Configuring winbindd to retrieve id mappings through idmap_ad does not work in a clustered setup. log.winbindd-idmap shows: [2016/09/27 20:55:51.624381, 2, pid=31988, effective(0, 0), real(0, 0)] ../lib/tdb_wrap/tdb_wrap.c:64(tdb_wrap_log) tdb(/var/lib/samba/private/secrets.tdb): tdb_open_ex: could not open file /var/lib/samba/private/secrets.tdb: No such file or directory [2016/09/27 20:55:51.624440, 3, pid=31988, effective(0, 0), real(0, 0)] ../lib/dbwrap/dbwrap_tdb.c:430(db_open_tdb) Could not open tdb: No such file or directory [2016/09/27 20:55:51.624474, 1, pid=31988, effective(0, 0), real(0, 0)] ../auth/credentials/credentials_secrets.c:399(cli_credentials_set_machine_account_db_ctx) Could not find machine account in secrets database: Failed to fetch machine account password from secrets.ldb: error and failed to open /var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO [2016/09/27 20:55:51.624507, 10, pid=31988, effective(0, 0), real(0, 0), class=winbind] ../source3/winbindd/idmap_ad.c:314(idmap_ad_get_tldap_ctx) idmap_ad_get_tldap_ctx: cli_credentials_set_machine_account failed: NT_STATUS_CANT_ACCESS_DOMAIN_INFO The problem here is that idmap_ad only looks in a local tdb file for the credential information, not a clustered tdb. A secondary problem is that this error is incorrectly handled in the main thread. Patches to follow.
Created attachment 12523 [details] Patches for 4.5
Reassigning to Karolin for inclusion in 4.5.next.
(In reply to Jeremy Allison from comment #2) Pushed to autobuild-v4-5-test.
(In reply to Karolin Seeger from comment #3) Pushed to v4-5-test. Closing out bug report. Thanks!