[Samba] ADS domain member: winbind fails

Stefan G. Weichinger lists at xunil.at
Fri Dec 30 13:26:01 UTC 2016


Am 2016-12-30 um 14:07 schrieb Rowland Penny via samba:
> Is this the smb.conf you got when you ran the classicupgrade ?
> I don't think it is, can I suggest you remove any and all lines you
> have added and restart samba

that was the output of testparm

smb.conf on DC:


[global]
	workgroup = ARBEITSGRUPPE
	realm = arbeitsgruppe.secret.tld
	netbios name = BACKUP
	server role = active directory domain controller
	idmap_ldb:use rfc2307 = yes
     dns forwarder = 10.0.0.254

[netlogon]
	path = /var/lib/samba/sysvol/arbeitsgruppe.secret.tld/scripts
	read only = No

[sysvol]
	path = /var/lib/samba/sysvol
	read only = No

--

root at backup:/etc/samba# cat /etc/resolv.conf
search arbeitsgruppe.secret.tld
nameserver 10.0.0.224

root at backup:/etc/samba# cat /etc/krb5.conf
[libdefaults]
	default_realm = ARBEITSGRUPPE.SECRET.TLD
	dns_lookup_realm = false
	dns_lookup_kdc = true

--

editing the resolv.conf(s) helped in stabilizing RSAT editing

winbindd on member still fails, I left and rejoined ...

--

although I see users and GPOs on the member, etc (via net ads)

# net ads info
LDAP server: 10.0.0.224
LDAP server name: backup.arbeitsgruppe.secret.tld
Realm: ARBEITSGRUPPE.SECRET.TLD
Bind Path: dc=ARBEITSGRUPPE,dc=SECRET,dc=TLD
LDAP port: 389
Server time: Fr, 30 Dez 2016 14:24:25 CET
KDC server: 10.0.0.224
Server time offset: 0





More information about the samba mailing list