I am setting up a new samba environment based on Debian Jessie.Installation of PDC was succesfully and Windows clients were able to join. Have a problem at joining the Linux clients.

I was following the tutorial SAMBA Share with Active Directory Login but could not complete. I fail at "chgrp -R "Domain Users" /share, because he will not find the group "chgrp: invalid group: ???domain users???"wbinfo -u is WORKINGgetent passwd is WORKING and shows domain accountsBUT getent passwd (DOMAINUSER) will not show up anything.

I will paste my smb.conf, nsswitch.conf and krb5.conf, please help me :(

/etc/samba/smb.conf

[global]workgroup=xsecurity=adsrealm=x.LOCALdomain master=nolocal master=nopreferred master=noprintcap name=/etc/printcapload printers=noidmap config * : backend=tdbidmap config * : range=10001-20000idmap config x : schema_mode=rfc2307idmap config x : backend=rididmap config x : range=500-20000winbind enum users=yeswinbind enum groups=yeswinbind use default domain=yeswinbind nested groups=yeswinbind refresh tickets=yeswinbind offline logon=truetemplate homedir=/home/%D/%Utemplate shell=/bin/bashclient use spnego=yesclient ntlmv2 auth=yesencrypt passwords=yesrestrict anonymous=2log file=/var/log/samba/samba.loglog level=2

/etc/krb5.conf

 [libdefaults]ticket_lifetime=24hdefault_realm=x.LOCALforwardable=true[realms]x.LOCAL={kdc=pdc.fqdndefault_domain=x.local}[domain_realm].x.local=x.LOCALx.local=x.LOCAL[kdc]profile=/etc/krb5kdc/kdc.conf[appdefaults]pam={debug=falseticket_lifetime=36000renew_lifetime=36000forwardable=trukrb4_convert=false}[logging]kdc=FILE:/var/log/krb5kdc.logadmin_server=FILE:/var/log/kadmin.logdefault=FILE:/var/log/krb5lib.log

/etc/nsswitch.conf

passwd: files winbindgroup: files winbindshadow: files winbindgshadow: fileshosts: files dns winsnetworks: filesprotocols: db filesservices: db filesethers: db filesrpc: db filesnetgroup: nis

any ideas? Do you need more log files?

  • You must install libpam-winbind and libnss-winbind. Please check that in your /etc/resolv.conf your (samba4) AD domain is set as search parameter and your domaincontroller as nameserver. You already have winbind in /etc/nsswitch.conf. Do pam-auth-update and net ads join -Uadministrator again and try service winbind restart (or even a reboot, sometimes things get stuck) and getent passwd again.– Uwe BurgerNov 20 '16 at 7:19

according to your error message, there may not be a group "Domain Users" on your system, do a

$ grep "Domain Users" /etc/group

possibly you need to do:

# addgroup "Domain Users" (as root)

    Check out the setup guide at http://thepullen.net/wp/2013/03/using-winbind-to-resolve-active-directory-accounts-in-debian/. Also make sure libnss-winbind is installed.

    You can test winbind itself with 'wbinfo -u' (should return a huge list of all your domain users).

    the command 'id xxxx' will try to find info about just user xxx using the system/nsswitch.conf configuration. Between those you should be able to figure out where the problem is.

      protected by Community May 27 '15 at 13:40

      Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).

      Would you like to answer one of these unanswered questions instead?

      Not the answer you're looking for? Browse other questions tagged or ask your own question.