[Samba] Winbindd dies instantly

Rowland Penny rowlandpenny at googlemail.com
Fri Jan 30 06:46:29 MST 2015 

On 30/01/15 13:01, Jesper Koivumäki wrote:
> Hi,
>
> I'm trying to set up a Samba 4.1.16 file server for our (Samba 4) 
> domain. But for some reason I can't seem to be able to get it to work. 
> Even worse, I have run out of ideas on how to debug this. I've been 
> tampering with this for quite some time now, but I've come to realize 
> I can't figure this out on my own.
>
> Can someone give me some pointers on where to look in order to fix this?
>
>
> First off, smbd and nmbd seem to work just fine (as is to be 
> expected), but winbindd dies instantly.
>
> This is how I've gone about it:
>
>     $ sudo service samba start
>
> Everything starts. But windbindd stops.
>
>     $ sudo net join ads -U administrator
>     Joined domain DOMAIN.
>
>     $ sudo service samba restart
>
> Everything starts, but winbindd stops again.
>
> output from winbindd:
>
>    winbindd version 4.1.16 started.
>    Copyright Andrew Tridgell and the Samba Team 1992-2013
>    Maximum core file size limits now 16777216(soft) -1(hard)
>    Registered MSG_REQ_POOL_USAGE
>    Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
>    lp_load_ex: refreshing parameters
>    Initialising global parameters
>    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>    (16384)
>    params.c:pm_process() - Processing configuration file
>    "/opt/samba/local/etc/smb.conf"
>    Processing section "[Global]"
>    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
>    netmask=255.255.255.0
>    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
>    netmask=255.255.255.0
>    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
>    netmask=255.255.255.0
>    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
>    netmask=255.255.255.0
>    initialize_winbindd_cache: clearing cache and re-creating with
>    version number 2
>    Added domain BUILTIN (null) S-1-5-32
>    Added domain BLUNDER (null) S-1-5-21-2504862038-22785804-3050049357
>    Could not fetch our SID - did we join?
>    unable to initialize domain list
>
>
> smb.conf:
>
>    [Global]
>       netbios name = BLUNDER
>       workgroup = DOMAIN
>       realm = SMBDOMAIN.HOST.COM
>       server string = %h ArchLinux Host
>       security = ads
>       encrypt passwords = yes
>       password server = pdc.smbdomain.host.com
>
>       idmap config * : backend = rid
>       idmap config * : range = 10000-20000
>
>       winbind use default domain = Yes
>       winbind enum users = Yes
>       winbind enum groups = Yes
>       winbind nested groups = Yes
>       winbind separator = +
>       winbind refresh tickets = yes
>
>       template shell = /bin/false
>    #  template homedir = /home/%D/%U
>
>       preferred master = no
>       dns proxy = no
>       wins server = pdc.smbdomain.host.com
>       wins proxy = no
>
>       inherit acls = Yes
>       map acl inherit = Yes
>       acl group control = yes
>
>       load printers = no
>       debug level = 3
>       use sendfile = no
>
>
> Where do I go from here?
>

Well, you could start by adding either:

idmap config DOMAIN :backend = ad
idmap config DOMAIN :schema_mode = rfc2307
idmap config DOMAIN :range = 20001-29999

Or:

idmap config DOMAIN :backend = rid
idmap config DOMAIN :range = 20001-29999

to smb.conf, depending on which winbind backend you want use.

You can test if the join worked ok with 'sudo net ads testjoin'

What have you got in /etc/krb5.conf ?

Does /etc/resolv.conf point to the DC ?

Rowland

More information about the samba mailing list