/usr/local/samba/sbin/winbindd broken?

Rowland Penny repenny at f2s.com
Wed Aug 29 10:31:05 MDT 2012 

On 29/08/12 17:07, Rowland Penny wrote:
> On 29/08/12 16:13, steve wrote:
>> On 29/08/12 16:51, Rowland Penny wrote:
>>
>>>
>>> This is what is in the smb.conf on both clients:
>>>
>>>          winbind enum users = yes
>>>          winbind enum groups = yes
>>>          winbind use default domain = yes
>>>          winbind expand groups = 4
>>>          winbind nss info = rfc2307
>>>          winbind refresh tickets = Yes
>>>          winbind offline logon = yes
>>>          winbind normalize names = Yes
>>>          idmap config HOME:schema_mode = rfc2307
>>>          idmap config HOME:range = 20000-3100000
>>>          idmap config HOME:backend = ad
>>>          idmap config *:range = 1100-2000
>>>          idmap config *:backend = tdb
>>
>> Hi Rowland.
>> It took me a long time to work this one out and without Géza I'd 
>> never have got it. Here's as plain an explanation as I can manage.
>>
>> This smb.conf will work only for the S3 client. None of this is valid 
>> nor understood by Samba4. All you need on the S4 client (under 
>> [global]) is:
>> idmap_ldb:use rfc2307 = Yes
>> Delete what you have and replace it simply with that one line.
>>
>> Let us know it it now maps OK. Oh, I think you have to restart Samba4 
>> for it to re-read the smb.conf.
>>
>> HTH
>> Steve
>>
>>
>
> Hi Steve, I will give it a try, but I thought this was just for the 
> samba4 builtin winbind, I am not using that, I am using the separate 
> /usr/local/samba/sbin/winbindd.
>
> Rowland
>
>
>

Hi Steve
Sorry, no go, with just that line in smb.conf:

testparm
Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
     idmap_ldb:use rfc2307 = Yes
     idmap config * : backend = tdb <- I did not add this

So, put the top of my old smb.conf back:

testparm
Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions

[global]
     workgroup = HOME
     realm = home.lan
     server string = Test Samba Server
     security = ADS
     dedicated keytab file = /etc/krb5.keytab
     kerberos method = secrets and keytab
     template shell = /bin/bash
     idmap_ldb:use rfc2307 = Yes
     idmap config * : backend = tdb

Try and join again:

testserver ~ # net ads join -U Administrator at HOME.LAN
Enter Administrator at HOME.LAN's password:

It just sits there doing nothing (and yes, I did enter the password), I 
cannot find anything in the logs on the client or the server.

So, I come back to my original statement, /usr/local/samba/sbin/winbindd 
is borked!

Rowland


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the samba-technical mailing list