After some playing around, I finally managed to get winbind to work and authenticate against AD. The weird thing is that if I reboot, it only works after I restart the service.

I see this in my winbindd.log under log level 3:

[2008/10/01 14:47:23, 3] nsswitch/winbindd_misc.c:winbindd_priv_pipe_dir(524)
[ 7485]: request location of privileged pipe
[2008/10/01 14:47:23, 3] nsswitch/winbindd_group.c:winbindd_getgroups(1273)
[ 7485]: getgroups gdm
[2008/10/01 14:47:23, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", 192.168.151.18"
[2008/10/01 14:47:30, 1] libads/cldap.c:recv_cldap_netlogon(219)
no reply received to cldap netlogon
[2008/10/01 14:47:30, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request 192.168.151.18 failed.
[2008/10/01 14:47:30, 1] libads/ldap.c:ads_find_dc(355)
ads_find_dc: failed to find a valid DC on our site (Default-First-Site-Name),
trying to find another DC
[2008/10/01 14:47:30, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", 192.168.151.18"
[2008/10/01 14:47:30, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", 192.168.151.18"
[2008/10/01 14:47:30, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: ", 192.168.151.18"
[2008/10/01 14:47:30, 2] lib/util_tdb.c:tdb_log(664)
tdb(unnamed): tdb_open_ex: could not open file /var/cache/samba/unexpected.tdb
: No such file or directory


My smb.conf has this in the global section:

workgroup = MINE
password server = 192.168.151.18
realm = MINE.ORG
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
template shell = /bin/bash
winbind use default domain = yes
winbind offline logon = no
winbind enum users = no
winbind enum groups = no
template homedir = /home/%D/%U

And when attempting to log in, secure log shows:

Oct 1 14:47:51 repodepo sshd[7491]: pam_winbind(sshd:auth): getting password (0x00000010)
Oct 1 14:47:51 repodepo sshd[7491]: pam_winbind(sshd:auth): pam_get_item returned a password
Oct 1 14:47:51 repodepo sshd[7491]: pam_winbind(sshd:auth): request failed: No logon servers, PAM error was Authentication service cannot retrieve authentication info (9), NT error was NT_STATUS_NO_LOGON_SERVERS
Oct 1 14:47:51 repodepo sshd[7491]: pam_winbind(sshd:auth): internal module error (retval = 9, user = 'amccorma')
Oct 1 14:47:53 repodepo sshd[7491]: Failed password for invalid user amccorma from 192.168.230.40 port 1868 ssh2


Like I said though, it's weird. If I restart winbind, users are able to authenticate correctly. Firewall is down temporarily, and SElinux is permitting winbind and samba to do whatever they want. I've read a lot of stuff and been playing with this all day, so it's definitely possible that I have conflicting stuff in other files or something. Can anyone help me out?


-Andrew