I am trying to configure a Samba 4 Domain member with idmap back end "ad". If I use back end tdb or rid everything works fine.
The problem is if I try "id <domain user>" the user can not be found, neither are domain users listed under "getent passwd".
If i try "net rpc rights list accounts -U'SAMDOM\admin'" i get the error:
Code: Select all
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
Installed packages on my CentOS machine are samba4, samba4-client, samba4-common and samba4-winbind* and ntp.
The configured ntp server on the CentOS machine is Windows Server 2008 R2 DC.
I am using Samba version 4.4.4
In my /etc/nsswitch.conf I added:
Code: Select all
passwd: compat winbind
group: compat winbind
Code: Select all
[global]
netbios name = vm-smb4-test
workgroup = WINDOMAIN
realm = WINDOMAIN.LOCAL
security = ADS
encrypt passwords = yes
idmap config * : backend = tdb
idmap config * : range = 70001-80000
#idmap config WINDOMAIN: backend = rid
#idmap config WINDOMAIN: range = 3000000-4000000
idmap config WINDOMAIN: backend = ad
idmap config WINDOMAIN: schema_mode = rfc2307
idmap config WINDOMAIN: range = 500-2000
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
log level = 1 passdb:5 auth:5 winbind:5 idmap:5
log file = /var/log/samba/log.%m
max log size = 500
unix extensions = No
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
Any ideas why my configuration doesn't work with backend ad?
Thanks