[Samba] WinbinD no longer available in Samba 4.7.6

Konstantin Boyandin lists at boyandin.info
Tue Dec 4 05:34:36 UTC 2018


Hello,

Using Samba 4.7.6 (from standard repository) on Ubuntu 18.04.

After recent update, winbind failed to update, until I disabled it (it 
didn't start anyway). When run as

# winbindd -d 9 -i

it prints in the end:

server role = 'active directory domain controller' not compatible with 
running the winbindd binary.
You should start 'samba' instead, and it will control starting the 
internal AD DC winbindd implementation, which is not the same as this 
one

smbd currently is listening on 139 and 445 ports - thus, I assume, it 
serves winbind itself. However, it isn't available any more for PAM. How 
shall I use Samba internal winbind implementation? When I initially 
installed and set up ADs, wbinfo worked fine. Currently, it says:

# wbinfo -P
could not obtain winbind interface details: 
WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the NETLOGON for domain[] dc connection to "" failed
failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE

How do I make winbind available (that means available for PAM,a s well)?

Note: libpam_winbind is installed.

Current smb.conf:

[global]
         bind interfaces only = Yes
         interfaces = lo ens3
         netbios name = DC
         realm = EXAMPLE.COM
         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate
         idmap_ldb:use rfc2307 = yes
         winbind enum users = yes
         winbind enum groups = yes
         winbind nss info = rfc2307
         template shell    = /bin/bash
         template homedir  = /home/%u
         workgroup = EXAMPLE
         server string = EXAMPLE.COM domain controller
         dns proxy = no
         log file = /var/log/samba/log.%m
         max log size = 1000
         log level = 0
         tls enabled  = yes
         tls keyfile  = tls/key.pem
         tls certfile = tls/cert.pem
         tls cafile   = tls/ca.pem
         tls verify peer = no_check
         acl:search = no
         panic action = /usr/share/samba/panic-action %d
         passdb backend = tdbsam
         obey pam restrictions = yes
         unix password sync = yes
         passwd program = /usr/bin/passwd %u
         passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:
         pam password change = yes
         map to guest = bad user
         usershare allow guests = yes

[netlogon]
         comment = Network Logon Service
         path = /var/lib/samba/sysvol/example.com/scripts
         read only = No

[sysvol]
         path = /var/lib/samba/sysvol
         read only = No

[profiles]
         comment = Users profiles
         path = /srv/samba/profiles/
         browseable = No
         read only = No
         force create mode = 0600
         force directory mode = 0700
         csc policy = disable
         store dos attributes = yes
         vfs objects = acl_xattr

--
Sincerely,

Konstantin



More information about the samba mailing list