[Samba] ADS domain member: winbind fails
Rowland Penny
rpenny at samba.org
Fri Dec 30 12:09:41 UTC 2016
On Fri, 30 Dec 2016 12:37:33 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2016-12-30 um 12:10 schrieb Rowland Penny via samba:
>
> > Was Samba running before the join ?
>
> I can't tell that anymore as I did hundreds of things inbetween.
>
> > Remove this line from your smb.conf:
> >
> > idmap config ARBEITSGRUPPE:schema_mode = rfc2307
> >
> > It is not required as you are using the winbind 'rid' backend.
>
> "rid" was just a try as "ad" didn't work and I had no more ideas ...
> I 'd maybe prefer "ad" ?
>
> > Try stopping all Samba processes, then leave the domain and join
> > again. Now start smbd, nmbd and winbind.
>
> Did so.
>
> leave and join: at first try, nice.
>
> winbindd crashes immediately again.
>
> > If this doesn't fix it, can you tell us what OS you are using, What
> > is the AD DC and post your /etc/hosts, /etc/krb5.conf
> > and /etc/resolv.conf
>
> The DC "backup" is latest debian. Converted from NT4 today (you
> remember the lengthy thread!) ...
>
> The member server "main" is gentoo linux.
>
> Both run samba-4.2.14.
>
> We can access shares on "main" ! even without winbindd running ...
>
> -
>
> # MEMBER SERVER (-> file services)
> # cat /etc/hosts
>
> # IPv4 and IPv6 localhost aliases
> 127.0.0.1 localhost
> ::1 localhost
>
> 10.0.0.221 main.secret.tld main
> 10.0.0.224 backup.secret.tld backup
>
> # cat /etc/krb5.conf
> [libdefaults]
> default_realm = ARBEITSGRUPPE.SECRET.TLD
> dns_lookup_realm = false
> dns_lookup_kdc = true
OK, if your domain members short host is 'main', this makes its domain
name 'secret.tld', yet the realm is 'ARBEITSGRUPPE.SECRET.TLD'
ignoring case, 'secret.tld' != 'ARBEITSGRUPPE.SECRET.TLD' and it should.
Rowland
More information about the samba
mailing list