[Samba] winbind -r not showing any groups

Andreas Hauffe andreas.hauffe at tu-dresden.de
Tue Jun 21 07:22:28 UTC 2022


Dear list,

I'm using SAMBA 4.16.2 on a openSUSE Leap 15.4 platform as a domain 
member, but I'm unable to get "winbind -r" to work. Also the linux 
"groups" command show local groups only (as a result?).

When running "winbind -r DOM+username" I'm getting the following error 
in the logs:

Jun 21 09:02:23 lftworkli06 winbindd[12376]: [2022/06/21 
09:02:23.768314,  0] 
../../source3/winbindd/winbindd_samr.c:72(open_internal_samr_conn)
Jun 21 09:02:23 lftworkli06 winbindd[12376]:   open_internal_samr_conn: 
Could not connect to samr pipe: NT_STATUS_CONNECTION_DISCONNECTED

smb.conf

[global]

    netbios name = lftworkli06
    security = ADS
    workgroup = ILRW
    realm = ILRW.ING.DOM.TU-DRESDEN.DE
    dedicated keytab file = /etc/krb5.keytab
    kerberos method = secrets and keytab

    #rpc start on demand helpers = false

    template homedir = /home/home_ilrw/%U
    template shell = /bin/bash

    winbind refresh tickets = yes
    winbind separator = +

    idmap config * : backend = tdb
    idmap config * : range = 2000-2999
    idmap config ILRW : backend = rid
    idmap config ILRW : range = 3000-9999 # UID aus RID fuer ILRW
    idmap config DOM : backend = rid
    idmap config DOM : range = 10000-9999999 # UID aus RID fuer DOM

krb.conf

[libdefaults]
        default_realm = ILRW.ING.DOM.TU-DRESDEN.DE
        dns_lookup_realm = false
        dns_lookup_kdc = true
        ticket_lifetime = 24h
        renew_lifetime = 7d
        forwardable = true

[realms]
   ILRW.ING.DOM.TU-DRESDEN.DE = {
        auth_to_local = 
RULE:[1:$0@$1](ILRW\.ING\.DOM\.TU-DRESDEN\.DE at .*)s/\.ING\.DOM\.TU-DRESDEN\.DE@/+/
        auth_to_local = 
RULE:[1:$0@$1](DOM\.TU-DRESDEN\.DE at .*)s/\.TU-DRESDEN\.DE@/+/
        auth_to_local = DEFAULT
   }
   DOM.TU-DRESDEN.DE = {
        auth_to_local = 
RULE:[1:$0@$1](ILRW\.ING\.DOM\.TU-DRESDEN\.DE at .*)s/\.ING\.DOM\.TU-DRESDEN\.DE@/+/
        auth_to_local = 
RULE:[1:$0@$1](DOM\.TU-DRESDEN\.DE at .*)s/\.TU-DRESDEN\.DE@/+/
        auth_to_local = DEFAULT
   }

-- 
*Andreas Hauffe***


More information about the samba mailing list