# winbind does not start

## palmadj

For some crazy reason winbind refuses to start.  I am trying to tie into AD on W2k3.  So far Kerberos works, Samba Starts but Winbind refuses to start with this error:

[2004/05/13 09:36:57, 0] param/loadparm.c:lp_do_parameter(3066)

  Global parameter passwd chat found in service section!

[2004/05/13 09:36:57, 0] param/loadparm.c:lp_do_parameter(3066)

  Global parameter pam password change found in service section!

[2004/05/13 09:36:57, 0] nsswitch/winbindd_util.c:winbindd_param_init(487)

  winbindd: idmap uid range missing or invalid

[2004/05/13 09:36:57, 0] nsswitch/winbindd_util.c:winbindd_param_init(488)

  winbindd: cannot continue, exiting.

smb.conf checks out with TESTPARM.  Here it is:

[global]

   socket options = TCP_NODELAY

   interfaces =

   netbios name = w72l-penguin

   workgroup = tww007

   share modes = no

   printing = sysv

   printcap name = /etc/printcap

   load printers = no

   #guest account = siduser

   security = ADS

   encrypt passwords = yes

   dead time = 10

   local master = no

   password server = myserver.mydomain

   realm = tww007.sitest.net

[home]

   comment = Samba AD Test

   path = /home

   #guest account = siduser

   read only = no

   public = yes

   force directory mode = 0777

   force create mode = 0777

#winbind options 

winbind separator = +

#winbind uid = 10000-20000

#winbind gid = 10000-20000

winbind cache time = 15

winbind enum users = yes

winbind enum groups = yes

template homedir = /home/%D/%U

template shell = /bin/bash

idmap uid = 15000-20000

idmap gid = 15000-20000

#Allow password changing from Windows to update Linux System Password:

unix password sync = Yes

passwd program = /usr/bin/passwd %u

passwd chat = *New*password* %n\n *Retype*new*password* %n\n *password:*all*authentication*tokens*updated*successfully

#Use PAM's password change control flag for Samba. If enables,

#then PAM will be used for password changes when requested by

#an SMB client instead of the program listed in the passwd program.

#It should be possible to enable this without changing your passwd

#chat parameter for most setups.

pam password change = yes

Can sombody post me a working AD config?

----------

## darkarchon

i found this googling around....

 *Quote:*   

> Your smb.conf file is lacking the "idmap uid" field that Samba 3.0's winbindd requires in order to run.  Read /usr/share/doc/samba-3.0.0/docs/Samba-HOWTO-Collection.pdf, add all the 
> 
> fields that winbindd requires, and try again. 

 

----------

## Chris W

I would hazard a guess that all of this:

```
#winbind options

winbind separator = +

#winbind uid = 10000-20000

#winbind gid = 10000-20000

winbind cache time = 15

winbind enum users = yes

winbind enum groups = yes

template homedir = /home/%D/%U

template shell = /bin/bash

idmap uid = 15000-20000

idmap gid = 15000-20000

#Allow password changing from Windows to update Linux System Password:

unix password sync = Yes

passwd program = /usr/bin/passwd %u

passwd chat = *New*password* %n\n *Retype*new*password* %n\n *password:*all*authentication*tokens*updated*successfully

#Use PAM's password change control flag for Samba. If enables,

#then PAM will be used for password changes when requested by

#an SMB client instead of the program listed in the passwd program.

#It should be possible to enable this without changing your passwd

#chat parameter for most setups.

pam password change = yes
```

should be in the [Global] section and not the [Homes] section as it is now.  That's what the error implies anyway.

----------

