[Samba] Strange problem with winbind on linux domain member (works for 2 minutes...)

Thu Feb 5 17:04:54 UTC 2026

Hello Rowland, all, see my inline comments:

Am 05.02.2026 um 17:29 schrieb Rowland Penny via samba:
> On Thu, 5 Feb 2026 16:15:34 +0100
> Jakob Curdes via samba<samba at lists.samba.org> wrote:
>
> Please see inline comments:
>
>> Hello Rowland, here ist the entire smb.conf (some identical shares
>> omitted for length)
>>
>> Load smb config files from /etc/samba/smb.conf
>> lpcfg_do_global_parameter: WARNING: The "server schannel" option is
>> deprecated
> I take it that because testparm has
> warned about the server schannel parameter and it isn't in the smb.conf
> below. that you have:
>
> server schannel = yes
>
> in the actual smb.conf file, if this is the case, then I suggest you
> remove it, it is the default and will stop the testparm warning in
> future.
I think I changed this before posting the testparm  output, the line was 
not there initally. I tried a couple of things during 
debugging/troubleshooting.
>>           template shell = /bin/nologin
> There is no real reason for the above, the default is:
>
> template shell = /bin/false
>
> and it means the same, a user cannot logon localy.
I know, but I like to have some items stated explicitl so tht I know how 
the config works.
>>           winbind enum groups = Yes
>>           winbind enum users = Yes
> Is there a reason why you need to enumerate all users and groups ? It
> just slows everything down.
We do not have so many users and in this way I can get the usernames and 
group names in all situations.
> The workgroup above is 'WW', but the 'idmap config' domain is 'ov', is
> this just bad sanitisation ?

Exactly.

> By default, the minimum SMB version is now SMBv2 and you only need the
> 'nmbd' deamon if you use NetBIOS, which requires SMBv1, so you might
> want to consider setting:
>
> disable netbios = yes
> smb ports = 445
>
> in the 'global part of your smb.conf file and stopping the 'nmbd' deamon.
>
Ok I will do that, but it is probably unrelated to the winbind issue?
>
> There doesn't seem to be anything really wrong with your smb.conf
> (apart from the different workgroup/domain names and I think this is
> probably bad sanitisation), so is anything else running on this Samba
> fileserver ?
No, this is just a dedicated Sambe fileserver that is not doing anything 
else. We have two dedicated samba4 DCs (Ubuntu24), and apart from this 
problem everything runs fine.

Times are in sync, timezones are identical etc. What could the error 
message point to?

Feb 05 13:35:01 *** winbindd[3131]: [2026/02/05 13:35:01.392619, 0] 
source3/winbindd/winbindd_samr.c:71(open_internal_samr_conn)
  Feb 05 13:35:01 *** winbindd[3131]:   open_internal_samr_conn: Could 
not connect to samr pipe: NT_STATUS_CONNECTION_DISCONNECTED

I cleaned up all .tdb and .ldb files in /var/lib/samba and 
/var/cache/samba before joining the domain, could I have missed 
something to clean up?

Best regards, Jakob Curdes