[Samba] Doman join issues

Rowland Penny rpenny at samba.org
Mon May 6 06:46:58 UTC 2019 

On Mon, 6 May 2019 02:51:18 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:

> From: Praveen Ghimire via samba <samba at lists.samba.org>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Subject: [Samba] Doman join issues
> Date: Mon, 6 May 2019 02:51:18 +0000
> Reply-To: Praveen Ghimire <PGhimire at sundata.com.au>
> Sender: "samba" <samba-bounces at lists.samba.org>
> 
> Hi,
> 
> We are running test migration on the following environment in
> preparation for the prod migration. Any suggestions will be grealty
> appreciated.
> 
> OS: Ubuntu18.04
> Hypervisor: Proxmox Container (LXC)
> Samba Version 4.6.7
> DNS: BIND9_DLZ
> AD and File server in the same server. Have gone through the Samba
> documentation regarding this

Obviously not well enough, or the warnings are not obvious enough ;-)

> Smb.conf
> 
> [global]
>         workgroup = LIN
>         realm = LIN.COM
>         netbios name = LINSERVER01
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         log file = /var/log/samba/log.%m
>         log level = 4
>         acl allow execute always = True
>         server services = -dns
>         allow dns updates = nonsecure

The above lines are okay for a DC

>         winbind enum users = yes
>         winbind enum groups = yes

The above lines just slow things down and should only be used for
testing purposes.

>         winbind nss info = rfc2307
>         idmap config * : backend = tdb
>         idmap config * : range = 4000-7999
>         idmap config LIN:backend = ad
>         idmap config LIN:schema_mode = rfc2307
>         idmap config LIN:range = 10000-999999

The above lines have no place on a DC, even if you are using it as a
fileserver.

> We are seeing issues with winbind
> 
> * winbind.service - Samba Winbind Daemon
>    Loaded: loaded (/lib/systemd/system/winbind.service; enabled;
> vendor preset: enabled) Active: failed (Result: exit-code) since Mon
> 2019-05-06 02:14:54 UTC; 22min ago Docs: man:winbindd(8)
>            man:samba(7)
>            man:smb.conf(5)
>   Process: 145 ExecStart=/usr/sbin/winbindd --foreground
> --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE)
> Main PID: 145 (code=exited, status=1/FAILURE)
> 
> May 06 02:14:54 linserver01 systemd[1]: Starting Samba Winbind
> Daemon... May 06 02:14:54 linserver01 systemd[1]: winbind.service:
> Main process exited, code=exited, status=1/FAILURE May 06 02:14:54
> linserver01 systemd[1]: winbind.service: Failed with result
> 'exit-code'. May 06 02:14:54 linserver01 systemd[1]: Failed to start
> Samba Winbind Daemon.

There is an obvious way to stop the above, stop trying to start winbind
yourself and allow Samba to do it for you.

Rowland

More information about the samba mailing list