compiled from source: openldap-2.2.26 heimdal-0.7 samba-3.0.14a on Suse linux 9.1 Pro cat ~/etc/smb.conf [global] # separate domain and username with '\', like DOMAIN\username winbind separator = + # use uids from 10000 to 20000 for domain users idmap uid = 10000-20000 # use gids from 10000 to 20000 for domain groups idmap gid = 10000-20000 # allow enumeration of winbind users and groups winbind enum users = yes winbind enum groups = yes # give winbind users a real shell (only needed if they have telnet access) template homedir = /home/%U template shell = /bin/bash winbind cache time = 600 winbind trusted domains only = yes workgroup = BSS # to remove domain from username # winbind use default domain = yes obey pam restrictions = Yes realm = domain security = ADS encrypt passwords = yes password server = domain nmbd runs OK winbindd starts fine. setting log level to 5 for winbindd with: getent group get: " [2005/07/27 11:19:46, 5] lib/util.c:Realloc(954) Realloc asked for 0 bytes [2005/07/27 11:19:46, 5] lib/util.c:Realloc(954) Realloc asked for 0 bytes [2005/07/27 11:19:46, 4] nsswitch/winbindd_group.c:get_sam_group_entries(562) get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well [2005/07/27 11:19:46, 4] nsswitch/winbindd_group.c:get_sam_group_entries(571) get_sam_group_entries: Returned 0 local groups [2005/07/27 11:19:46, 3] nsswitch/winbindd_group.c:winbindd_getgrent(619) [ 1860]: getgrent [2005/07/27 11:19:46, 3] nsswitch/winbindd_group.c:winbindd_endgrent(484) [ 1860]: endgrent [2005/07/27 11:19:46, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 19, pid 1860: EOF " wtih getent passwd I get: " [2005/07/27 11:20:35, 3] nsswitch/winbindd_misc.c:winbindd_interface_version(261) [ 1861]: request interface version [2005/07/27 11:20:35, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(297) [ 1861]: request location of privileged pipe [2005/07/27 11:20:35, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 19, pid 1861: EOF [2005/07/27 11:20:35, 3] nsswitch/winbindd_user.c:winbindd_setpwent(310) [ 1861]: setpwent [2005/07/27 11:20:35, 3] nsswitch/winbindd_user.c:winbindd_getpwent(486) [ 1861]: getpwent [2005/07/27 11:20:35, 3] nsswitch/winbindd_user.c:winbindd_endpwent(375) [ 1861]: endpwent [2005/07/27 11:20:35, 5] nsswitch/winbindd.c:winbind_client_read(477) read failed on sock 20, pid 1861: EOF " Ths is with winbind joining a Windows 2003 server ADS using; net ads join -U administrator all works fine. wbinfo -t is OK. wbinfo -g and wbinfo -u both return the right things.
In my smb.conf I had: winbind trusted domains only = yes Which worked with samba-3.0.9 to strip off the leading domain name for getent passwd so single UNIX and Windows sign on would work. I then told myself to RTM and: This now works with 3.0.20rc1: winbind use default domain = yes