Ubuntu: Problem with Winbind/Samba



Question:

I've been having an issue on my network that has completely vexed me.

I have three workstations running Ubuntu 13.04, one Windows 7 workstation, and three servers on Ubuntu Server 12.04. One of the servers is a domain controller running Samba4 and handles DNS, Kerberos, NTP, and DHCP.

Today I was trying to add a laptop to the domain, running Ubuntu 13.10. I issue net ads join -U AdminUser and the laptop joins the domain with no errors. I literally copied and pasted the config files from the other workstations and verified the permissions.

When I run wbinfo I can see the domain users and groups. However, when I run getent I see only local users and groups. If I run wbinfo -a domainuser --verbose, I am asked for the user's password and the password is accepted with no errors. Kerberos works as well.

nsswitch.conf, pam.d/common-auth, pam.d/common-session, pam.d/common-account, smb.conf, and krb5.conf are all exact copies of the other systems (which work), and I've even read through them all to verify this.

Is there something I've overlooked?

Is there something that was changed on Ubuntu between 13.04 and 13.10?

Any help would be appreciated!


Solution:1

I had the same problem and installing libnss-winbind resolved the problem.

sudo apt-get install libnss-winbind  


Solution:2

Thank you so much for this! I have been struggeling with this 'last piece of the puzzle' for 4 days now, with endless reinstalls and startovers. I have a couple of tips for those as newbies as me trying to get this together on 13.10 :

1) installing SAMBA separately with apt-get after OS-installation seemed to be better than installing it as an option when installing the OS. I don't know exactly WHAT it was, but it behaved differently.

2) All the howtos and docs I have read (and tried) for AD/Winbind are a little outdated. IF you do thing right and in the right sequence, there is NO NEED to fiddle with any of the /etc/pam-d/ - files. pam-auth-update takes care of everything ! The only exception is perhaps 'common-session' if you want to have a home-directory created automatically for users logging in for the first time from AD.

3) same with Kerberos - use dpkg-reconfigure krb5-user in stead of editing /etc/krb5.conf as many papers will tell you to do.

4) Most of the Howtos and documents describing /etc/samba/smb.conf are also outdated. Use new format and remember to do testparm. The important part of mine looks like this :

    workgroup = LUUN      netbios name = trubadurix        security = ads      realm = LUUN.LOCAL      winbind use default domain = yes      winbind enum users = yes      winbind enum groups = yes      winbind nested groups = yes      winbind refresh tickets = yes      template shell = /bin/bash      template homedir = /home/%D/%U      domain master = no      client use spnego = yes      idmap config *:backend = tdb      idmap config *:range = 10000-20000      idmap config LUUN : backend = rid      idmap config LUUN : range = 1000-20000      idmap config LUUN : base_rid = 0      map untrusted to domain = yes  

5) remember to install libpam-krb5, winbind (no - SAMBA is not enough even though some of the documentation would lead you to believe that), libpam-winbind and finally libnss-winbind...


Solution:3

I never could figure out the problem, so I wound up removing Ubuntu and installing Ubuntu 13.04 instead of 13.10.

I followed the exact same procedures as before everything now works like a charm.

Never could find anything in the logs that indicated a problem, so I don't know if this was due to a bug or what.

At any rate, I'm up and running now. Thank you anyway!


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »