[Samba] Winbindd runs interactively, fails as a daemon
Nick Howitt
nick at howitts.co.uk
Thu Jan 31 14:34:47 UTC 2019
Anyone?
On 30/01/2019 13:58, Nick Howitt wrote:
>
>
> On 30/01/2019 13:38, Rowland Penny via samba wrote:
>> On Wed, 30 Jan 2019 12:44:51 +0000
>> Nick Howitt via samba <samba at lists.samba.org> wrote:
>>
>>> Hi,
>>> I have server which is joined to an AD DC but I am having problems
>>> starting or keeping winbind running. If I reboot the server, it fails
>>> to start. If I then start it with "winbindd -i" it runs. I can then
>>> terminate it and run it as a service and it works for a while. At
>>> some indeterminate point in the future it may fail again.
>>>
>> What OS ?
>> What is in your smb.conf ?
>>
>>
> OS is ClearOS 7.5 (a Centos derivative which has not yet moved to 7.6)
>
> smb.conf is:
>
> [global]
> unix password sync = No
> # General
> netbios name = MyServer
> workgroup = DC
> server string = MyServer
> security = ads
> realm = dc.njh.lan
> password server = localdc.dc.njh.lan
> ntlm auth = yes
>
> # Logging
> log level = 1
> log file = /var/log/samba/%L-%m
> max log size = 0
> utmp = Yes
>
> # Network
> bind interfaces only = Yes
> interfaces = lo eth0 eth1
> nmbd bind explicit broadcast = yes
> socket address = 192.168.20.1
>
> # Printing
> printcap name = /etc/printcap
> load printers = Yes
>
> # Security settings
> guest account = guest
> #restrict anonymous = 2
>
> # WINS
> wins support = No
> wins server = localdc.dc.njh.lan
>
> # PDC/BDC
> domain logons = No
> add machine script = /usr/sbin/samba-add-machine "%u"
> logon drive = U:
> logon script = logon.cmd
> logon path =
> logon home = \\%L\%U
>
> # Winbind
> idmap config DC : backend = rid
> idmap config DC : range = 20000000-29999999
> idmap config * : backend = tdb
> idmap config * : range = 30000000-39999999
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind expand groups = 1
> winbind offline logon = Yes
> winbind use default domain = true
> winbind separator = +
> template homedir = /home/%U
> template shell = /sbin/nologin
>
> # Other
> preferred master = No
> domain master = No
> passwd program = /usr/sbin/userpasswd %u
> passwd chat = *password:* %n\n *password:* %n\n *successfully.*
> passwd chat timeout = 10
> username map = /etc/samba/smbusers
> wide links = No
> allow trusted domains = Yes
>
> # LDAP settings
> # include = /etc/samba/smb.ldap.conf
>
> # Winbind LDAP settings
> # include = /etc/samba/smb.winbind.conf
>
> #============================ Share Definitions
> ==============================
>
> # Flexshare
> # include = /etc/samba/flexshare.conf
>
> [homes]
> comment = Home Directories
> path = /home/%U
> valid users = %D\%S, %D+%S, %S
> read only = No
> browseable = No
> available = Yes
>
> [printers]
> comment = Print Spool
> path = /var/spool/samba
> printing = cups
> cups options = raw
> use client driver = Yes
> printable = Yes
> read only = No
> browseable = No
> available = No
>
> [print$]
> comment = Printer Drivers
> path = /var/samba/drivers
> read only = No
> browseable = No
> available = No
>
> [netlogon]
> comment = Network Logon Service
> path = /var/samba/netlogon
> read only = No
> locking = No
> browseable = No
> available = No
>
> [profiles]
> comment = Profile Share
> path = /var/samba/profiles
> read only = No
> profile acls = Yes
> browseable = No
> available = No
> force group = domain_users
> force directory mode = 02775
>
> The two lines:
> nmbd bind explicit broadcast = yes
> socket address = 192.168.20.1
>
> are because I need to stop nmb from listening on all addresses as the
> AD DC is running in Docker on this machine and the docker image won't
> start if nmb is listening on all addresses
More information about the samba
mailing list