[Samba] Using winbindd socket directory for multiple domains
Alex Yoon
alexyuyoon at gmail.com
Tue Jan 30 19:00:50 UTC 2024
Hello
We have a setup on Ubuntu to join multiple AD domains and authenticate
using NTLM_auth with freeRadius. Since there're multiple ADs domains
involved, we were using "WINBINDD_SOCKET_DIR" environment variable to
use the correct cache directory for each domain.
Everything looks fine and all worked when using samba 4.7.9 running on
Ubuntu 16.04.
Now, we're upgrading to the latest 4.19.3 on Ubuntu 20.04 and having
trouble making that work correctly.
The package we used from
"https://launchpad.net/~linux-schools/+archive/ubuntu/samba-latest".
As an example, joined 2 ADs successfully with 2 different smb
configuration files.
- smb.domainA.com
- smb.domainB.com
The winbindd is running
/usr/sbin/winbindd --foreground
--configfile=/opt/nac/radius/raddb/smb.domainA.com
/usr/sbin/winbindd --foreground
--configfile=/opt/nac/radius/raddb/smb.domainB.com
The smb.domainA.com looks like this.
[global]
log level = 3
workgroup = DOMAINA
security = ads
password server = 10.54.20.12
realm = DOMAINA.COM
netbios name = nac20180
ntlm auth = no
log file = /var/log/samba/log.%m
max log size = 50
; passdb backend = tdbsam
interfaces = 10.54.20.180/255.255.255.0
allow trusted domains = yes
winbind use default domain = no
winbind nested groups = yes
winbind separator = +
winbind cache time = 3600
winbind enum users = yes
winbind enum groups = yes
rpc start on demand helpers = false
pid directory = /var/run/smb.domainA.com
lock directory = /var/cache/smb.domainA.com
private dir = /var/cache/smb.domainA.com
state directory = /var/cache/smb.domainA.com
winbindd socket directory = /var/cache/smb.domainA.com
and smb.domainB.com looks like this.
[global]
log level = 3
workgroup = DOMAINB
security = ads
password server = 10.54.27.51
realm = DOMAINB.COM
netbios name = nac20180
ntlm auth = no
log file = /var/log/samba/log.%m
max log size = 50
; passdb backend = tdbsam
interfaces = 10.54.20.180/255.255.255.0
allow trusted domains = yes
winbind use default domain = no
winbind nested groups = yes
winbind separator = +
winbind cache time = 3600
winbind enum users = yes
winbind enum groups = yes
rpc start on demand helpers = false
pid directory = /var/run/smb.domainB.com
lock directory = /var/cache/smb.domainB.com
private dir = /var/cache/smb.domainB.com
state directory = /var/cache/smb.domainB.com
winbindd socket directory = /var/cache/smb.domainB.com
/var/log/samba/log.winbindd does seem to run okay and adding/updating both
domains in the appropriate cache directory.
The problem is that when using 'env WINBINDD_SOCKET_DIR' to run wbinfo
(or ntlm_auth) command, it's failing to find the winbindd. I can
confirm that the socket directories for both domains are updated /
created / etc properly as far as I can tell.
Examples of failure)
/usr/bin/env WINBINDD_SOCKET_DIR=/var/cache/smb.domainA.com/ /usr/bin/wbinfo -u
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
Error looking up domain users
/usr/bin/env WINBINDD_SOCKET_DIR=/var/cache/smb.domainB.com/ /usr/bin/wbinfo -p
Ping to winbindd failed
could not ping winbindd!
/usr/bin/env WINBINDD_SOCKET_DIR=/var/cache/smb.domainA.com/
/usr/bin/ntlm_auth --configfile=/opt/nac/radius/raddb/smb.domainA.com
--request-nt-key --username=ntlmpeap --domain=DOMAINA.COM
--password=Password
interpret_interface: Adding interface 10.54.20.180/255.255.255.0
added interface 10.54.20.180/25 ip=10.54.20.180 bcast=10.54.20.255
netmask=255.255.255.0
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
interpret_interface: Adding interface 10.54.20.180/255.255.255.0
added interface 10.54.20.180/25 ip=10.54.20.180 bcast=10.54.20.255
netmask=255.255.255.0
lp_load_ex: refreshing parameters
Initialising global parameters
Processing section "[global]"
interpret_interface: Adding interface 10.54.20.180/255.255.255.0
added interface 10.54.20.180/25 ip=10.54.20.180 bcast=10.54.20.255
netmask=255.255.255.0
could not obtain winbind separator!
Reading winbind reply failed! (0x01)
: (0x0)
Looking for some solution / suggestion or anything. Would be much appreicated!
Thank you!
More information about the samba
mailing list