Debian 9, SAMBA, and Active Directory. Windbind not syncing users and passwords.
 

we use an AD server, and a VM with SMABA on it to provide roaming profiles, and other company network shares. it stopped working today and I am a complete linux n00b : ( i was working with the spice-works community and they suggested i consult the gurus of this forum for further assistance. I need to know where to look, what diagnostic reports to look over, and what tests to run to narrow the problem down and hopefully resolve it as soon as humanly possible.

at first i noticed a time difference between the AD controller and the Debian server so i manually corrected this down to the second and still get errors like bad username / password when users attempt to connect, and an error on various machines stating the time between the AD controller and the file server are too far apart.

PLEASE remember i need the actual code to type into my console i have no idea how to use most of this stuff, and do not know contextual items of console at this time.

thanks in advance for all of your help, i reeeeally appreciate it!

Which version of Samba are you running? smbd --version will tell you.

Is Samba an AD member? Does smb.conf contain the setting security = ADS?

If yes to the above, can you authenticate against the Kerberos service in AD? In other words, does this work:Replace username with a valid AD user and DOMAIN.LOCAL with that user's UPN suffix (which may be your AD domain name), but in ALL CAPS. You should be prompted for a password.

Does wbinfo -u return a list of users from Active Directory?

Does getent passwd and getent group return a list of users and groups respectively, both local and from Active Directory?