[Samba] security=domain fails after upgr. to 4.9, winbind doesn't help

Rowland penny rpenny at samba.org
Thu Nov 28 21:11:25 UTC 2019

On 28/11/2019 19:39, Frank Steiner wrote:
> Hi Rowland,
> I think the problem is missing connection between smbd and winbindd
> on SERVER2, i.e. this error message:
>> check_winbind_security: winbindd not running - but required as domain 
> Obviously I have to change sth. on SERVER2 as "security=domain" should
> no longer work without winbindd in samba 4.8 and later. But as just 
> starting
> windbindd doesn't make smbd see it, I don't know what to do else.
> I sent the SERVER2 smb.conf through testparm (thanks for reminding me of
> this tool) and removed "passwd server" option due to
>   WARNING: The setting 'security=domain' should NOT be combined with 
> the 'password server' parameter.
>   (by default Samba will discover the correct DC to contact 
> automatically).
> but still winbindd is not detected. The process spawned by the systemctl
> service is
>   25130 /usr/sbin/winbindd --foreground --no-process-group

The error message is coming from here:

     if (wbc_status == WBC_ERR_WINBIND_NOT_AVAILABLE) {
         struct pdb_trusted_domain **domains = NULL;
         uint32_t num_domains = 0;
         NTSTATUS status;

         if (lp_server_role() == ROLE_DOMAIN_MEMBER) {
             status = NT_STATUS_NO_LOGON_SERVERS;
             DBG_ERR("winbindd not running - "
                 "but required as domain member: %s\n",
             return status;

So your server doesn't seem to be able to find winbindd, are you sure it 
is running ?

What does this show:

ps ax | grep '[w]inbind'

What OS is this ?


More information about the samba mailing list