Samba/Winbind issues joing to Active directory domain

Question

I'm currently in the process of setting up winbind/samba and getting a few issues.

I can test connectivity with wbinfo fine:

[root@buildmirror ~]# wbinfo -u
hostname     username
administrator
guest
krbtgt
username


[root@buildmirror ~]# wbinfo -a username%password
plaintext password authentication succeeded
challenge/response password authentication succeeded

however when I do a getent I don't get any AD accounts returned

[root@buildmirror ~]# getent passwd
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
puppet:x:52:52:Puppet:/var/lib/puppet:/sbin/nologin

my nsswitch looks like this:

passwd:     files winbind
shadow:     files winbind
group:      files winbind

#hosts:     db files nisplus nis dns
hosts:      files dns

and I'm definitely joined to the domain:

[root@buildmirror ~]# net ads info
LDAP server: 192.168.4.4
LDAP server name: pdc.domain.local
Realm: domain.local
Bind Path: dc=DOMAIN,dc=LOCAL
LDAP port: 389
Server time: Sun, 05 Aug 2012 17:11:27 BST
KDC server: 192.168.4.4
Server time offset: -1

So what am I missing?

Answer 1

Do you have the following lines in /etc/samba/smb.conf?

winbind enum users = yes
winbind enum groups = yes

Answer 2

getent does not show domain users by default. You can, however, use it for one user name at a time for a known AD user: getent passwd mydomainuser

If you are unable to login as users, make sure your pam files are setup correctly. On Ubuntu (and maybe Debian?) this is easiest done with the command pam-auth-update On RH/Fedora, use the authconfig-tui command.