From: Jeremy Farrar on
I am currently setting up a cluster of Samba servers using DRBD and CTDB. I
have gotten the DRBD and CTDB configured on my cluster. I have configured
Samba and Winbind to join my active directory domain. Right now I am
struggling to get authentication through Winbind to work. My /var/log/secure
file looks like my system is not even trying to authenticate against AD.

wbinfo -u work great as does wbinfo -g. I am able to successfully
authenticate withe wbinfo -a [Username]%[Password]. getent password and
getent group do not function.

I checked the following links based upon documentation I have read.

ls -la /lib | grep winbind
lrwxrwxrwx 1 root root 24 May 11 14:52 libnss_winbind.so ->
/lib64/libnss_winbind.so
lrwxrwxrwx 1 root root 24 May 11 14:52 libnss_winbind.so.2 ->
/lib64/libnss_winbind.so

Any help would be greatly appreciated. Thanks.

Here is a copy of my nsswitch.conf

passwd: files winbind
shadow: files winbind
group: files winbind

hosts: files dns

bootparams: nisplus [NOTFOUND=return] files

ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files winbind
services: files

netgroup: files

publickey: nisplus

automount: files
aliases: files nisplus

Here is a copy of my smb.conf

[global]
server string = %h
workgroup = [DOMAIN]
netbios name = stlnas
password server = [DOMAIN CONTROLLER]
realm = [DOMAIN].LOCAL
security = ads
idmap backend = tdb
private dir = /[DOMAIN]/ctdb
idmap uid = 10000-200000
idmap gid = 10000-200000
template shell = /bin/bash
template homedir = /[DOMAIN]/home/%U
template homedir = /home/[DOMAIN]/%U
winbind uid = 10000-200000
winbind gid = 10000-200000
winbind trusted domains only = no
winbind use default domain = true
winbind offline logon = false
winbind enum users = yes
winbind enum groups = yes
obey pam restrictions = yes
printcap name = /etc/printcap
clustering = yes
max log size = 50
disable netbios = yes
passdb backend = tdbsam
#============================ Share Definitions
==============================

[homes]
comment = Home Directories
path = /[DOMAIN]/home
browseable = no
writable = yes
acl check permissions = True
nt acl support = yes
ea support = yes
acl map full control = True
map acl inherit = yes
inherit acls = yes
vfs object = mysql_audit
mysql_audit:host=mysql1.[DOMAIN].local
mysql_audit:user=smbd
mysql_audit:pass=password
mysql_audit:name=smbd
mysql_audit:port=3306


[[DOMAIN]]
comment = All Shared Folders
path = /[DOMAIN]
copy = homes
admin users = "[DOMAIN]\[USERNAME]"

Here is my /etc/pam.d/samba:
#%PAM-1.0
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth include system-auth
account include system-auth
account required pam_winbind.so
session include system-auth
password include system-auth
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba