[Samba] Winbind errors, VFS object stacking, sanity check

Thaddeus Waldner thadwald at hotmail.com
Thu Aug 26 21:13:26 UTC 2021


I’m working on setting up a samba-ad-dc and file server for my school. In addition to Windows and Mac login and folder sharing, I need to create shares for time machine backups and for windows backups.

Thanks to some folks on this list, I now have a Samba-ad-dc and a Samba file server joined to it. Users can log in from Macs and from Windows machines. User and shared folders are working.

Could someone please look my setup over and see if there are any glaring issues?

Some remaining issues:

The winbind service throws errors.

0] ../../source3/winbindd/winbindd_cm.c:1893(wb_open_internal_pipe)
open_internal_pipe: Could not connect to dssetup pipe: NT_STATUS_RPC_INTERFACE_NOT_FOUND

  dcesrv_call_dispatch_local: DCE/RPC fault in call lsarpc:2E - DCERPC_NCA_S_OP_RNG_ERROR

The folder icon in Mac shows a windows BSOD screen, despite having set  fruit:model = MacSamba .Time machine shares are not advertised until I mount the share.

 I’m not sure that I’m stacking vfs modules correctly, or even that I’m using the correct ones.

On the file server:
testparm -s

Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed


# Global parameters
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
logon drive = Z:
logon home = \\schoolfs\users\%U
security = ADS
template homedir = /home/%U
template shell = /bin/bash
username map = /etc/samba/user.map
winbind enum groups = Yes
winbind enum users = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
workgroup = NDS
fruit:model = MacSamba
fruit:advertise_fullsync = true
fruit:metadata = stream
fruit:veto_appledouble = no
fruit:wipe_intentionally_left_blank_rfork = yes
fruit:delete_empty_adfiles = yes
fruit:zero_file_id = yes
fruit:posix_rename = yes
idmap config nds : range = 10000-99999
idmap config nds : backend = rid
idmap config * : range = 3000-7999
idmap config * : backend = tdb
map acl inherit = Yes
vfs objects = fruit streams_xattr acl_xattr

path = /array/users
read only = No
acl_xattr:ignore system acl = yes

path = /array/staff
read only = No
acl_xattr:ignore system acl = yes

path = /array/students
read only = No
acl_xattr:ignore system acl = yes

[Time Machine]
path = /array/timemachine
read only = No
vfs objects = catia fruit streams_xattr acl_xattr
fruit:time machine = yes
acl_xattr:ignore system acl = yes

path = /array/backup
read only = No
acl_xattr:ignore system acl = yes

Thaddeus Waldner

More information about the samba mailing list