Thanks for the logs and smb.conf
You have multiple problems in the setup.
The first, ( no uid/gid/ users with getentpasswd )
On a AD DC you must use : getent passwd username
On a member you can use : getent passwd and getent passwd username
But for the DC, you must have this also.
winbind enum users = yes
winbind enum groups = yes
But beware if you have a big AD, this will slow down you AD DC server.
And your users/groups have a UID/GID.
Then yes you will see the id, if you configured The DC shows:
getent passwd username
NTDOM\username:*:10002:10000::/home/users/username:/bin/bash
(The home path uid and gid can differ )
Beware of :
realm = SBOCLDEMO.LOCAL
If you have avahi-daemon installed, check you nsswitch.conf
Make sure you have setup : compat winbind
mDNS can be a problem and .local domains are not adviced to use.
If you see:
hosts: files mdns4_minimal dns
Change that to
hosts: files dns mdns4_minimal
I suggest also you have a read here.
https://wiki.samba.org/index.php/User_Documentation
For the second problem..
Windows ?? If its XP, try it with these.
This reg key.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"lmcompatibilitylevel"=dword:00000005
These smb.conf settings, now your XP compable, but you still have a secure
samba.
lm announce = no
lanman auth = no
ntlm auth = no
client lanman auth = no
client ntlmv2 auth = yes
Try not to sacrifice server configs for old clients.
Try this and report back.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Pkg-samba-maint
> [mailto:[email protected]
> ebian.org] Namens [email protected]
> Verzonden: dinsdag 27 juni 2017 12:02
> Aan: Mathieu Parent; [email protected]
> Onderwerp: [Pkg-samba-maint] Bug#721514: Bug#721514: winbind:
> Winbind authentication also broken after upgrade from from
> Jessie to Stretch
>
> Hi!
>
> Then I've created new server to check if it is working with
> domain without out of box.
> The following command worked properly: "kinit" ; "wbinfo -u
> ";"wbinfo -g".
> But "getent passwd", "getent group" return only local data.
> And I cannot open shared folder from windows machines using
> AD credentials.
>
> Testing config and log files it attachment.
> Thank you!
>
> On 27.06.2017 15:40, Mathieu Parent wrote:
> > Hello,
> >
> > Have you more info? The package split was in jessie, there
> is no such
> > thing in stretch.
> >
> > Regards
> >
> > Mathieu Parent
>
> _______________________________________________
> Pkg-samba-maint mailing list
> [email protected]
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-sa
> mba-maint
>
