Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Recently many users have been getting failed login when accessing the samba shares. I then looked at wbinfo and it is not returning the full list of users only half of them.
There could be two reasons:
1. Your winbind cache could be containing corrupt data. You can find this in /var/lib/samba.
a.) stop samba and winbind
b.) Make a backup copy of /var/lib/samba
c.) Delete contents of /var/lib/samba
d.) Rejoin your server to your domain: net rpc join -S <netbios name of domain server> -U [root%<*samba* root password> | <domain admin>%<domain admin password> ]
e.) restart samba and winbind
f.) Time sync is crucial. Always have an ntp client in your member server synching with the time in your domain controller.
or....
2. Your pdc could be running heavy. Check youe domain controller's systems load. A heavily loaded PDC can not respond to your member server's query resulting in having not all the users authenticated. If I am not mistaken, time-out period is 10 seconds.
TIP: Increase the winbind cache time. This way winbind will not query authentication to your pdc often. If your don't add/delete users/groups often try changing it to the equivalent of 1 - 2 days (in seconds of course)
This worked for me after the third try, too. It's crucial to do it in EXACTLY this order! Stop daemons, delete files, add to domain, start daemons. Thanks mar10
sudo pico /etc/samba/smb.conf
then add "winbind cache time = 40" (or at least something greater than 10)
and of course Ctrl "x", "y", and Enter to get out of pico
sudo mv winbindd_idmap.tdb winbindd_idmap.tdb.old
sudo /etc/init.d/winbind stop
sudo /etc/init.d/samba restart
sudo /etc/init.d/winbind start
wbinfo -g
wbinfo -u
which worked, at least for me, using Debian Lenny (but now I'm onto another problem of getting "getent group" and "getent passwd" to list the same results as the wbinfo commands (but with SID and GID I can use to lock down some folders)...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.