> -----Messaggio originale-----
> Da: samba-bounces+gianlucaculot=dmsware.com@lists.samba.org
> [mailto:samba-bounces+gianlucaculot=dmsware.com@lists.samba.or
> g] Per conto di Roberto Lizana
> Inviato: mercoled? 11 luglio 2007 13.26
> A: samba@lists.samba.org
> Oggetto: [Samba] cannot autenticate user in AD
>
> I have configured samba like member of AD, if i type in
> console 'wbinfo -u' y get all user of my AD, if type in
> console 'wbinfo -g' y get all groups too. It's correct but if
> i type 'getent passwd' or 'getent group'
> don't get any user or group of my AD... why???
>
> * in nsswitch.conf appears:
> passws: files winbind
> group: files winbind
> shadow: files winbind
>
> i execute ldconfig for apply all changes of nsswitch.conf
>
> i have libnss_winbind.so and libnss_winbind.so.2 in /lib
>
> * smbd version is 3.0.25b and i compile this with arguments:
> --with-winbind --with-krb5=/usr/lib --with-ads
>
> * smb.conf:
> workgroup = DOMAIN
> realm = DOMAIN.INT
> netbios name = samba1
> preferred master = no
> client schannel = no
> security = ADS
> password server = *
> idmap uid = 10000-250000
> idmap gid = 10000-250000
> winbind uid = 10000-250000
> winbind gid = 10000-250000
> winbind separator = +
> winbind enum users = yes
> winbind enum groups = yes
>
>
> * klist
> Default principal: administrator@DOMAIN.INT
>
> Valid starting Expires Service principal
> 07/11/07 12:26:17 07/11/07 22:26:18 krbtgt/DOMAIN.INT@DOMAIN.INT
> renew until 07/12/07 12:26:17
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
>
Hello Roberto
I'm not a Samba Expert, so ... Make backups before trying what I suggest :D
I don't like two settings in your smb.conf
password server = * >>> I'd specify an address or a name which CAN
be
sonved by DNS
winbind separator = + >>> YOU REALLY SURE ? I'd suppress this with
a
comment #
Hope this helps
Be well
Gianluca