[Samba] ADS domain member: winbind fails

Stefan G. Weichinger lists at xunil.at
Fri Dec 30 12:45:09 UTC 2016


Am 2016-12-30 um 13:09 schrieb Rowland Penny via samba:
> On Fri, 30 Dec 2016 12:37:33 +0100
> "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
>> Am 2016-12-30 um 12:10 schrieb Rowland Penny via samba:
>>
>>> Was Samba running before the join ?
>>
>> I can't tell that anymore as I did hundreds of things inbetween.
>>
>>> Remove this line from your smb.conf:
>>>
>>> idmap config ARBEITSGRUPPE:schema_mode = rfc2307
>>>
>>> It is not required as you are using the winbind 'rid' backend.
>>
>> "rid" was just a try as "ad" didn't work and I had no more ideas ...
>> I 'd maybe prefer "ad" ?
>>
>>> Try stopping all Samba processes, then leave the domain and join
>>> again. Now start smbd, nmbd and winbind.
>>
>> Did so.
>>
>> leave and join: at first try, nice.
>>
>> winbindd crashes immediately again.
>>
>>> If this doesn't fix it, can you tell us what OS you are using, What
>>> is the AD DC and post your /etc/hosts, /etc/krb5.conf
>>> and /etc/resolv.conf
>>
>> The DC "backup" is latest debian. Converted from NT4 today (you
>> remember the lengthy thread!) ...
>>
>> The member server "main" is gentoo linux.
>>
>> Both run samba-4.2.14.
>>
>> We can access shares on "main" ! even without winbindd running ...
>>
>> -
>>
>> # MEMBER SERVER (-> file services)
>> # cat /etc/hosts
>>
>> # IPv4 and IPv6 localhost aliases
>> 127.0.0.1	localhost
>> ::1		localhost
>>
>> 10.0.0.221 main.secret.tld main
>> 10.0.0.224 backup.secret.tld backup
>>
>> # cat /etc/krb5.conf
>> [libdefaults]
>> 	default_realm = ARBEITSGRUPPE.SECRET.TLD
>> 	dns_lookup_realm = false
>> 	dns_lookup_kdc = true
>
>
> OK, if your domain members short host is 'main', this makes its domain
> name 'secret.tld', yet the realm is 'ARBEITSGRUPPE.SECRET.TLD'
>
> ignoring case, 'secret.tld' != 'ARBEITSGRUPPE.SECRET.TLD' and it should.

I am confused what to change now!?





More information about the samba mailing list