[Samba] Domain member?

Rowland Penny rpenny at samba.org
Mon Oct 25 19:04:34 UTC 2021


On Mon, 2021-10-25 at 20:49 +0200, Joachim Lindenberg via samba wrote:
> Hello,
> 
> I installed a new Ubuntu 20.04 system with Samba 4.14.8 and joined as
> member.

How did you join the domain ?
>  
> 
> I am now trying to configure pam authentication with winbindd,
> following 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity
> , and am struggling with:
> 
>  
> 
> root at le:/home/jo# wbinfo --ping-dc
> 	
> checking the NETLOGON for domain[WORKGROUP] dc connection to ""
> failed
> 
> failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND
> 
>  
> 
> root at le:/home/jo# net ads info
> 
> LDAP server: 192.168.177.19
> 
> LDAP server name: cobra.samba.lindenberg.one
> 
> Realm: SAMBA.LINDENBERG.ONE
> 
> Bind Path: dc=SAMBA,dc=LINDENBERG,dc=ONE
> 
> LDAP port: 389
> 
> Server time: Mon, 25 Oct 2021 18:36:46 UTC
> 
> KDC server: 192.168.177.19
> 
> Server time offset: 0
> 
> Last machine account password change: Mon, 25 Oct 2021 18:15:42 UTC
> 
>  
> 
> My smb.conf on that client is:
> 
> # Global parameters
> 
> [global]
> 
>         netbios name = LE
> 
>         realm = SAMBA.LINDENBERG.ONE
> 
>         workgroup = SAMBA
> 
>         security = ADS
> 
>         dns update command = /usr/sbin/samba_dnsupdate --use-samba-
> tool

The line above is only used on a DC

> 
> #        idmap_ldb:use rfc2307 = yes
> 
>         disable netbios = yes
> 
>         smb encrypt = mandatory
> 
>         kerberos method = secrets and keytab
> 
> #        winbind refresh tickets = yes
> 
>         template shell = /bin/bash
> 
>         template homedir = /home/%U
> 
>         winbind use default domain = yes

Are you using sssd ?
> 
>  
> 
> systemctl status * ends with:
> 
> Oct 25 18:41:18 le smbd[835]:   daemon_ready: daemon 'smbd' finished
> starting up and ready to serve connections
> 
> Oct 25 18:41:27 le smbd[835]: [2021/10/25 18:41:27.256861,  0]
> ../../source3/libads/kerberos_util.c:73(ads_kinit_password)
> 
> Oct 25 18:41:27 le smbd[835]:   kerberos_kinit_password 
> LE$@SAMBA.LINDENBERG.ONE failed: Client not found in Kerberos
> database
> 
>  
> 
> Oct 25 18:41:17 le nmbd[731]:   daemon_ready: daemon 'nmbd' finished
> starting up and ready to serve connections
> 
> Oct 25 18:41:40 le nmbd[731]: [2021/10/25 18:41:40.800798,  0]
> ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_st>
> 
> Oct 25 18:41:40 le nmbd[731]:   *****
> 
> Oct 25 18:41:40 le nmbd[731]:
> 
> Oct 25 18:41:40 le nmbd[731]:   Samba name server LE is now a local
> master browser for workgroup SAMBA on subnet 192.168.176.9
> 
> Oct 25 18:41:40 le nmbd[731]:
> 
> Oct 25 18:41:40 le nmbd[731]:   *****
> 
>  
> 
> systemctl status winbindd
> 
> Unit winbindd.service could not be found.

Have you installed winbind ?

> 
>  
> 
> Why is nmbd active if I ask to disable netbios?

You have only stopped Samba using nmbd, you need to stop it and then
disable it.

> 
> special issue: DC and member are in different subnets.

This shouldn't matter, as long as they are in the the same dns domain.

Rowland





More information about the samba mailing list