust secret for domain CUST via RPC calls succeeded

I get users and groups via "wbinfo -[ug]".

1) smbstatus displays "-1" for Username and Group *sometimes* ... why?

2) right now I don't get ADS-users/groups via getent.

3) in turn I only see UIDs and GIDs in the linux filesystem, no


please help me to get that correct at last ... thanks

More information about the samba mailing list