[Samba] WinbinD no longer available in Samba 4.7.6

Konstantin Boyandin lists at boyandin.info
Tue Dec 4 09:45:43 UTC 2018 

L.P.H. van Belle via samba писал 2018-12-04 15:59:
> Hai,
> 
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
>> Konstantin Boyandin via samba
>> Verzonden: dinsdag 4 december 2018 6:35
>> Aan: samba at lists.samba.org
>> Onderwerp: [Samba] WinbinD no longer available in Samba 4.7.6
>> 
>> Hello,
>> 
>> Using Samba 4.7.6 (from standard repository) on Ubuntu 18.04.
>> 
>> After recent update, winbind failed to update, until I
>> disabled it (it
>> didn't start anyway). When run as
>> 
>> # winbindd -d 9 -i
>> 
>> it prints in the end:
>> 
>> server role = 'active directory domain controller' not
>> compatible with
>> running the winbindd binary.
>> You should start 'samba' instead, and it will control starting the
>> internal AD DC winbindd implementation, which is not the same as this
>> one
>> 
>> smbd currently is listening on 139 and 445 ports - thus, I assume, it
>> serves winbind itself. However, it isn't available any more
>> for PAM. How
>> shall I use Samba internal winbind implementation? When I initially
>> installed and set up ADs, wbinfo worked fine. Currently, it says:
>> 
>> # wbinfo -P
>> could not obtain winbind interface details:
>> WBC_ERR_WINBIND_NOT_AVAILABLE
>> could not obtain winbind domain name!
>> checking the NETLOGON for domain[] dc connection to "" failed
>> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
>> 
>> How do I make winbind available (that means available for
>> PAM,a s well)?
> I suggest reading :
> https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
> Short version:  samba-ad-dc is starting winbind, so dont start it 
> manualy.
> For pam support install : libnss-winbind libpam-winbind
> Configure nss_switch.conf and run pam-auth-update
> 
> And set these to to no, when your done testing.
>>          winbind enum users = yes
>>          winbind enum groups = yes
> See your users: id username or getent passwd username.

None are returned, with 'yes' or 'no' settings. And

As far as I see, the recommendations from the above document are met.

But winbindd refuses to start (I cited its message), and no other 
'winbind' process is running, either.

How do I make samba 4.7-provided winbind run?

Are there possibly missing some winbind settings (the smb.conf has been 
generated by domain upgrade process).

Sincerely,
Konstantin

> 
>> 
>> Note: libpam_winbind is installed.
>> 
>> Current smb.conf:
>> 
>> [global]
>>          bind interfaces only = Yes
>>          interfaces = lo ens3
>>          netbios name = DC
>>          realm = EXAMPLE.COM
>>          server role = active directory domain controller
>>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
>> drepl, winbindd, ntp_signd, kcc, dnsupdate
>>          idmap_ldb:use rfc2307 = yes
>>          winbind enum users = yes
>>          winbind enum groups = yes
>>          winbind nss info = rfc2307
>>          template shell    = /bin/bash
>>          template homedir  = /home/%u
>>          workgroup = EXAMPLE
>>          server string = EXAMPLE.COM domain controller
>>          dns proxy = no
>>          log file = /var/log/samba/log.%m
>>          max log size = 1000
>>          log level = 0
>>          tls enabled  = yes
>>          tls keyfile  = tls/key.pem
>>          tls certfile = tls/cert.pem
>>          tls cafile   = tls/ca.pem
>>          tls verify peer = no_check
>>          acl:search = no
>>          panic action = /usr/share/samba/panic-action %d
>>          passdb backend = tdbsam
>>          obey pam restrictions = yes
>>          unix password sync = yes
>>          passwd program = /usr/bin/passwd %u
>>          passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:
>>          pam password change = yes
>>          map to guest = bad user
>>          usershare allow guests = yes
>> 
>> [netlogon]
>>          comment = Network Logon Service
>>          path = /var/lib/samba/sysvol/example.com/scripts
>>          read only = No
>> 
>> [sysvol]
>>          path = /var/lib/samba/sysvol
>>          read only = No
>> 
>> [profiles]
>>          comment = Users profiles
>>          path = /srv/samba/profiles/
>>          browseable = No
>>          read only = No
>>          force create mode = 0600
>>          force directory mode = 0700
>>          csc policy = disable
>>          store dos attributes = yes
>>          vfs objects = acl_xattr
>> 
>> --
>> Sincerely,
>> 
>> Konstantin

More information about the samba mailing list