[Samba] wbinfo -u / getent passwd not working

Rowland penny rpenny at samba.org
Fri Jul 10 10:25:26 UTC 2020 

On 10/07/2020 11:10, basti via samba wrote:
> Hello,
> i try to setup a linux laptop for homeoffice with login for ad users.
> The last few days it work like expected.
>
> today wbinfo -u return no user, getent passwd <username> also.
>
> wbinfo -a "SAMDOM\user"
> Enter SAMDOM\user's password:
> plaintext password authentication succeeded
> Enter SAMDOM\user's password:
> challenge/response password authentication succeeded
>
> wbinfo -D SAMDOM also works.
>
> laptop smb.conf:
>
> [global]
>         security = ADS
>         workgroup = SAMDOM
>         realm = SAMDOM.EXAMPLE.COM
>
>         log file = /var/log/samba/%m.log
>         log level = 1
>
>         winbind refresh tickets = Yes
>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>         winbind use default domain = yes
>
>         load printers = no
>         printing = bsd
>         printcap name = /dev/null
>         disable spoolss = yes
>
>         # Default ID mapping configuration for local BUILTIN accounts
>         # and groups on a domain member. The default (*) domain:
>         # - must not overlap with any domain ID mapping configuration!
>         # - must use an read-write-enabled back end, such as tdb.
>         idmap config * : backend = tdb
>         idmap config * : range = 1000-2000
>
>         # idmap config for the SAMDOM domain
>         # alf has uid 1006
>         idmap config SAMDOM:backend = ad
>         idmap config SAMDOM:schema_mode = rfc2307
>         idmap config SAMDOM:range = 2001-999999
>
>         template homedir = /home/%U
>         template shell = /bin/bash
>
>         client use spnego = yes
>         client ntlmv2 auth = yes
>         encrypt passwords = yes
>         restrict anonymous = 2
>
>         # fix dfs error's in log ?
>         host msdfs = no
>
>         # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>         winbind offline logon = yes
>         winbind cache time = 15768000
>
>         winbind enum users = yes
>         winbind enum groups = yes
>
> cat /etc/krb5.conf
> [libdefaults]
>      default_realm = SAMDOM.EXAMPLE.COM
>      dns_lookup_realm = false
>      dns_lookup_kdc = true
>
>
What OS and version is this ?

What Samba version ?

Why are you using such low ID numbers, is your domain a classicupgraded 
one ?

Rowland

More information about the samba mailing list