[Samba] L2tp and winbind - server role active directory domain controller

Gilberto Nunes gilberto.nunes32 at gmail.com
Tue Aug 30 13:05:28 UTC 2016

Hello list...

I have samba 4.1.17 installed and in the same server, I have l2tp.
Samba it configurated as active directory domain controller.

I am trying authetication against samba with winbind.
I want to know how to restrict authentication for certain group.
I put this line in the end of l2tp conf file:

ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1

But I get this in the log.windbindd:

 server role = 'active directory domain controller' not compatible with
running the winbindd binary.
  You should start 'samba' instead, and it will control starting the
internal AD DC winbindd implementation, which is not the same as this one

And seem to me group restriction do not work!
Instead, any usser can connect via l2tp vpn.

Somebody can help??

Thanks a lot

Gilberto Ferreira

More information about the samba mailing list