[Samba] temporary winbindd issue

Andrea Cucciarre' acucciarre at cloudian.com
Mon Dec 28 10:28:23 UTC 2020

Thanks for you suggestion, I will implement it.
I have also noted the following error in the WB logs:

[2020/12/28 09:36:04.866692,  0] 
   gse_get_client_auth_token: gss_init_sec_context failed with [ 
Miscellaneous failure (see text): TGT has been revoked](2529638932)
[2020/12/28 09:36:04.866805,  5] 
   gensec_update_done: gse_krb5[8a142b8]: NT_STATUS_LOGON_FAILURE

Do you know if it could be related to my issue and if it could be an 
issue in the Windows DC?

Andrea Cucciarre'

On 12/28/2020 11:21 AM, Rowland penny via samba wrote:
> On 28/12/2020 09:39, Andrea Cucciarre' via samba wrote:
>> Hello,
>> my Samba share was working perfectly and then suddenly was not 
>> available to windows client.
>> The Samba server is a Domain member and the command "wbinfo -u" and 
>> "getent passwd" returned no AD users.
>> The service has been recovered merely by restarting the winbindd service
>> We are running Samba 4.9.5 and my smb.conf is as below, I have also 
>> pasted some (relevant?) logs
>> Are you aware of any known issue or miss-configuration?
> You can remove these lines from your smb.conf, they have no effect 
> with the winbind backends you are using:
> idmap config * : schema_mode = rfc2307
> idmap config MERCURIA : schema_mode = rfc2307
> You are shooting yourself in the foot, not only do you have 'winbind 
> enum' lines (which you definitely do not require), you also have 
> 'winbind expand groups = 10', this will work poor old winbind to death 
> 😁 I suggest you remove those lines.
> Rowland

More information about the samba mailing list