Samba4 nmbd/smbd/winbindd

Andrew Bartlett abartlet at samba.org
Sun Aug 26 05:48:36 MDT 2012 

On Sun, 2012-08-26 at 09:47 +0100, Rowland Penny wrote:
> Hello all,
> 
> On 18/08/12, Andrew Bartlett wrote this:
> 
> [quote]
> These different components perform different roles in the Samba system.
> The AD DC has only one daemon binary you need to interact with, 'samba'.
> Users wishing to have a file server or a domain member server need to
> use 'nmbd, smbd and winbindd' as they have done with Samba 3.x
> [unquote]
> 
> To which I asked this question:
> 
> Does this mean that you can use nmbd,smbd and winbindd on the samba4
> server or not?
> 
> He replied:
> 
> [quote]
> You can, but it will not be an AD domain controller.  Remember that
> Samba 4.0 is also the next release after Samba 3.6, and so it does
> everything that release does as well.
> [unquote]
> 
> Well based on this, I tried it and can now inform that it does not work!
> 
> I downloaded and compiled Version 4.0.0beta7-GIT-b05d28e, did not provision.
> Created /usr/local/samba/etc/smb.conf with contents that I know work on a
> samba 3.6.3 client.
> 
> I then ran 'net ads join -U Administrator at HOME.LAN' and got this:
> 
> 'ADS support not compiled in'

Recompile on a system with the ldap development headers.  

> so tried:
> samba-tool domain join HOME MEMBER -U Administrator at HOME.LAN
> 
> After entering the password I got this:
> 
> Joined domain HOME (S-1-5-21-1601855890-33271501-835292257)
> 
> It seemed to join, so started the daemons:
> 
> /usr/local/samba/sbin/nmbd -D
> /usr/local/samba/sbin/smbd -D
> /usr/local/samba/sbin/winbindd -D
> 
> But winbindd did not start, so tried /usr/local/samba/sbin/winbindd -i
> 
> winbindd version 4.0.0beta7-GIT-b05d28e started.
> Copyright Andrew Tridgell and the Samba Team 1992-2012
> Could not fetch our SID - did we join?
> unable to initialize domain list
> 
> I dumped the samba4 database to an ldif and checked for the computer, it 
> is there.
> 
> So, whilst you can set Samba4 as you would Samba 3.6, it will not work.

The issue here is that samba-tool isn't a tool you can find in Samba
3.6, and it operates on a different database.  

However, what you raise here is a very important point.  It remains on
my todo list to have ./configure fail if you are missing key development
libraries, such as ldap-devel.  Similarly, it is reasonable to expect
that 'samba-tool domain join' would do the same as 'net ads join'.  The
issue here is that while it is joined, the information is written in
secrets.tdb, while 'winbindd' only looks at 'secrets.tdb'.  We can and
should fix that as well.

If you file a bug on both of those, I'll try and get it fixed this
week. 

Andrew Bartlett
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list