[Samba] Samba 4.3.13 logon oddity on Solaris 10

Bernd Markgraf bernd.markgraf at med.ovgu.de
Mon Jul 2 10:04:10 UTC 2018

Do you agree that this is a valid smb.conf that should work:
       security = ADS
       encrypt passwords = yes
       workgroup = MD-DZNE
       realm = MAGDEBURG.DZNE.DS

       log file = /opt/samba4/var/log/%m.log
       log level = 1 

       idmap config *:backend = tdb
       idmap config *:range = 3000-7999
       idmap config MD-DZNE:backend = ad
       idmap config MD-DZNE:schema_mode = rfc2307
       idmap config MD-DZNE:range = 10000-999999

       winbind nss info = rfc2307
       winbind use default domain = yes
       winbind enum users = Yes
       winbind enum groups = Yes
       kerberos method = system keytab

> You would need to run (as root) 'net cache flush' after changing to
> winbind.
I've done that and I still see the same symptoms. All UID/GID are 
still -1.

> > > > Where do I dig next?
> > > 
> > > You could try reading this:
> > > 
> > > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Mem
> > > ber
> > Apart from skipping the * lines in smb.conf that's what I used. 
> And you need those lines, without them, there is nowhere to store and
> allocate IDs for the 'Well known SIDs'
I already had those before my last mail. So if the above config should
work, where do I poke next to find out why it fails the authenticate 
users on the first connection attempt and why winbindd/wbinfo return
all UID/GID as -1

> All I can tell you is, With a correctly set up smb.conf on a Unix
> domain member, you do not need ldap for authentication, yes there may
> be times when you need to carry out an ldapsearch, but most of the
> time you can use kerberos instead.
Regardless of using LDAP directly or winbindd it fails to return the ID
numbers which are present in the user objects when I use Samba's tools.
If above config is valid and should work, it is a bug a would like to
see fixed and I am willing to help as much as I can with that.


More information about the samba mailing list