[Samba] ADS domain member: winbind fails

Stefan G. Weichinger lists at xunil.at
Fri Dec 30 13:52:27 UTC 2016 

We will try after the pizza! 

Am 30. Dezember 2016 14:44:38 MEZ schrieb Rowland Penny via samba <samba at lists.samba.org>:
>On Fri, 30 Dec 2016 14:26:01 +0100
>"Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:
>
>> Am 2016-12-30 um 14:07 schrieb Rowland Penny via samba:
>> > Is this the smb.conf you got when you ran the classicupgrade ?
>> > I don't think it is, can I suggest you remove any and all lines you
>> > have added and restart samba
>> 
>> that was the output of testparm
>
>Ah, can I introduce you to 'samba-tool testparm'
>
>> 
>> smb.conf on DC:
>> 
>> 
>> [global]
>> 	workgroup = ARBEITSGRUPPE
>> 	realm = arbeitsgruppe.secret.tld
>> 	netbios name = BACKUP
>> 	server role = active directory domain controller
>> 	idmap_ldb:use rfc2307 = yes
>>      dns forwarder = 10.0.0.254
>> 
>> [netlogon]
>> 	path = /var/lib/samba/sysvol/arbeitsgruppe.secret.tld/scripts
>> 	read only = No
>> 
>> [sysvol]
>> 	path = /var/lib/samba/sysvol
>> 	read only = No
>> 
>> --
>> 
>> root at backup:/etc/samba# cat /etc/resolv.conf
>> search arbeitsgruppe.secret.tld
>> nameserver 10.0.0.224
>> 
>> root at backup:/etc/samba# cat /etc/krb5.conf
>> [libdefaults]
>> 	default_realm = ARBEITSGRUPPE.SECRET.TLD
>> 	dns_lookup_realm = false
>> 	dns_lookup_kdc = true
>> 
>> --
>> 
>> editing the resolv.conf(s) helped in stabilizing RSAT editing
>> 
>> winbindd on member still fails, I left and rejoined ...
>> 
>> --
>> 
>> although I see users and GPOs on the member, etc (via net ads)
>> 
>> # net ads info
>> LDAP server: 10.0.0.224
>> LDAP server name: backup.arbeitsgruppe.secret.tld
>> Realm: ARBEITSGRUPPE.SECRET.TLD
>> Bind Path: dc=ARBEITSGRUPPE,dc=SECRET,dc=TLD
>> LDAP port: 389
>> Server time: Fr, 30 Dez 2016 14:24:25 CET
>> KDC server: 10.0.0.224
>> Server time offset: 0
>> 
>> 
>> 
>
>What this shows is that your dns domain is 'arbeitsgruppe.secret.tld'
>and your domain member should also be using this dns domain. Your
>earlier posts seem to suggest you are using 'secret.tld' on the domain
>member, this must be changed.
>
>Rowland
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba

-- 
Diese Nachricht wurde von meinem Android-Mobiltelefon mit K-9 Mail gesendet.

More information about the samba mailing list