Samba package 4.9.x samba smbd not playing with winbind.

Rowland Penny rpenny at samba.org
Mon Dec 3 16:25:10 UTC 2018 

On Mon, 3 Dec 2018 17:08:16 +0100
"L.P.H. van Belle via samba-technical"
<samba-technical at lists.samba.org> wrote:

> Hai Rowland, 
> 
> Thankfully i have you to correct me. 
> I was really thinking that my message was clear.. 
> Well, at least its now. :-) 
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba-technical 
> > [mailto:samba-technical-bounces at lists.samba.org] Namens 
> > Rowland Penny via samba-technical
> > Verzonden: maandag 3 december 2018 16:44
> > Aan: samba-technical at lists.samba.org
> > Onderwerp: Re: Samba package 4.9.x samba smbd not playing 
> > with winbind.
> > 
> > On Mon, 3 Dec 2018 16:24:38 +0100
> > "L.P.H. van Belle via samba-technical"
> > <samba-technical at lists.samba.org> wrote:
> > 
> > > 
> > > Yes,  thats what im saying..
> > 
> > No, you didn't ;-)
> > 
> > > 
> > > And thats because of :  
> > > cat /var/lib/dpkg/info/samba-common.postinst |tail -n15
> > > 
> > > # Test server role and change smb.conf to enable idmap * by
> > > default. SERVER_ROLE=`samba-tool testparm
> > > --parameter-name="server role"
> > > 2>/dev/null | tail -1` # Enable idmap config * by default. 
> > Only match
> > > 2>untouched configs.
> > > if [ "$SERVER_ROLE" = "standalone server" ] || [ "$SERVER_ROLE" =
> > > "auto" ]; then sed -i \
> > >         -e 's/;   idmap config \* :              backend = tdb/
> > > idmap config * :              backend = tdb/g' \ -e 's/;   idmap
> > > config \* :              range   = 3000-7999/    idmap config
> > > * :              range   = 3000-7999/g' \ "$CONFIG" fi
> > > 
> > > I only dont like these big sed lines, but thats for the next samba
> > > version. My main goal here was, have a working set, without
> > > comprimizing older settings. And it works as you see. 
> > 
> > Do I detect, that you have added those lines ?
> Yes, i've modified the install.. 
> 
> > 
> > If so, I think it sort of proves what I said, if winbind is started
> > with smbd, Samba is getting confused because it cannot map 'Guest'.
> > 
> > Rowland
> > 
> Yes! Exactly. 
> Samba (as standalone) and its detection of winbind (how i dont know),
> are the problem. 
> 
> Thank your for confirming it (again) ;-) 
> 

So, you install samba and winbind on debian, winbind gets started first
and then when smbd is started, it fails and logs an error that 'Guests'
cannot be mapped.

That is undoubtedly a bug, if Guest cannot be mapped, the server role
should be checked and, if it is 'standalone server', 'Guests' should be
mapped to the OS's guest group, not log an error and definitely not
refuse to start smbd.

Rowland

More information about the samba-technical mailing list