From: Rick Barnes on
I am trying to setup 2 workstations installed with Fedora 11 and samba 3.4.2. One is x86_64 and the other is i686 and I have the same issue with both. Neither machine will allow domain users from AD (Server 2003 R2) to authenticate. I have successfully send up samba on multiple CentOS 5.4 servers but they are still on 3.0.33 not 3.4.2.

At this point, I have joined the workstations and both wbinfo -u and wbinfo -g show the domain users and groups. Also, getent passwd shows the user info including UIDs and GIDs.

[global]

workgroup = DOM
netbios name = wkstn1
realm = DOM.LOCAL
security = ads
server string = wkstn1
idmap backend = ad
ldap idmap suffix = dc=dom,dc=local
ldap admin dn = cn=ldap,ou=Users,dc=dom,dc=local
idmap uid = 500-100000000
idmap gid = 500-100000000
winbind separator = +
winbind use default domain = true
;winbind offline logon = true
winbind nested groups = true
map untrusted to domain = yes
log level = 10

/var/log/secure:
login: pam_winbind(login:account): [pamh: 0x661170] ENTER: pam_sm_acct_mgmt (flags: 0x0000)
login: pam_winbind(login:account): valid_user: wbcGetpwnam gave WBC_ERR_DOMAIN_NOT_FOUND
login: pam_winbind(login:account): [pamh: 0x661170] LEAVE: pam_sm_acct_mgmt returning 3 (PAM_SERVICE_ERR)

I do not know what i should be looking for from log.winbindd, but I do see this:
[2009/11/09 13:04:19, 5] winbindd/winbindd_idmap.c:246(winbindd_sid2uid_recv)
sid2uid returned an error
[2009/11/09 13:04:19, 5] winbindd/winbindd_user.c:339(getpwsid_sid2uid_recv)
Could not query uid for user DOM\rick

# wbinfo -i rick
Could not get info for user rick
# id rick
uid=10000(rick) gid=10001(Domain Users) groups=10001(Domain Users)

Which is the uid set in Active Directory.

Thanks,
Rick

--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba