[Samba] wbinfo -u / getent passwd not working

basti mailinglist at unix-solution.de
Fri Jul 10 10:31:44 UTC 2020 


On 10.07.20 12:25, Rowland penny via samba wrote:
> On 10/07/2020 11:10, basti via samba wrote:
>> Hello,
>> i try to setup a linux laptop for homeoffice with login for ad users.
>> The last few days it work like expected.
>>
>> today wbinfo -u return no user, getent passwd <username> also.
>>
>> wbinfo -a "SAMDOM\user"
>> Enter SAMDOM\user's password:
>> plaintext password authentication succeeded
>> Enter SAMDOM\user's password:
>> challenge/response password authentication succeeded
>>
>> wbinfo -D SAMDOM also works.
>>
>> laptop smb.conf:
>>
>> [global]
>>         security = ADS
>>         workgroup = SAMDOM
>>         realm = SAMDOM.EXAMPLE.COM
>>
>>         log file = /var/log/samba/%m.log
>>         log level = 1
>>
>>         winbind refresh tickets = Yes
>>         dedicated keytab file = /etc/krb5.keytab
>>         kerberos method = secrets and keytab
>>         winbind use default domain = yes
>>
>>         load printers = no
>>         printing = bsd
>>         printcap name = /dev/null
>>         disable spoolss = yes
>>
>>         # Default ID mapping configuration for local BUILTIN accounts
>>         # and groups on a domain member. The default (*) domain:
>>         # - must not overlap with any domain ID mapping configuration!
>>         # - must use an read-write-enabled back end, such as tdb.
>>         idmap config * : backend = tdb
>>         idmap config * : range = 1000-2000
>>
>>         # idmap config for the SAMDOM domain
>>         # alf has uid 1006
>>         idmap config SAMDOM:backend = ad
>>         idmap config SAMDOM:schema_mode = rfc2307
>>         idmap config SAMDOM:range = 2001-999999
>>
>>         template homedir = /home/%U
>>         template shell = /bin/bash
>>
>>         client use spnego = yes
>>         client ntlmv2 auth = yes
>>         encrypt passwords = yes
>>         restrict anonymous = 2
>>
>>         # fix dfs error's in log ?
>>         host msdfs = no
>>
>>         # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>>         winbind offline logon = yes
>>         winbind cache time = 15768000
>>
>>         winbind enum users = yes
>>         winbind enum groups = yes
>>
>> cat /etc/krb5.conf
>> [libdefaults]
>>      default_realm = SAMDOM.EXAMPLE.COM
>>      dns_lookup_realm = false
>>      dns_lookup_kdc = true
>>
>>
> What OS and version is this ?
debian 10
> 
> What Samba version ?
2:4.9.5+dfsg-5+deb10u1

only winbind installed.
> 
> Why are you using such low ID numbers, is your domain a classicupgraded
> one ?
yes
> 
> Rowland
> 
> 
>

More information about the samba mailing list