[Samba] Problem connecting Samba and Windows Active Directory

Luca Bertoncello L.Bertoncello at queo-group.com
Wed Aug 25 11:29:36 UTC 2021


Hi Rowland,

So, I tried your file.
Same problem... ☹

On starting I see in syslog:

Aug 25 13:27:57 nasmedia02 winbindd[569167]: [2021/08/25 13:27:57.901160,  0] ../../source3/winbindd/winbindd_cm.c:1873(wb_open_internal_pipe)
Aug 25 13:27:57 nasmedia02 winbindd[569167]:   open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND
Aug 25 13:27:57 nasmedia02 winbindd[569167]: [2021/08/25 13:27:57.901261,  0] ../../source3/rpc_server/rpc_ncacn_np.c:453(rpcint_dispatch)
Aug 25 13:27:57 nasmedia02 winbindd[569167]:   rpcint_dispatch: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR
Aug 25 13:27:57 nasmedia02 winbindd[569167]: [2021/08/25 13:27:57.902720,  0] ../../source3/winbindd/wb_lookupsids.c:662(wb_lookupsids_recv)
Aug 25 13:27:57 nasmedia02 winbindd[569167]:   res_names->count = 0, expected 1

Any other idea?

Thanks
Luca

-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba
Gesendet: Mittwoch, 25. August 2021 13:26
An: samba at lists.samba.org
Betreff: Re: [Samba] Problem connecting Samba and Windows Active Directory

On Wed, 2021-08-25 at 11:11 +0000, Luca Bertoncello via samba wrote:
> Hi Rowland,
> 
> the AD Servers are Windows Server 2019.
> 
> And I didn't realized that "disable netbios = yes" turns off wins...
> I tried commenting the line and restarting Samba and winbind, but it 
> still does not work...
> 

Then you don't need wins at all and really shouldn't be using it, AD relies on dns not wins.

Try this smb.conf:

[global]
        workgroup = AD-QUEO-ORG
        realm = AD.QUEO.ORG
        security = ADS
        server string = NAS Mediaserver
        interfaces = lo, eno1
        bind interfaces only = yes
        log file = /var/log/samba/log.%m
        log level = 1
        deadtime = 15
        disable netbios = yes
        kernel share modes = no
        posix locking = no
        strict locking = no
        use sendfile = yes
        async smb echo handler = yes
        host msdfs = no
        csc policy = disable
        case sensitive = yes
        mangled names = no
        hide unreadable = yes
        hide files = /lost+found/
        hide dot files = no
        veto files =
/.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/
        delete veto files = yes
        kerberos method = system keytab
        map to guest = Bad User
        create krb5 conf = no
        acl map full control = no
        idmap config * : range = 2000-10000
        idmap config AD-QUEO-ORG : backend = ad
        idmap config AD-QUEO-ORG : range = 200000-1000200000
        idmap config AD-QUEO-ORG : unix_primary_group = yes
        idmap config AD-QUEO-ORG : schema_mode = rfc2307
        idmap config AD-QUEO-ORG : unix_nss_info = yes
        winbind cache time = 600
        winbind refresh tickets = yes
        winbind use default domain = true
        load printers = No
        disable spoolss = yes
        printing = bsd
        printcap name = /dev/null
        template homedir = /home/%U
        template shell = /bin/bash

[queo.communication]
        comment = Media Share
        path = /srv/hdd-mirror1/media-share/queo.communication
        valid users = "@AD-QUEO-ORG\Funktion - Zugriff Netzwerkfreigaben"
        force user = mediashare
        force group = mediashare
        read only = No
        directory mask = 0755
        force directory mode = 0755
        create mask = 0644
        force create mode = 0644
        vfs objects = shadow_copy2
        shadow:snapdir = .zfs/snapshot
        shadow:sort = desc
        shadow: format = -%Y-%m-%d-%H%M
        shadow: snapprefix = ^zfs-auto-
snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0
,1\}
        shadow: delimiter = -20

That will ensure that you will be using SMBv2/SMBv3 that your DC expects.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba


More information about the samba mailing list