=== failed to find authenticated user via getpwnam denying access ===

<code>
/etc/init.d/smb stop && /etc/init.d/windbind stop && /etc/init.d/nscd stop
net cache flush
rm -rf /var/lib/samba/*.tdb
net ads join -Udomainadmin
/etc/init.d/smb start && /etc/init.d/windbind start && /etc/init.d/nscd start
</code>

=== /etc/samba/smb.conf ===

<code>
[global]
   workgroup = workgroup
   server string = Serveur toto
   log file = /var/log/samba/%m.log
   realm = serveur.ad.toto.fr
   security = ads
   template shell = /bin/bash
   idmap uid = 20000-50000000
   idmap gid = 20000-50000000
   winbind use default domain = yes
   winbind enum users = no
   winbind enum groups = no
   winbind separator = +
   allow trusted domains = no
   password server = X.X.X.X X.X.X.X
   wins server = X.X.X.X
   name resolve order = wins lmhosts host
   client use spnego = yes
   client ntlmv2 auth = yes
   encrypt passwords = yes
</code>

=== /etc/nsswitch.conf ===

<code>
passwd:     files nis winbind
shadow:     files nis winbind
group:      files nis winbind
</code>

=== /etc/krb5.conf ===
<code>
[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = serveur.ad.toto.fr
 dns_lookup_realm = true
 dns_lookup_kdc = true

[realms]
 
 serveur.ad.toto.fr = {
  kdc = X.X.X.X
  kdc = X.X.X.X
  admin_server = X.X.X.X
  }

[kdc]
 profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
 pam = {
   debug = false
   ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }
</code>

Joindre le domaine :

  net ads join -UAdministrator
  
Tester :

  wbinfo -u ID