[Samba] Windows pre-requisites for login with winbind?

Rowland Penny rpenny at samba.org
Tue Aug 22 15:01:02 UTC 2017

On Tue, 22 Aug 2017 14:35:59 +0000
"A. James Lewis" <james at fsck.co.uk> wrote:

> I think we're getting confused with the kerberos issue created by my
> errant DNS server... with the original problem, all the commands I
> have sent showing an issue with kerberos were working originally,
> with the config which explicitly defined "kdc =", and are now working
> again, with your new config, now that I have fixed the DNS... but the
> original problem is that I have a very small number of users which
> don't work.... winbind says that they don't exist, while every other
> user works just fine... 
> Those 3 users that don't work are the most recent 3 to be added, and
> since I don't have control over the AD, I can't say if there's some
> parameter or group they don't have which stops them from working, but
> I don't think it's a co-incidence that they are not "random" users,
> but only "new" users.
> Obviously since they can log in to windows desktops, winbind
> behaviour must be different to Windows... but surely there has to be
> an AD component to this too.
> The common-auth line you have below is precisely what I have.

Well, yes you probably have, that comes from the libpam-winbind
package, you just need the 'glue' that comes from the libpam-krb5

Now that you are using the 'rid' backend, you do not need to add
anything to AD, so your new users should work.


More information about the samba mailing list