[Samba] Doman join issues
Praveen Ghimire
PGhimire at sundata.com.au
Mon May 6 07:35:07 UTC 2019
Hi Rowland,
I get the same error messages even with the following smb.conf, generated by the migration process.
[global]
workgroup = LIN
realm = LIN.COM
netbios name = LINSERVER01
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
log file = /var/log/samba/log.%m
log level = 4
[netlogon]
path = /var/lib/samba/sysvol/lin.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
Regards,
Praveen Ghimire
-----Original Message-----
From: samba [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny via samba
Sent: Monday, 6 May 2019 4:47 PM
To: samba at lists.samba.org
Subject: Re: [Samba] Doman join issues
On Mon, 6 May 2019 02:51:18 +0000
Praveen Ghimire via samba <samba at lists.samba.org> wrote:
> From: Praveen Ghimire via samba <samba at lists.samba.org>
> To: "samba at lists.samba.org" <samba at lists.samba.org>
> Subject: [Samba] Doman join issues
> Date: Mon, 6 May 2019 02:51:18 +0000
> Reply-To: Praveen Ghimire <PGhimire at sundata.com.au>
> Sender: "samba" <samba-bounces at lists.samba.org>
>
> Hi,
>
> We are running test migration on the following environment in
> preparation for the prod migration. Any suggestions will be grealty
> appreciated.
>
> OS: Ubuntu18.04
> Hypervisor: Proxmox Container (LXC)
> Samba Version 4.6.7
> DNS: BIND9_DLZ
> AD and File server in the same server. Have gone through the Samba
> documentation regarding this
Obviously not well enough, or the warnings are not obvious enough ;-)
> Smb.conf
>
> [global]
> workgroup = LIN
> realm = LIN.COM
> netbios name = LINSERVER01
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
> log file = /var/log/samba/log.%m
> log level = 4
> acl allow execute always = True
> server services = -dns
> allow dns updates = nonsecure
The above lines are okay for a DC
> winbind enum users = yes
> winbind enum groups = yes
The above lines just slow things down and should only be used for testing purposes.
> winbind nss info = rfc2307
> idmap config * : backend = tdb
> idmap config * : range = 4000-7999
> idmap config LIN:backend = ad
> idmap config LIN:schema_mode = rfc2307
> idmap config LIN:range = 10000-999999
The above lines have no place on a DC, even if you are using it as a fileserver.
> We are seeing issues with winbind
>
> * winbind.service - Samba Winbind Daemon
> Loaded: loaded (/lib/systemd/system/winbind.service; enabled;
> vendor preset: enabled) Active: failed (Result: exit-code) since Mon
> 2019-05-06 02:14:54 UTC; 22min ago Docs: man:winbindd(8)
> man:samba(7)
> man:smb.conf(5)
> Process: 145 ExecStart=/usr/sbin/winbindd --foreground
> --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE)
> Main PID: 145 (code=exited, status=1/FAILURE)
>
> May 06 02:14:54 linserver01 systemd[1]: Starting Samba Winbind
> Daemon... May 06 02:14:54 linserver01 systemd[1]: winbind.service:
> Main process exited, code=exited, status=1/FAILURE May 06 02:14:54
> linserver01 systemd[1]: winbind.service: Failed with result
> 'exit-code'. May 06 02:14:54 linserver01 systemd[1]: Failed to start
> Samba Winbind Daemon.
There is an obvious way to stop the above, stop trying to start winbind yourself and allow Samba to do it for you.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
More information about the samba
mailing list