[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

Frank Steiner fsteiner-mail1 at bio.ifi.lmu.de
Thu Nov 28 19:39:50 UTC 2019

Hi Rowland,

> Remove 'map untrusted to domain = Yes', it has been removed.
> Add 'domain logons = Yes'
> This gets it back to being a PDC:

thanks for the hints! I did that, but it doesn't help. I guess the
problem is not on the PDC server but on SERVER2. That's the one
that got upgraded and stopped working (even with the non-pdc config
of SERVER1).

I think the problem is missing connection between smbd and winbindd
on SERVER2, i.e. this error message:

> check_winbind_security: winbindd not running - but required as domain member: NT_STATUS_NO_LOGON_SERVERS

Obviously I have to change sth. on SERVER2 as "security=domain" should
no longer work without winbindd in samba 4.8 and later. But as just starting
windbindd doesn't make smbd see it, I don't know what to do else.

I sent the SERVER2 smb.conf through testparm (thanks for reminding me of
this tool) and removed "passwd server" option due to

   WARNING: The setting 'security=domain' should NOT be combined with the 'password server' parameter.
   (by default Samba will discover the correct DC to contact automatically).

but still winbindd is not detected. The process spawned by the systemctl
service is

   25130 /usr/sbin/winbindd --foreground --no-process-group


Dipl.-Inform. Frank Steiner   Web:  http://www.bio.ifi.lmu.de/~steiner/
Lehrstuhl f. Bioinformatik    Mail: http://www.bio.ifi.lmu.de/~steiner/m/
LMU, Amalienstr. 17           Phone: +49 89 2180-4049
80333 Muenchen, Germany       Fax:   +49 89 2180-99-4049
* Rekursion kann man erst verstehen, wenn man Rekursion verstanden hat. *

More information about the samba mailing list