This document is intended to step you through some of the basics of troubleshooting samba connectivity with your domain controller, using wbinfo. This is not intended to show you how to configure Samba to talk to your domain controller. Others have done a much better job that I can.
winbind must be running in order for wbinfo to work, and you need to be connected to your domain.
wbinfo -p Ping to winbindd succeeded on fd 4
A simple ping test to see if your DC is alive
wbinfo -t checking the trust secret via RPC calls succeeded
Verify that the workstation trust account created when the Samba server is added to the Windows NT domain is working. This is a good first step to make sure you can talk to your DC
This will list your domain users. Make sure the users you expect are there
wbinfo -a greg.cain%password
This is an easy way to check that your user can authenticate against the domain. However, I’d recommend against using it since it will show your password on the command line, in your history, and in the ps command if it’s executed at the right time (there are many other reasons, but those should be enough to dissuade you.) Use a dummy account if possible.
Show a list of domain groups. Again, make sure the groups you expect are present.
wbinfo -n greg.cain S-1-5-21-XXXX789314-3545391909-2802175779-XXXX User (1)
This will get you the SID for the user you’ve specified (greg.cain in this case.)
wbinfo -s S-1-5-21-XXXX789314-3545391909-2802175779-XXXX DOMAIN\greg.cain
Using the SID you just returned, let’s make sure the reverse mappings are correct.
wbinfo -r greg.cain 16XXX216 16XXX217 ....
This will show a list of groups that the user greg.cain belongs to.
wbinfo -G 16XXX217 S-1-5-21-1540789314-3545391909-2802175779-YYY
This converts the GID to the SID.
wbinfo -Y S-1-5-21-1540789314-3545391909-2802175779-YYY 16XXX217
This is the reverse mapping of the SID to the GID