[Samba] RFC2307 attributes not being read by DC2 in 4.2.1

Rowland Penny rowlandpenny at googlemail.com
Thu Apr 23 11:18:20 MDT 2015

On 23/04/15 17:46, Rowland Penny wrote:
> On 23/04/15 17:33, Miguel Medalha wrote:
>>> with a samba 4.2.1 AD DC you automatically use the separate 'winbindd'
>>> deamon and the 'winbind' deamon built into the samba daemon should be
>>> ignored. There is no way that I know to 'disable' the winbind built 
>>> into
>>> samba, but there is a way to turn it on and turn off 'winbindd', which
>>> is the way I suggested.
>> The Samba 4.2 release notes contains the following:
>> If required the old internal winbind can be activated by setting
>> 'server services = +winbind -winbindd'.  Upgrading users with a server
>> services parameter specified should ensure they change 'winbind' to
>> 'winbindd' to obtain the new functionality.
>> So what I was proposing was the equivalent (-winbind +winbindd) of the
>> inversion of this parameter and see what happens.
>> Since you are admitting this can be a bug in Samba, why not a bug in the
>> turning the winbind types on and off?
>> Maybe I am very wrong, but I only wanted to help with something that is
>> very easy to test.
> Hi Miguel,
> What I was proposing was something to try and find out if there is a 
> problem that can be cured by using the builtin 'winbind'. The OP is 
> using bind9 instead of the internal dns server, so his smb.conf has a 
> 'server services' line and changing 'winbindd' in that line to 
> 'winbind' is the same as what you have posted.
> Rowland

OK, it seems that this is a bug, the OP over on the samba-technical 
mailing list was having problems with groups having different ID numbers 
on different DCs, even though they had the same uidNumber in AD. 
swapping 'winbindd' to 'winbind' seems to have cured this.

He says that he will file a bug report.


More information about the samba mailing list