[Samba] Winbindd runs interactively, fails as a daemon
Nick Howitt
nick at howitts.co.uk
Wed Jan 30 13:58:49 UTC 2019
On 30/01/2019 13:38, Rowland Penny via samba wrote:
> On Wed, 30 Jan 2019 12:44:51 +0000
> Nick Howitt via samba <samba at lists.samba.org> wrote:
>
>> Hi,
>> I have server which is joined to an AD DC but I am having problems
>> starting or keeping winbind running. If I reboot the server, it fails
>> to start. If I then start it with "winbindd -i" it runs. I can then
>> terminate it and run it as a service and it works for a while. At
>> some indeterminate point in the future it may fail again.
>>
> What OS ?
> What is in your smb.conf ?
>
>
OS is ClearOS 7.5 (a Centos derivative which has not yet moved to 7.6)
smb.conf is:
[global]
unix password sync = No
# General
netbios name = MyServer
workgroup = DC
server string = MyServer
security = ads
realm = dc.njh.lan
password server = localdc.dc.njh.lan
ntlm auth = yes
# Logging
log level = 1
log file = /var/log/samba/%L-%m
max log size = 0
utmp = Yes
# Network
bind interfaces only = Yes
interfaces = lo eth0 eth1
nmbd bind explicit broadcast = yes
socket address = 192.168.20.1
# Printing
printcap name = /etc/printcap
load printers = Yes
# Security settings
guest account = guest
#restrict anonymous = 2
# WINS
wins support = No
wins server = localdc.dc.njh.lan
# PDC/BDC
domain logons = No
add machine script = /usr/sbin/samba-add-machine "%u"
logon drive = U:
logon script = logon.cmd
logon path =
logon home = \\%L\%U
# Winbind
idmap config DC : backend = rid
idmap config DC : range = 20000000-29999999
idmap config * : backend = tdb
idmap config * : range = 30000000-39999999
winbind enum users = Yes
winbind enum groups = Yes
winbind expand groups = 1
winbind offline logon = Yes
winbind use default domain = true
winbind separator = +
template homedir = /home/%U
template shell = /sbin/nologin
# Other
preferred master = No
domain master = No
passwd program = /usr/sbin/userpasswd %u
passwd chat = *password:* %n\n *password:* %n\n *successfully.*
passwd chat timeout = 10
username map = /etc/samba/smbusers
wide links = No
allow trusted domains = Yes
# LDAP settings
# include = /etc/samba/smb.ldap.conf
# Winbind LDAP settings
# include = /etc/samba/smb.winbind.conf
#============================ Share Definitions
==============================
# Flexshare
# include = /etc/samba/flexshare.conf
[homes]
comment = Home Directories
path = /home/%U
valid users = %D\%S, %D+%S, %S
read only = No
browseable = No
available = Yes
[printers]
comment = Print Spool
path = /var/spool/samba
printing = cups
cups options = raw
use client driver = Yes
printable = Yes
read only = No
browseable = No
available = No
[print$]
comment = Printer Drivers
path = /var/samba/drivers
read only = No
browseable = No
available = No
[netlogon]
comment = Network Logon Service
path = /var/samba/netlogon
read only = No
locking = No
browseable = No
available = No
[profiles]
comment = Profile Share
path = /var/samba/profiles
read only = No
profile acls = Yes
browseable = No
available = No
force group = domain_users
force directory mode = 02775
The two lines:
nmbd bind explicit broadcast = yes
socket address = 192.168.20.1
are because I need to stop nmb from listening on all addresses as the AD
DC is running in Docker on this machine and the docker image won't start
if nmb is listening on all addresses
More information about the samba
mailing list