[Samba] WinbinD no longer available in Samba 4.7.6
Konstantin Boyandin
lists at boyandin.info
Tue Dec 4 05:34:36 UTC 2018
Hello,
Using Samba 4.7.6 (from standard repository) on Ubuntu 18.04.
After recent update, winbind failed to update, until I disabled it (it
didn't start anyway). When run as
# winbindd -d 9 -i
it prints in the end:
server role = 'active directory domain controller' not compatible with
running the winbindd binary.
You should start 'samba' instead, and it will control starting the
internal AD DC winbindd implementation, which is not the same as this
one
smbd currently is listening on 139 and 445 ports - thus, I assume, it
serves winbind itself. However, it isn't available any more for PAM. How
shall I use Samba internal winbind implementation? When I initially
installed and set up ADs, wbinfo worked fine. Currently, it says:
# wbinfo -P
could not obtain winbind interface details:
WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the NETLOGON for domain[] dc connection to "" failed
failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
How do I make winbind available (that means available for PAM,a s well)?
Note: libpam_winbind is installed.
Current smb.conf:
[global]
bind interfaces only = Yes
interfaces = lo ens3
netbios name = DC
realm = EXAMPLE.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
winbind nss info = rfc2307
template shell = /bin/bash
template homedir = /home/%u
workgroup = EXAMPLE
server string = EXAMPLE.COM domain controller
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 1000
log level = 0
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
tls verify peer = no_check
acl:search = no
panic action = /usr/share/samba/panic-action %d
passdb backend = tdbsam
obey pam restrictions = yes
unix password sync = yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:
pam password change = yes
map to guest = bad user
usershare allow guests = yes
[netlogon]
comment = Network Logon Service
path = /var/lib/samba/sysvol/example.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[profiles]
comment = Users profiles
path = /srv/samba/profiles/
browseable = No
read only = No
force create mode = 0600
force directory mode = 0700
csc policy = disable
store dos attributes = yes
vfs objects = acl_xattr
--
Sincerely,
Konstantin
More information about the samba
mailing list