[Samba] ADS domain member: winbind fails
L.P.H. van Belle
belle at bazuin.nl
Fri Dec 30 12:20:09 UTC 2016
And in addition to Rowlands comments..
Correct you hosts file to
/etc/hosts
127.0.0.1 localhost
# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
# This server name and ip.
10.0.0.221 main.arbeitsgruppe.secret.tld main
10.0.0.224 backup.arbeitsgruppe.secret.tld backup
Second. Post you resolv.conf that was asked already.
That should contain something like:
search arbeitsgruppe.secret.tld
Server IP_of_DC
Remove
map to guest = Bad User
from you smb.conf the default is ok.
Try that and see what happens.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Stefan G.
> Weichinger via samba
> Verzonden: vrijdag 30 december 2016 12:38
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] ADS domain member: winbind fails
>
> Am 2016-12-30 um 12:10 schrieb Rowland Penny via samba:
>
> > Was Samba running before the join ?
>
> I can't tell that anymore as I did hundreds of things inbetween.
>
> > Remove this line from your smb.conf:
> >
> > idmap config ARBEITSGRUPPE:schema_mode = rfc2307
> >
> > It is not required as you are using the winbind 'rid' backend.
>
> "rid" was just a try as "ad" didn't work and I had no more ideas ...
> I 'd maybe prefer "ad" ?
>
> > Try stopping all Samba processes, then leave the domain and join again.
> > Now start smbd, nmbd and winbind.
>
> Did so.
>
> leave and join: at first try, nice.
>
> winbindd crashes immediately again.
>
> > If this doesn't fix it, can you tell us what OS you are using, What is
> > the AD DC and post your /etc/hosts, /etc/krb5.conf and /etc/resolv.conf
>
> The DC "backup" is latest debian. Converted from NT4 today (you remember
> the lengthy thread!) ...
>
> The member server "main" is gentoo linux.
>
> Both run samba-4.2.14.
>
> We can access shares on "main" ! even without winbindd running ...
>
> -
>
> # MEMBER SERVER (-> file services)
> # cat /etc/hosts
>
> # IPv4 and IPv6 localhost aliases
> 127.0.0.1 localhost
> ::1 localhost
>
> 10.0.0.221 main.secret.tld main
> 10.0.0.224 backup.secret.tld backup
>
> # cat /etc/krb5.conf
> [libdefaults]
> default_realm = ARBEITSGRUPPE.SECRET.TLD
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> # cat /etc/samba/smb.conf
> [global]
> security = ADS
> workgroup = ARBEITSGRUPPE
> realm = ARBEITSGRUPPE.SECRET.TLD
> map to guest = Bad User
> log file = /var/log/samba/%m.log
> log level = 3
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> ## idmap config for the ARBEITSGRUPPE domain
> idmap config ARBEITSGRUPPE:backend = rid
> idmap config ARBEITSGRUPPE:range = 10000-999999
>
> username map = /etc/samba/user.map
>
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
>
> - and we had an issue joining a win7 client, I provide details on this
> later ...
>
> Thank you!
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list