[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help
Rowland penny
rpenny at samba.org
Thu Nov 28 21:11:25 UTC 2019
On 28/11/2019 19:39, Frank Steiner wrote:
> Hi Rowland,
>
> I think the problem is missing connection between smbd and winbindd
> on SERVER2, i.e. this error message:
>
>> check_winbind_security: winbindd not running - but required as domain
>> member: NT_STATUS_NO_LOGON_SERVERS
>
> Obviously I have to change sth. on SERVER2 as "security=domain" should
> no longer work without winbindd in samba 4.8 and later. But as just
> starting
> windbindd doesn't make smbd see it, I don't know what to do else.
>
> I sent the SERVER2 smb.conf through testparm (thanks for reminding me of
> this tool) and removed "passwd server" option due to
>
> WARNING: The setting 'security=domain' should NOT be combined with
> the 'password server' parameter.
> (by default Samba will discover the correct DC to contact
> automatically).
>
> but still winbindd is not detected. The process spawned by the systemctl
> service is
>
> 25130 /usr/sbin/winbindd --foreground --no-process-group
The error message is coming from here:
if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) {
struct pdb_trusted_domain **domains = NULL;
uint32_t num_domains = 0;
NTSTATUS status;
if (lp_server_role() == ROLE_DOMAIN_MEMBER) {
status = NT_STATUS_NO_LOGON_SERVERS;
DBG_ERR("winbindd not running - "
"but required as domain member: %s\n",
nt_errstr(status));
return status;
}
So your server doesn't seem to be able to find winbindd, are you sure it
is running ?
What does this show:
ps ax | grep '[w]inbind'
What OS is this ?
Rowland
More information about the samba
mailing list