[Samba] ADS domain member: winbind fails
Rowland Penny
rpenny at samba.org
Fri Dec 30 13:44:38 UTC 2016
On Fri, 30 Dec 2016 14:26:01 +0100
"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
> Am 2016-12-30 um 14:07 schrieb Rowland Penny via samba:
> > Is this the smb.conf you got when you ran the classicupgrade ?
> > I don't think it is, can I suggest you remove any and all lines you
> > have added and restart samba
>
> that was the output of testparm
Ah, can I introduce you to 'samba-tool testparm'
>
> smb.conf on DC:
>
>
> [global]
> workgroup = ARBEITSGRUPPE
> realm = arbeitsgruppe.secret.tld
> netbios name = BACKUP
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> dns forwarder = 10.0.0.254
>
> [netlogon]
> path = /var/lib/samba/sysvol/arbeitsgruppe.secret.tld/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> --
>
> root at backup:/etc/samba# cat /etc/resolv.conf
> search arbeitsgruppe.secret.tld
> nameserver 10.0.0.224
>
> root at backup:/etc/samba# cat /etc/krb5.conf
> [libdefaults]
> default_realm = ARBEITSGRUPPE.SECRET.TLD
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> --
>
> editing the resolv.conf(s) helped in stabilizing RSAT editing
>
> winbindd on member still fails, I left and rejoined ...
>
> --
>
> although I see users and GPOs on the member, etc (via net ads)
>
> # net ads info
> LDAP server: 10.0.0.224
> LDAP server name: backup.arbeitsgruppe.secret.tld
> Realm: ARBEITSGRUPPE.SECRET.TLD
> Bind Path: dc=ARBEITSGRUPPE,dc=SECRET,dc=TLD
> LDAP port: 389
> Server time: Fr, 30 Dez 2016 14:24:25 CET
> KDC server: 10.0.0.224
> Server time offset: 0
>
>
>
What this shows is that your dns domain is 'arbeitsgruppe.secret.tld'
and your domain member should also be using this dns domain. Your
earlier posts seem to suggest you are using 'secret.tld' on the domain
member, this must be changed.
Rowland
More information about the samba
mailing list