Samba package 4.9.x samba smbd not playing with winbind.
andreas at canonical.com
Sun Dec 2 14:55:48 UTC 2018
On Sun, Dec 2, 2018, 11:38 Rowland Penny <rpenny at samba.org wrote:
> On Sun, 2 Dec 2018 10:41:14 -0200
> Andreas Hasenack <andreas at canonical.com> wrote:
> > > I have no winbindd at all on the system:
> > >
> > > [root at fserver ~]# rpm -qa|grep winbind
> > > <empty output>
> > Thanks for replying.
> > I think there has been a misunderstanding in this whole thread. Let me
> > restate the issue.
> > In 4.9.x (at least .2 and .3), when winbind is running, smbd will fail
> > to start in standalone mode ("security = user").
> > I think when people read that, and saw "winbind is running", they
> > assumed domain security. This is not the case. It just so happens that
> > winbind was installed and running.
> > And it fails in fedora29 too, I just tried:
> > andreas at nsnx:~$ lxc launch images:fedora/29 fedora29
> > Creating fedora29
> > Starting fedora29
> > andreas at nsnx:~$ lxc exec fedora29 bash
> > [root at fedora29 ~]# dnf update -y && dnf install -y samba-winbind
> > samba-client samba
> > ...
> > [root at fedora29 ~]# service winbind start
> > Redirecting to /bin/systemctl start winbind.service
> > [root at fedora29 ~]# systemctl start smb
> > Job for smb.service failed because the control process exited with
> > error code. See "systemctl status smb.service" and "journalctl -xe"
> > for details. [root at fedora29 ~]# journalctl -u smb
> > -- Logs begin at Sun 2018-12-02 12:30:19 UTC, end at Sun 2018-12-02
> > 12:33:06 UTC. --
> > Dec 02 12:33:06 fedora29 systemd: smb.service: Failed to reset
> > devices.list: Operation not permitted
> > Dec 02 12:33:06 fedora29 systemd: Starting Samba SMB Daemon...
> > Dec 02 12:33:06 fedora29 smbd: [2018/12/02 12:33:06.278094, 0]
> > ../source3/auth/auth_util.c:1382(make_new_session_info_guest)
> > Dec 02 12:33:06 fedora29 smbd: create_local_token failed:
> > NT_STATUS_ACCESS_DENIED
> > Dec 02 12:33:06 fedora29 smbd: [2018/12/02 12:33:06.278480, 0]
> > ../source3/smbd/server.c:2000(main)
> > Dec 02 12:33:06 fedora29 smbd: ERROR: failed to setup guest
> > info. Dec 02 12:33:06 fedora29 systemd: smb.service: Main process
> > exited, code=exited, status=255/n/a
> > Dec 02 12:33:06 fedora29 systemd: smb.service: Killing process 249
> > (smbd-notifyd) with signal SIGKILL.
> > Dec 02 12:33:06 fedora29 systemd: smb.service: Killing process 250
> > (cleanupd) with signal SIGKILL.
> > Dec 02 12:33:06 fedora29 systemd: smb.service: Failed with result
> > 'exit-code'.
> > Dec 02 12:33:06 fedora29 systemd: Failed to start Samba SMB Daemon.
> > [root at fedora29 ~]# rpm -qa|grep samba
> > samba-client-libs-4.9.3-0.fc29.x86_64
> > samba-common-tools-4.9.3-0.fc29.x86_64
> > samba-winbind-4.9.3-0.fc29.x86_64
> > samba-common-libs-4.9.3-0.fc29.x86_64
> > samba-libs-4.9.3-0.fc29.x86_64
> > samba-winbind-modules-4.9.3-0.fc29.x86_64
> > samba-client-4.9.3-0.fc29.x86_64
> > samba-4.9.3-0.fc29.x86_64
> > samba-common-4.9.3-0.fc29.noarch
> > [root at fedora29 ~]# cat /etc/samba/smb.conf
> > # See smb.conf.example for a more detailed config file or
> > # read the smb.conf manpage.
> > # Run 'testparm' to verify the config is correct after
> > # you modified it.
> > [global]
> > workgroup = SAMBA
> > security = user
> > passdb backend = tdbsam
> > printing = cups
> > printcap name = cups
> > load printers = yes
> > cups options = raw
> Can you try adding:
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
> To your smb.conf
Then it should work, according to others in this thread, but I can't just
add that (a range) to a default shipped configuration. Changing ranges
after a deployment isn't trivial.
And how is it that smbd is solving this problem whithout the range config
when winbind isn't running? It starts just fine then.
More information about the samba-technical