[Samba] Samba acting as a domain member + netbios

Rowland Penny rpenny at samba.org
Thu Jan 25 16:17:31 UTC 2024


On Thu, 25 Jan 2024 15:48:39 +0000
Vincent DROUIN via samba <samba at lists.samba.org> wrote:

> Hello,
> 
> I'm trying to use to use a Samba share service with authentication
> delegated to a Windows Active Directory Server.
> 
> I manage to join successfully to the AD using net ads join command,
> with or without Kerberos, using either "security = domain" or
> "security = ads".

You really should only use 'security = ads', 'domain' is meant for the
legacy NT4-style domains.

> Nevertheless, if I use "disable netbios" option,
> winbindd immediately fails to use "name_status_find", 

It would, it requires netbios. If you turn the logging up to 5, you
will get a log message telling you this.
 
> the domain is
> then added to the negative connection cache and the whole thing stops
> working.

What stops working ? The entire domain, or whatever you are trying to
do ?

> 
> The winbind ping is also failing if netbios is disabled.

Are we taking 'wbinfo -P', because I have netbios turned off in
smb.conf (I also do not run nmbd) and that command works for myself:

wbinfo -P
checking the NETLOGON for domain[SAMDOM] dc connection to
"rpidc2.samdom.example.com" succeeded

Though I am using a Samba AD DC

> 
> Am I missing some configuration parameter that would prevent such a
> behavior? NetBios is an unsecure deprecated protocol : why is it
> mandatory to have it to verify communication with the domain?

It isn't mandatory, as far as I am aware, as for you having a
missing parameter, it is doubtful, but I haven't a clue because I do
not know what you have in your smb.conf.

Rowland




More information about the samba mailing list