> workgroup = FOO > security = ads > realm = FOO.BAR.BAZ > idmap backend = ad > idmap range = 1000-999999 > password server = foo.bar.baz > winbind nss info = rfc2307 > winbind separator = / > winbind use default domain = yes > winbind nested groups = yes
Do you really need to specify a password server? IIRC this is used in standalone mode when you want to authenticate against a Windows machine. I don't know whether it would cause any confusion if you want AD to handle authentication but then tell it not to use AD but another box instead. Given that the error message reports it can't find the login server, that would seem to indicate that either your DNS isn't set up properly for the domain, the machine can't resolve it properly, or there's some sort of firewall blocking some or all of the communication with the AD servers. Can you run Wireshark/tcpdump while the problems are happening to see where the box is trying to connect to, and if it's receiving any responses? Cheers, Adam. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
