I believe you need to add in [global]
winbind enum users = Yes
winbind enum groups = Yes
Dale
On 06/17/2013 9:41 AM, Zane Zakraisek wrote:> I have Samba 4.6.6 running as an ADDC and all is working great. I have a
> Samba 3.6.9 File Server that I want to join to the domain. I have gone
> through the steps but am having issues.
>
> In my smb.conf file I have added the following
> realm = my.domain
> security = ads
> encrypt passwords = yes
>
> I edited my Kerberos file
> [libdefaults]
> default_realm = MY.DOMAIN
> dns_lookup_kdc = true
> [realms]
> ZAKRAISEK.COM = {
> kdc = server.my.domain
> }
> [domain_realms]
> .kerberos.server = MY.DOMAIN
>
> I installed winbind and edited my nsswitch.conf to add winbind options.
>
> The book that I went off to set this up says to use the idmap uid and idmap
> gid options, but to my knowledge these were deprecated a while ago so I did
> not include them.
>
> I did net join -U administrator, and it joined fine. If I look in Active
> Directory Users and Computers, I can see a computer account created for the
> Linux machine.
>
> I ran net ads testjoin, all is good here, no errors
> I ran wbinfo -p, all is good here, no errors
> I ran wbinfo -t, all is good here, no errors
> lastly I ran wbinfo -a "MY.DOMAIN\user", typed the password, and
everything
> worked successfully
>
> The samba book I'm using then says to run getent passwd
"My.DOMAIN\user"
> Here is where the error is. I can not seem to get any domain accounts to
> work with this command. If I run getent passwd by itself, it displays a
> list of all my local accounts on the machine, but no domain ones. Did I
> miss a step