Web lists-archives.com

Re: [Samba] WinbinD no longer available in Samba 4.7.6




Hai, 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Konstantin Boyandin via samba
> Verzonden: dinsdag 4 december 2018 6:35
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] WinbinD no longer available in Samba 4.7.6
> 
> Hello,
> 
> Using Samba 4.7.6 (from standard repository) on Ubuntu 18.04.
> 
> After recent update, winbind failed to update, until I 
> disabled it (it 
> didn't start anyway). When run as
> 
> # winbindd -d 9 -i
> 
> it prints in the end:
> 
> server role = 'active directory domain controller' not 
> compatible with 
> running the winbindd binary.
> You should start 'samba' instead, and it will control starting the 
> internal AD DC winbindd implementation, which is not the same as this 
> one
> 
> smbd currently is listening on 139 and 445 ports - thus, I assume, it 
> serves winbind itself. However, it isn't available any more 
> for PAM. How 
> shall I use Samba internal winbind implementation? When I initially 
> installed and set up ADs, wbinfo worked fine. Currently, it says:
> 
> # wbinfo -P
> could not obtain winbind interface details: 
> WBC_ERR_WINBIND_NOT_AVAILABLE
> could not obtain winbind domain name!
> checking the NETLOGON for domain[] dc connection to "" failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> 
> How do I make winbind available (that means available for 
> PAM,a s well)?
I suggest reading : 
https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC 
Short version:  samba-ad-dc is starting winbind, so dont start it manualy. 
For pam support install : libnss-winbind libpam-winbind 
Configure nss_switch.conf and run pam-auth-update 

And set these to to no, when your done testing. 
>          winbind enum users = yes
>          winbind enum groups = yes 
See your users: id username or getent passwd username. 

> 
> Note: libpam_winbind is installed.
> 
> Current smb.conf:
> 
> [global]
>          bind interfaces only = Yes
>          interfaces = lo ens3
>          netbios name = DC
>          realm = EXAMPLE.COM
>          server role = active directory domain controller
>          server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
> drepl, winbindd, ntp_signd, kcc, dnsupdate
>          idmap_ldb:use rfc2307 = yes
>          winbind enum users = yes
>          winbind enum groups = yes
>          winbind nss info = rfc2307
>          template shell    = /bin/bash
>          template homedir  = /home/%u
>          workgroup = EXAMPLE
>          server string = EXAMPLE.COM domain controller
>          dns proxy = no
>          log file = /var/log/samba/log.%m
>          max log size = 1000
>          log level = 0
>          tls enabled  = yes
>          tls keyfile  = tls/key.pem
>          tls certfile = tls/cert.pem
>          tls cafile   = tls/ca.pem
>          tls verify peer = no_check
>          acl:search = no
>          panic action = /usr/share/samba/panic-action %d
>          passdb backend = tdbsam
>          obey pam restrictions = yes
>          unix password sync = yes
>          passwd program = /usr/bin/passwd %u
>          passwd chat = *Enter\snew\s*\spassword:* %n\n 
> *Retype\snew\s*\spassword:
>          pam password change = yes
>          map to guest = bad user
>          usershare allow guests = yes
> 
> [netlogon]
>          comment = Network Logon Service
>          path = /var/lib/samba/sysvol/example.com/scripts
>          read only = No
> 
> [sysvol]
>          path = /var/lib/samba/sysvol
>          read only = No
> 
> [profiles]
>          comment = Users profiles
>          path = /srv/samba/profiles/
>          browseable = No
>          read only = No
>          force create mode = 0600
>          force directory mode = 0700
>          csc policy = disable
>          store dos attributes = yes
>          vfs objects = acl_xattr
> 
> --
> Sincerely,
> 
> Konstantin
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba


Greetz, 

Louis


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba