When Linux Winbind is not working. Restart winbind or Flush the Cache
I am steering away from winbind these days, but in case anyone out there is still using it or has a legacy system that is using Winbind to do AD Authentication. Here is a nice tip to help you through issues with Winbind.
First try to restart winbind with a simple restart of it.
service winbind restart
If that doesn’t work you can proceed with flushing the cache. Most commonly I see issues happen with Winbind when a Domain Controller is retired from the AD FQDN domain. One of the main causes of this issues is the fact that winbind inherently caches the connection to the targeted domain controller.
Here is how to Clear the cache in case you have to start winbind off in a clean state.
#Stop the Winbind and samba service :
service winbind stop
service samba stop
#Flush Net Cache
net cache flush
#Delete the Winbind cache:
cd /var/lib/samba/
#Always take backup before deleting anything:
mkdir old && mv *.tdb old/.
#Start the samba service if you have it :
service samba start
#Start the Winbind service
service winbind start
#You can test if AD is working if you can do an
id <username>
Ben Tuma
Over 20 years of experience in the Information Technology field. I love technology and seeing how it changes and impacts peoples lives for the better. I have healthy appetite for innovation and problem solving.
I am sharing my knowledge and challenges in hopes to help others as we constantly face ever changes problems in IT and technology.
What can we use instead of winbind to setup AD SSO?
I would recommend using SSSD with AD LDAP. It works a lot better than winbind and actually keeps the UID and GID’s consistent across the domain from server to server.