Samba 4 AD域控制器上的winbind信息不一致

我在Debian Jessie（samba 4.2.10）上安装了一个Samba 4 AD域控制器。 一切工作正常，除了winbind给出错误的用户/组信息。

我有一个示例用户“testuser”和一个安全组“人”。 他们的UNIX属性设置如下：

然而winbind表明了这一点：

• Exchenge 2010服务器在域中找不到GC服务器
• PDCe将不接受外部时间源
• 是否可以更改NetBIOS大写和小写字母？
• 计算机失去信任关系 – 从域控制器中消失
• 用户从DClocking，由pipe理员自动解锁

root@agnus:~# wbinfo -i testuser testuser:*:10010:100:Test User:/home/HOME/testuser:/bin/false 

UID匹配，但一切都是错误的。

我的smb.conf包含这个：

 # Global parameters [global] workgroup = HOME realm = HOME.LOCAL netbios name = AGNUS server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes idmap config *:backend = tdb idmap config *:range = 2000-9999 idmap config HOME:backend = ad idmap config HOME:schema_mode = rfc2307 idmap config HOME:range = 10000-99999 winbind nss info = rfc2307 winbind enum users = yes winbind enum groups = yes winbind normalize names = yes winbind use default domain = yes winbind refresh tickets = yes [netlogon] path = /var/lib/samba/sysvol/home.local/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No 

我的设置有什么问题？

  template homedir (G) When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this parameter to fill in the home directory for that user. If the string %D is present it is substituted with the user's Windows NT domain name. If the string %U is present it is substituted with the user's Windows NT user name. Default: template homedir = /home/%D/%U template shell (G) When filling out the user information for a Windows NT user, the winbindd(8) daemon uses this parameter to fill in the login shell for that user. Default: template shell = /bin/false