[Samba] Domain member?
Joachim Lindenberg
samba at lindenberg.one
Mon Oct 25 20:06:52 UTC 2021
> How did you join the domain ?
I joined using net ads join -U Joachim (which happens to be domain admin). No error (after fixing a hostname setup issue).
>The line above is only used on a DC
I excerpted this from an existing DC. Removed it. No change.
Is there a consistency check I can run?
> Are you using sssd ?
I don´t (yet) know what sssd is about.
>Have you installed winbind ?
I followed https://wiki.samba.org/index.php/Distribution-specific_Package_Installation#Ubuntu, and yes, winbind is installed.
> You have only stopped Samba using nmbd, you need to stop it and then disable it.
I didn´t enable it at all. Some magic? If smb.conf asks for no netbios, shouldn´t the process exit?
Thanks, Joachim
-----Ursprüngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny via samba
Gesendet: Monday, 25 October 2021 21:05
An: samba at lists.samba.org
Betreff: Re: [Samba] Domain member?
On Mon, 2021-10-25 at 20:49 +0200, Joachim Lindenberg via samba wrote:
> Hello,
>
> I installed a new Ubuntu 20.04 system with Samba 4.14.8 and joined as
> member.
How did you join the domain ?
>
>
> I am now trying to configure pam authentication with winbindd,
> following
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#T
> esting_the_Winbindd_Connectivity
> , and am struggling with:
>
>
>
> root at le:/home/jo# wbinfo --ping-dc
>
> checking the NETLOGON for domain[WORKGROUP] dc connection to ""
> failed
>
> failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND
>
>
>
> root at le:/home/jo# net ads info
>
> LDAP server: 192.168.177.19
>
> LDAP server name: cobra.samba.lindenberg.one
>
> Realm: SAMBA.LINDENBERG.ONE
>
> Bind Path: dc=SAMBA,dc=LINDENBERG,dc=ONE
>
> LDAP port: 389
>
> Server time: Mon, 25 Oct 2021 18:36:46 UTC
>
> KDC server: 192.168.177.19
>
> Server time offset: 0
>
> Last machine account password change: Mon, 25 Oct 2021 18:15:42 UTC
>
>
>
> My smb.conf on that client is:
>
> # Global parameters
>
> [global]
>
> netbios name = LE
>
> realm = SAMBA.LINDENBERG.ONE
>
> workgroup = SAMBA
>
> security = ADS
>
> dns update command = /usr/sbin/samba_dnsupdate --use-samba-
> tool
The line above is only used on a DC
>
> # idmap_ldb:use rfc2307 = yes
>
> disable netbios = yes
>
> smb encrypt = mandatory
>
> kerberos method = secrets and keytab
>
> # winbind refresh tickets = yes
>
> template shell = /bin/bash
>
> template homedir = /home/%U
>
> winbind use default domain = yes
Are you using sssd ?
>
>
>
> systemctl status * ends with:
>
> Oct 25 18:41:18 le smbd[835]: daemon_ready: daemon 'smbd' finished
> starting up and ready to serve connections
>
> Oct 25 18:41:27 le smbd[835]: [2021/10/25 18:41:27.256861, 0]
> ../../source3/libads/kerberos_util.c:73(ads_kinit_password)
>
> Oct 25 18:41:27 le smbd[835]: kerberos_kinit_password
> LE$@SAMBA.LINDENBERG.ONE failed: Client not found in Kerberos database
>
>
>
> Oct 25 18:41:17 le nmbd[731]: daemon_ready: daemon 'nmbd' finished
> starting up and ready to serve connections
>
> Oct 25 18:41:40 le nmbd[731]: [2021/10/25 18:41:40.800798, 0]
> ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_st>
>
> Oct 25 18:41:40 le nmbd[731]: *****
>
> Oct 25 18:41:40 le nmbd[731]:
>
> Oct 25 18:41:40 le nmbd[731]: Samba name server LE is now a local
> master browser for workgroup SAMBA on subnet 192.168.176.9
>
> Oct 25 18:41:40 le nmbd[731]:
>
> Oct 25 18:41:40 le nmbd[731]: *****
>
>
>
> systemctl status winbindd
>
> Unit winbindd.service could not be found.
Have you installed winbind ?
>
>
>
> Why is nmbd active if I ask to disable netbios?
You have only stopped Samba using nmbd, you need to stop it and then disable it.
>
> special issue: DC and member are in different subnets.
This shouldn't matter, as long as they are in the the same dns domain.
Rowland
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list