Samba setup with winbind: Error looking up domain users

Posted on 2006-05-26
Last Modified: 2008-01-09

I am trying to setup the samba for one linux box.  I am not a regular linux user so please bare with me.  Currently, I have a windows domain setup where all the windows box use domain to access all the computers and access remote folders. (Windows xp for pcs and 2003 for the domain server)

Now, I have added a linux machine to this network.  Now, i need to share files on the linux machine to only certain users.  Therefore, I was trying to configure samba to work as a member of already existing domain so that i can give permission accordingly.  However, I am stuck where the linux machine shows up on the network places but I cannot access any of the folders or if I can access it cannot modify them.  Remember, I need to restrict view and write access.  

While debugging i found that when tried to do following

wbinfo -u

i recieved "Error looking up domain users" error.

I don't know what information to provide to further explain my situation as I don't know what would be helpful.

Any help is greatly appreciated.

Thank you for reading and/or replying to my post.

- akshah123
Question by:akshah123
    LVL 17

    Author Comment

    I know that smb.conf would be really helpful in understanding my current layout.

          netbios name = LINUX_BOX
          password server = *
          wins server = example.local
          workgroup = example
          os level = 20
          username map = /etc/samba/
          encrypt passwords = yes
          winbind trusted domains only = yes
          realm = theorchard.local
          security = domain
          winbind separator = \
          idmap uid = 10000-20000
          idmap gid = 10000-20000
          winbind enum users = yes
          winbind enum groups = yes
            winbind trusted domains only = yes
            winbind use default domain = yes
            obey pam restrictions = yes

          revalidate = yes
          browseable = no
          comment = webserver
          writeable = yes
          valid users = test, root
          path = /var/www/html/
    LVL 1

    Accepted Solution

    I would strongly suggest you use the SAMBA configuration GUI utility that comes with Redhat. You can configure what you need without the hassle of reading/understanding the smb.conf file...

    To invoke this GUI utility, try 'system-config-samba' from super user mode.. (this command is taken from Fedora Core 5. Please let me know if doesn't work with your Red Hat. Will find out a similar command for you..)

    From your Config:

    Wondering if you can make a folder 'non-browseable' [AND] 'writable'... Though it might be possible, you might not be able to anything useful with such a config.. its like you have the permission to live in a house that is not there.... ;-) Check below to see what i mean...

         revalidate = yes
         browseable = no                 -> Means you can see whats inside...
         comment = webserver
         writeable = yes                 -> Means you can modify the inside contents... Doesn't really makes sense...
         valid users = test, root
         path = /var/www/html/

    Let us know how it goes...
    All the best :-)

    LVL 1

    Assisted Solution

    It may be a silly comment but did you join the linux server to the domain. This is required for winbind to work. It is accomplished by executing  "net rpc join -S PDC -U Administrator"

    It would be helpful as well to know what version of SAMBA you are running.

    LVL 17

    Author Comment

    Thanks for the comments ...


    I have tried using the redhat's config options but to no avail.  I even got the webmin running to see if that helps but I still couldn't get it to work.  Since, it is hard to explain graphically the configuration of my server, i simply posted the resulting config file.  

    >> mpomery
    I did run the winbind command to join with the domain.  That did result in a success.  Howver, i ran following command ...

    NET JOIN -uAdministrator
    LVL 17

    Author Comment

    Hey guys,

    I think i found out the problem.  THe issue i believe was with the file permissions. ONce i gave the linux user proper file permission to the webserver directories, it started to work.

    Thanks again...

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
    Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
    To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now