[Samba] wbinfo -u / getent passwd not working

Rowland penny rpenny at samba.org
Fri Jul 10 10:39:33 UTC 2020 

On 10/07/2020 11:31, basti via samba wrote:
>
> On 10.07.20 12:25, Rowland penny via samba wrote:
>> On 10/07/2020 11:10, basti via samba wrote:
>>> Hello,
>>> i try to setup a linux laptop for homeoffice with login for ad users.
>>> The last few days it work like expected.
>>>
>>> today wbinfo -u return no user, getent passwd <username> also.
>>>
>>> wbinfo -a "SAMDOM\user"
>>> Enter SAMDOM\user's password:
>>> plaintext password authentication succeeded
>>> Enter SAMDOM\user's password:
>>> challenge/response password authentication succeeded
>>>
>>> wbinfo -D SAMDOM also works.
>>>
>>> laptop smb.conf:
>>>
>>> [global]
>>>          security = ADS
>>>          workgroup = SAMDOM
>>>          realm = SAMDOM.EXAMPLE.COM
>>>
>>>          log file = /var/log/samba/%m.log
>>>          log level = 1
>>>
>>>          winbind refresh tickets = Yes
>>>          dedicated keytab file = /etc/krb5.keytab
>>>          kerberos method = secrets and keytab
>>>          winbind use default domain = yes
>>>
>>>          load printers = no
>>>          printing = bsd
>>>          printcap name = /dev/null
>>>          disable spoolss = yes
>>>
>>>          # Default ID mapping configuration for local BUILTIN accounts
>>>          # and groups on a domain member. The default (*) domain:
>>>          # - must not overlap with any domain ID mapping configuration!
>>>          # - must use an read-write-enabled back end, such as tdb.
>>>          idmap config * : backend = tdb
>>>          idmap config * : range = 1000-2000
>>>
>>>          # idmap config for the SAMDOM domain
>>>          # alf has uid 1006
>>>          idmap config SAMDOM:backend = ad
>>>          idmap config SAMDOM:schema_mode = rfc2307
>>>          idmap config SAMDOM:range = 2001-999999
>>>
>>>          template homedir = /home/%U
>>>          template shell = /bin/bash
>>>
>>>          client use spnego = yes
>>>          client ntlmv2 auth = yes
>>>          encrypt passwords = yes
>>>          restrict anonymous = 2
>>>
>>>          # fix dfs error's in log ?
>>>          host msdfs = no
>>>
>>>          # https://wiki.samba.org/index.php/PAM_Offline_Authentication
>>>          winbind offline logon = yes
>>>          winbind cache time = 15768000
>>>
>>>          winbind enum users = yes
>>>          winbind enum groups = yes
>>>
>>> cat /etc/krb5.conf
>>> [libdefaults]
>>>       default_realm = SAMDOM.EXAMPLE.COM
>>>       dns_lookup_realm = false
>>>       dns_lookup_kdc = true
>>>
>>>
>> What OS and version is this ?
> debian 10
>> What Samba version ?
> 2:4.9.5+dfsg-5+deb10u1
>
> only winbind installed.
So you only require authentication

Have you tried restarting winbind ?

Rowland

More information about the samba mailing list