[Samba] WinbinD no longer available in Samba 4.7.6
L.P.H. van Belle
belle at bazuin.nl
Tue Dec 4 08:59:14 UTC 2018
Hai,
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Konstantin Boyandin via samba
> Verzonden: dinsdag 4 december 2018 6:35
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] WinbinD no longer available in Samba 4.7.6
>
> Hello,
>
> Using Samba 4.7.6 (from standard repository) on Ubuntu 18.04.
>
> After recent update, winbind failed to update, until I
> disabled it (it
> didn't start anyway). When run as
>
> # winbindd -d 9 -i
>
> it prints in the end:
>
> server role = 'active directory domain controller' not
> compatible with
> running the winbindd binary.
> You should start 'samba' instead, and it will control starting the
> internal AD DC winbindd implementation, which is not the same as this
> one
>
> smbd currently is listening on 139 and 445 ports - thus, I assume, it
> serves winbind itself. However, it isn't available any more
> for PAM. How
> shall I use Samba internal winbind implementation? When I initially
> installed and set up ADs, wbinfo worked fine. Currently, it says:
>
> # wbinfo -P
> could not obtain winbind interface details:
> WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>
> How do I make winbind available (that means available for
> PAM,a s well)?
I suggest reading :
https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
Short version: samba-ad-dc is starting winbind, so dont start it manualy.
For pam support install : libnss-winbind libpam-winbind
Configure nss_switch.conf and run pam-auth-update
And set these to to no, when your done testing.
> winbind enum users = yes
> winbind enum groups = yes
See your users: id username or getent passwd username.
>
> Note: libpam_winbind is installed.
>
> Current smb.conf:
>
> [global]
> bind interfaces only = Yes
> interfaces = lo ens3
> netbios name = DC
> realm = EXAMPLE.COM
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbindd, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind nss info = rfc2307
> template shell = /bin/bash
> template homedir = /home/%u
> workgroup = EXAMPLE
> server string = EXAMPLE.COM domain controller
> dns proxy = no
> log file = /var/log/samba/log.%m
> max log size = 1000
> log level = 0
> tls enabled = yes
> tls keyfile = tls/key.pem
> tls certfile = tls/cert.pem
> tls cafile = tls/ca.pem
> tls verify peer = no_check
> acl:search = no
> panic action = /usr/share/samba/panic-action %d
> passdb backend = tdbsam
> obey pam restrictions = yes
> unix password sync = yes
> passwd program = /usr/bin/passwd %u
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:
> pam password change = yes
> map to guest = bad user
> usershare allow guests = yes
>
> [netlogon]
> comment = Network Logon Service
> path = /var/lib/samba/sysvol/example.com/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> [profiles]
> comment = Users profiles
> path = /srv/samba/profiles/
> browseable = No
> read only = No
> force create mode = 0600
> force directory mode = 0700
> csc policy = disable
> store dos attributes = yes
> vfs objects = acl_xattr
>
> --
> Sincerely,
>
> Konstantin
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Greetz,
Louis
More information about the samba
mailing list