[Samba] ADS domain member: winbind fails
Rowland Penny
rpenny at samba.org
Fri Dec 30 11:10:51 UTC 2016
On Fri, 30 Dec 2016 11:42:00 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
> I am trying to set up winbind on a ADS domain member server.
>
> The join works OK, but winbind simply fails to start.
>
> see config and logs below, I am scratching my head.
>
> Why does it "contact" a domain called "MAIN" ? that is the hostname
> of that server, not the domain name!
>
> would be nice to get a quick reply, I am at the customer and this
> should work asap ....
>
>
> Thanks!
>
> ->
>
>
> [global]
> security = ADS
> workgroup = ARBEITSGRUPPE
> realm = ARBEITSGRUPPE.MY.TLD
> map to guest = Bad User
> log file = /var/log/samba/%m.log
> log level = 3
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> ## idmap config for the ARBEITSGRUPPE domain
> idmap config ARBEITSGRUPPE:backend = rid
> idmap config ARBEITSGRUPPE:schema_mode = rfc2307
> idmap config ARBEITSGRUPPE:range = 10000-999999
>
> username map = /etc/samba/user.map
>
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
>
>
>
>
Was Samba running before the join ?
Remove this line from your smb.conf:
idmap config ARBEITSGRUPPE:schema_mode = rfc2307
It is not required as you are using the winbind 'rid' backend.
Try stopping all Samba processes, then leave the domain and join again.
Now start smbd, nmbd and winbind.
If this doesn't fix it, can you tell us what OS you are using, What is
the AD DC and post your /etc/hosts, /etc/krb5.conf and /etc/resolv.conf
Rowland
More information about the samba
mailing list