[Samba] WinbinD no longer available in Samba 4.7.6

Rowland Penny rpenny at samba.org
Tue Dec 4 10:17:32 UTC 2018

On Tue, 04 Dec 2018 16:45:43 +0700
Konstantin Boyandin via samba <samba at lists.samba.org> wrote:

> Are there possibly missing some winbind settings (the smb.conf has
> been generated by domain upgrade process).

Sorry, but I do not believe that is true:

         winbind enum users = yes
         winbind enum groups = yes

The lines above should only be used for testing purposes, they serve no
other purpose.

         winbind nss info = rfc2307

The above line is only any use on a Unix domain member and then, only
before Samba 4.6.0

         dns proxy = no

Really, on a DC that relies on DNS ?

         tls enabled  = yes
         tls keyfile  = tls/key.pem
         tls certfile = tls/cert.pem
         tls cafile   = tls/ca.pem
         tls verify peer = no_check
         acl:search = no

They are default settings

         passdb backend = tdbsam

Big mistake, you have turned off the correct password database.

         obey pam restrictions = yes

Useless on a DC

         unix password sync = yes

Extremely useless on a DC, you cannot have Unix users in /etc/passwd
and AD

         passwd program = /usr/bin/passwd %u
         passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:
         pam password change = yes
         map to guest = bad user
         usershare allow guests = yes

Only of real use on a Unix domain member

         comment = Users profiles
         path = /srv/samba/profiles/
         browseable = No
         read only = No
         force create mode = 0600
         force directory mode = 0700
         csc policy = disable
         store dos attributes = yes
         vfs objects = acl_xattr

The above is a cut & paste from here:


The only problem is, it also tells you, just above that block on the
page, that it doesn't work on an AD DC.


More information about the samba mailing list