[Samba] making pam_winbind to work
Patrick Goetz
pgoetz at math.utexas.edu
Mon Feb 14 19:32:07 UTC 2022
On 2/14/22 08:51, Michael Tokarev via samba wrote:
>
> So, this was the issue.
>
> After digging in the source. Sigh.
>
> This is a container, -- as said in the wiki, single machine can not be
> both file server and an AD DC, so I created a new machine, actually a
> container, using systemd-nspawn.
>
> As it turned out, by default systemd-nspawn does not enable CAP_IPC_LOCK
> capability by default. So eg mlock() system call fails with ENOPERM.
> After adding this capability to the fileserver container, it started
> working.
>
> And now, HOW can we map this ENOPERM into WBC_ERR_DOMAIN_NOT_FOUND?
> This is just insane.
>
I ran into issues running samba-ad-dc in an unprivileged LXD container.
Based on advice from this list, I switched to using a privileged
container which seemed to fix everything. I'm not sure if
systemd-nspawn supports privileged containers, but if so, might be worth
a try.
> Thanks,
>
> /mjt
>
More information about the samba
mailing list