[Samba] Sample smb.conf for ADs authentication

Rowland Penny rpenny at samba.org
Fri Dec 14 13:06:48 UTC 2018

On Fri, 14 Dec 2018 07:59:20 -0500
Gilbert Soucy <gsoucy at 36pix.com> wrote:

> Thanks for the reply.
> I removed sssd and updated nssswitch.conf:
> passwd:     files winbind
> shadow:     files
> group:      files winbind
> I redid the steps in the wiki and I am still having a problem with
> wbinfo
> [root at server samba]# net ads testjoin
> Join is OK
> [root at server samba]# wbinfo --ping-dc
> *checking the NETLOGON for domain[-not available-] dc connection to ""
> failed*
> *failed to call wbcPingDc: WBC_ERR_NOT_IMPLEMENTED*
> Why is it that wbinfo cannot find the domain name ?

I do not known, I may be able to comment further if you answer my

Is your short domain name (aka workgroup) really the same as your dns
domain ?

Why are you using '0-499' for the '*' domain ?
The '*' domain is for the 'Well Known SIDs' and anything outside the
'DOMAIN' domain, you are using the same numbers as the Unix system
users & groups.

Again, why '500-20000' for the 'DOMAIN' domain ?
You have removed the possibility of having any local Unix users. 

Have you added any uidNumber & gidNumber attributes to AD ?


More information about the samba mailing list