[Samba] L2tp and winbind - server role active directory domain controller
Gilberto Nunes
gilberto.nunes32 at gmail.com
Tue Aug 30 14:06:55 UTC 2016
Hi
Thanks for your answer...
Unfortunatelly, I can't upgrade because it's a appliance - Zentyal Server
4.0.
I will try another thing.
Thank you any way...
2016-08-30 10:47 GMT-03:00 Rowland Penny via samba <samba at lists.samba.org>:
> On Tue, 30 Aug 2016 10:05:28 -0300
> Gilberto Nunes via samba <samba at lists.samba.org> wrote:
>
> > Hello list...
> >
> > I have samba 4.1.17 installed and in the same server, I have l2tp.
> > Samba it configurated as active directory domain controller.
> >
> > I am trying authetication against samba with winbind.
> > I want to know how to restrict authentication for certain group.
> > I put this line in the end of l2tp conf file:
> >
> > ntlm_auth-helper '/usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
> > --require-membership-of="domain\\VPN"'
> >
> > But I get this in the log.windbindd:
> >
> > server role = 'active directory domain controller' not compatible
> > with running the winbindd binary.
> > You should start 'samba' instead, and it will control starting the
> > internal AD DC winbindd implementation, which is not the same as this
> > one
> >
> > And seem to me group restriction do not work!
> > Instead, any usser can connect via l2tp vpn.
> >
> > Somebody can help??
> >
> > Thanks a lot
> >
> > Gilberto Ferreira
>
> You really need to upgrade samba, 4.1.x is EOL, 4.5.0 will be released
> shortly and then 4.2.x will go EOL.
> Before 4.2.0, winbindd wasn't used, the 'winbind' part of the 'samba'
> binary was used. When 4.2.0 was released the code was changed to use
> the separate 'winbindd' binary instead and the 'samba' binary will
> start it for you, just like it starts 'smbd'.
>
> As you have found out, you cannot start the separate 'winbindd' binary
> yourself.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Gilberto Ferreira
+55 (47) 9676-7530
Skype: gilberto.nunes36
More information about the samba
mailing list