Samba 3.4 on CentOS 5 - RPMs available - Resolve winbind issues with Windows Server 2008 R2

A friend of mine uses Samba and winbind on his CentOS Linux boxes for user and group information and Kerberos for authentication. He upgraded his domain controllers recently to Windows Server 2008 R2 and suddenly his winbind authentication broke.

After doing some research around the Net, it appears that this problem is a bug in earlier versions of Samba. CentOS currently uses Samba 3.0.33 (along with some/a lot of patches from Red Hat). From my research it appeared that new versions of Samba resolve this issue, however Red Hat always plays it safe and keeps the same basic version on Red Hat Enterprise Linux and back-ports security and bug fixes.

In order to get his winbind setup working I took the most recent Fedora 11 Samba source RPM packages and rebuilt them for RHEL5/CentOS 5. I use the same build system as the Fedora project to build these RPMs (Koji -, so they were built as the EPEL packages are built.

To build and install the packages there are some additional packages that you'll need. I believe that they are available in the Fedora Extra Packages for Enterprise Linux (, but I've also included them in my downloads directory just in case.

You will have to manually install the packages because the new Samba packages breakout the winbind stuff so when you try to yum install them you will get conflicts.

REMEMBER: Always BACKUP your configs

Download the packages here:

Make sure to download only the packages for your architecture (i386, or x86_64). I've also provided the source RPMs in case you'd like to build the packages for yourself.

Here's how I installed the packages on my test box (I only needed samba, samba-common, and samba-winbind; you may need other packages):

. Shutdown Samba and winbind
. Install libtalloc and libtdb (either from my downloads, or via yum and EPEL)
. rpm -Uvh --force samba-common* samba-3.4* samba-winbind*
. Restart Samba and winbind

You may have to rejoin your Linux box to your domain with

net ads join -U [DOMAIN_ADMIN]

You can now test with:

wbinfo -t
wbinfo -u

If the last command works then you're all set. If not, double-check your Samba config file and your Kerberos config file.

Hope these help some peeps out there.