Hai, this is an older report but i'll update this. Must whats in the report is correct but not all. . the line : passdb backend = samba4 should not be in the smb.conf this is ok on a AD DC. root@pdc:~# wbinfo -u | grep Administrator Administrator root@pdc:~# id Administrator uid=0(root) gid=100(users) groups=0(root),100(users),3000004(EXAMPLE\Group
for the member: winbind uid = 10000-20000 winbind gid = 10000-20000 should not be in smb.conf Kerberos keytab is generated with (samba-tool gives segfault): net rpc vampire keytab /etc/krb5.keytab -I[pdc_ip] -UAdministrator%passwd The join is normaly done on the members with : net ads (newer version as of 4.5.x can use samba-tool ) wbinfo -u | grep Administrator Administrator *THEN* Winbind is working (see previous step), but id or getent (or other resolving stuff) aren't: root@workstation:~# id Administrator id: Administrator: no such user root@workstation:~# getent passwd Administrator [nothing] This is correct on a member server you done see UID=0 for Administrator. and you NEVER assing uid=0 to Administrator. you need to define username map = /etc/samba/samba_usermapping with content: !root = NTDOM\Administrator NTDOM\administrator and setup your SePrivileges for "Domain Admins" In my opinion errors in config and not in samba. Thanks, Louis

