[Samba] wbinfo -u / getent passwd not working

basti mailinglist at unix-solution.de
Fri Jul 10 10:10:29 UTC 2020

i try to setup a linux laptop for homeoffice with login for ad users.
The last few days it work like expected.

today wbinfo -u return no user, getent passwd <username> also.

wbinfo -a "SAMDOM\user"
Enter SAMDOM\user's password:
plaintext password authentication succeeded
Enter SAMDOM\user's password:
challenge/response password authentication succeeded

wbinfo -D SAMDOM also works.

laptop smb.conf:

       security = ADS
       workgroup = SAMDOM
       realm = SAMDOM.EXAMPLE.COM

       log file = /var/log/samba/%m.log
       log level = 1

       winbind refresh tickets = Yes
       dedicated keytab file = /etc/krb5.keytab
       kerberos method = secrets and keytab
       winbind use default domain = yes

       load printers = no
       printing = bsd
       printcap name = /dev/null
       disable spoolss = yes

       # Default ID mapping configuration for local BUILTIN accounts
       # and groups on a domain member. The default (*) domain:
       # - must not overlap with any domain ID mapping configuration!
       # - must use an read-write-enabled back end, such as tdb.
       idmap config * : backend = tdb
       idmap config * : range = 1000-2000

       # idmap config for the SAMDOM domain
       # alf has uid 1006
       idmap config SAMDOM:backend = ad
       idmap config SAMDOM:schema_mode = rfc2307
       idmap config SAMDOM:range = 2001-999999

       template homedir = /home/%U
       template shell = /bin/bash

       client use spnego = yes
       client ntlmv2 auth = yes
       encrypt passwords = yes
       restrict anonymous = 2

       # fix dfs error's in log ?
       host msdfs = no

       # https://wiki.samba.org/index.php/PAM_Offline_Authentication
       winbind offline logon = yes
       winbind cache time = 15768000

       winbind enum users = yes
       winbind enum groups = yes

cat /etc/krb5.conf
    default_realm = SAMDOM.EXAMPLE.COM
    dns_lookup_realm = false
    dns_lookup_kdc = true

More information about the samba mailing list