Samba4 nmbd/smbd/winbindd

Sun Aug 26 08:43:16 MDT 2012

On 26/08/12 13:38, Rowland Penny wrote:
> On 26/08/12 12:48, Andrew Bartlett wrote:
>> On Sun, 2012-08-26 at 09:47 +0100, Rowland Penny wrote:
>>> Hello all,
>>>
>>> On 18/08/12, Andrew Bartlett wrote this:
>>>
>>> [quote]
>>> These different components perform different roles in the Samba system.
>>> The AD DC has only one daemon binary you need to interact with, 
>>> 'samba'.
>>> Users wishing to have a file server or a domain member server need to
>>> use 'nmbd, smbd and winbindd' as they have done with Samba 3.x
>>> [unquote]
>>>
>>> To which I asked this question:
>>>
>>> Does this mean that you can use nmbd,smbd and winbindd on the samba4
>>> server or not?
>>>
>>> He replied:
>>>
>>> [quote]
>>> You can, but it will not be an AD domain controller.  Remember that
>>> Samba 4.0 is also the next release after Samba 3.6, and so it does
>>> everything that release does as well.
>>> [unquote]
>>>
>>> Well based on this, I tried it and can now inform that it does not 
>>> work!
>>>
>>> I downloaded and compiled Version 4.0.0beta7-GIT-b05d28e, did not 
>>> provision.
>>> Created /usr/local/samba/etc/smb.conf with contents that I know work 
>>> on a
>>> samba 3.6.3 client.
>>>
>>> I then ran 'net ads join -U Administrator at HOME.LAN' and got this:
>>>
>>> 'ADS support not compiled in'
>> Recompile on a system with the ldap development headers.
>
> OK, will do.
>>
>>> so tried:
>>> samba-tool domain join HOME MEMBER -U Administrator at HOME.LAN
>>>
>>> After entering the password I got this:
>>>
>>> Joined domain HOME (S-1-5-21-1601855890-33271501-835292257)
>>>
>>> It seemed to join, so started the daemons:
>>>
>>> /usr/local/samba/sbin/nmbd -D
>>> /usr/local/samba/sbin/smbd -D
>>> /usr/local/samba/sbin/winbindd -D
>>>
>>> But winbindd did not start, so tried /usr/local/samba/sbin/winbindd -i
>>>
>>> winbindd version 4.0.0beta7-GIT-b05d28e started.
>>> Copyright Andrew Tridgell and the Samba Team 1992-2012
>>> Could not fetch our SID - did we join?
>>> unable to initialize domain list
>>>
>>> I dumped the samba4 database to an ldif and checked for the 
>>> computer, it
>>> is there.
>>>
>>> So, whilst you can set Samba4 as you would Samba 3.6, it will not work.
>> The issue here is that samba-tool isn't a tool you can find in Samba
>> 3.6, and it operates on a different database.
>>
>> However, what you raise here is a very important point.  It remains on
>> my todo list to have ./configure fail if you are missing key development
>> libraries, such as ldap-devel.  Similarly, it is reasonable to expect
>> that 'samba-tool domain join' would do the same as 'net ads join'.  The
>> issue here is that while it is joined, the information is written in
>> secrets.tdb, while 'winbindd' only looks at 'secrets.tdb'.  We can and
>> should fix that as well.
>>
>> If you file a bug on both of those, I'll try and get it fixed this
>> week.
>
> As I have never filed a bug report before, could you tell me how?
>
>> Andrew Bartlett
>
> Thanks
>
> Rowland
>
>
>

I have installed openldap-devel and recompiled and 'net ads join' now 
works. wbinfo -u & wbinfo -g both work, but I do not seem to have a 
samba4 getent. I have:

/home/samba-master/lib/util/util_getent.c
/home/samba-master/testsuite/nsswitch/getent.c
/home/samba-master/testsuite/nsswitch/getent.exp
/home/samba-master/testsuite/nsswitch/getent_grent.c
/home/samba-master/testsuite/nsswitch/getent_pwent.c
/home/samba-master/testsuite/nsswitch/getent_r.sh

I have filed a bug for the first issue (will configure without 
ldap-devel) but I do not understand the second bug

[quote]
The issue here is that while it is joined, the information is written in
secrets.tdb, while 'winbindd' only looks at 'secrets.tdb'.
[unquote]

If this can be explained to me, I am more than willing to file the bug.

Rowland

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.