[Samba] Problem with Samba as Member to AD

Mr Typo euroregistrar at gmail.com
Sun Jul 18 08:29:47 UTC 2021 

Hello Rowland,

thank you for your first input. I did alot of testing, and yeah the
global section was not really clean :( Thank you!
i am using Centos8 and i was running nscd (system auth pure ldap
against the domain controller).

When i was shutting down nscd the authentication with samba/winbind was working.

When i search the internet i find messages that tells me that nscd +
winbind is NOT working, but other say that it is working. Can you
advise me here?

If you want to ask why i should want to run nscd/ldap + winbind. Well
i dont want to start winbind/samba on every linux machine just for
authentication. before trying nscd with winbind i tried sssd + winbind
-> complete messup.

any advice here?


best regards

On Sun, Jul 18, 2021 at 9:40 AM Rowland Penny via samba
<samba at lists.samba.org> wrote:
>
> On Sun, 2021-07-18 at 08:49 +0200, Mr Typo via samba wrote:
> > Hello all,
> >
> > i hope you can help me. I have successfully set up a connection with
> > samba to my domain controller. What works:
> > * wbinfo -u / wbinfo -g
> > * wbinfo -a
> > * bet ads info
> >
> > i hope you can help me! thank you!
> >
>
> Lets start by fixing your smb.conf:
>
> You have 'password server = 10.40.130.10' , you should remove this and
> allow Samba to find a DC.
>
> You have 'winbind use default domain = true' , you cannot use this with
> autorid. Either remove this line or change the winbind backend to
> 'rid'.
>
> You have 'guest ok = yes' in the 'shareshare' share, but you do not
> have 'map to guest = bad user' in '[global]' , so guest access will not
> work.
>
> Now to your problem. Whilst 'wbinfo -u' may show your AD users, it does
> not mean that the Unix OS knows your AD users. If you run 'getent
> passwd an_AD_username' on the Samba server, does it produce output ?
>
> As you haven't given us any information about your OS, I cannot advise
> further, except to comment about your TLD. Using '.local' isn't
> recommended, so if it is your TLD (and not sanitisation), then I
> suggest you turn off Avahi on the Unix domain member (if it is running.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list