[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help
Frank Steiner
fsteiner-mail1 at bio.ifi.lmu.de
Thu Nov 28 19:39:50 UTC 2019
Hi Rowland,
> Remove 'map untrusted to domain = Yes', it has been removed.
>
> Add 'domain logons = Yes'
>
> This gets it back to being a PDC:
thanks for the hints! I did that, but it doesn't help. I guess the
problem is not on the PDC server but on SERVER2. That's the one
that got upgraded and stopped working (even with the non-pdc config
of SERVER1).
I think the problem is missing connection between smbd and winbindd
on SERVER2, i.e. this error message:
> check_winbind_security: winbindd not running - but required as domain member: NT_STATUS_NO_LOGON_SERVERS
Obviously I have to change sth. on SERVER2 as "security=domain" should
no longer work without winbindd in samba 4.8 and later. But as just starting
windbindd doesn't make smbd see it, I don't know what to do else.
I sent the SERVER2 smb.conf through testparm (thanks for reminding me of
this tool) and removed "passwd server" option due to
WARNING: The setting 'security=domain' should NOT be combined with the 'password server' parameter.
(by default Samba will discover the correct DC to contact automatically).
but still winbindd is not detected. The process spawned by the systemctl
service is
25130 /usr/sbin/winbindd --foreground --no-process-group
cu,
Frank
--
Dipl.-Inform. Frank Steiner Web: http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17 Phone: +49 89 2180-4049
80333 Muenchen, Germany Fax: +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *
More information about the samba
mailing list