Web lists-archives.com

[Samba] WinbinD no longer available in Samba 4.7.6




Hello,

Using Samba 4.7.6 (from standard repository) on Ubuntu 18.04.

After recent update, winbind failed to update, until I disabled it (it didn't start anyway). When run as

# winbindd -d 9 -i

it prints in the end:

server role = 'active directory domain controller' not compatible with running the winbindd binary. You should start 'samba' instead, and it will control starting the internal AD DC winbindd implementation, which is not the same as this one

smbd currently is listening on 139 and 445 ports - thus, I assume, it serves winbind itself. However, it isn't available any more for PAM. How shall I use Samba internal winbind implementation? When I initially installed and set up ADs, wbinfo worked fine. Currently, it says:

# wbinfo -P
could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE
could not obtain winbind domain name!
checking the NETLOGON for domain[] dc connection to "" failed
failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE

How do I make winbind available (that means available for PAM,a s well)?

Note: libpam_winbind is installed.

Current smb.conf:

[global]
        bind interfaces only = Yes
        interfaces = lo ens3
        netbios name = DC
        realm = EXAMPLE.COM
        server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        idmap_ldb:use rfc2307 = yes
        winbind enum users = yes
        winbind enum groups = yes
        winbind nss info = rfc2307
        template shell    = /bin/bash
        template homedir  = /home/%u
        workgroup = EXAMPLE
        server string = EXAMPLE.COM domain controller
        dns proxy = no
        log file = /var/log/samba/log.%m
        max log size = 1000
        log level = 0
        tls enabled  = yes
        tls keyfile  = tls/key.pem
        tls certfile = tls/cert.pem
        tls cafile   = tls/ca.pem
        tls verify peer = no_check
        acl:search = no
        panic action = /usr/share/samba/panic-action %d
        passdb backend = tdbsam
        obey pam restrictions = yes
        unix password sync = yes
        passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:
        pam password change = yes
        map to guest = bad user
        usershare allow guests = yes

[netlogon]
        comment = Network Logon Service
        path = /var/lib/samba/sysvol/example.com/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[profiles]
        comment = Users profiles
        path = /srv/samba/profiles/
        browseable = No
        read only = No
        force create mode = 0600
        force directory mode = 0700
        csc policy = disable
        store dos attributes = yes
        vfs objects = acl_xattr

--
Sincerely,

Konstantin

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba