Web lists-archives.com

Re: [Samba] Winbindd runs interactively, fails as a daemon




Anyone?

On 30/01/2019 13:58, Nick Howitt wrote:


On 30/01/2019 13:38, Rowland Penny via samba wrote:
On Wed, 30 Jan 2019 12:44:51 +0000
Nick Howitt via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hi,
I have server which is joined to an AD DC but I am having problems
starting or keeping winbind running. If I reboot the server, it fails
to start. If I then start it with "winbindd -i" it runs. I can then
terminate it and run it as a service and it works for a while. At
some indeterminate point in the future it may fail again.

What OS ?
What is in your smb.conf ?


OS is ClearOS 7.5 (a Centos derivative which has not yet moved to 7.6)

smb.conf is:

[global]
unix password sync = No
# General
netbios name = MyServer
workgroup = DC
server string = MyServer
security = ads
realm = dc.njh.lan
password server = localdc.dc.njh.lan
ntlm auth = yes

# Logging
log level = 1
log file = /var/log/samba/%L-%m
max log size = 0
utmp = Yes

# Network
bind interfaces only = Yes
interfaces = lo eth0 eth1
nmbd bind explicit broadcast = yes
socket address = 192.168.20.1

# Printing
printcap name = /etc/printcap
load printers = Yes

# Security settings
guest account = guest
#restrict anonymous = 2

# WINS
wins support = No
wins server = localdc.dc.njh.lan

# PDC/BDC
domain logons = No
add machine script = /usr/sbin/samba-add-machine "%u"
logon drive = U:
logon script = logon.cmd
logon path =
logon home = \\%L\%U

# Winbind
idmap config DC : backend = rid
idmap config DC : range = 20000000-29999999
idmap config * : backend = tdb
idmap config * : range = 30000000-39999999
winbind enum users = Yes
winbind enum groups = Yes
winbind expand groups = 1
winbind offline logon = Yes
winbind use default domain = true
winbind separator = +
template homedir = /home/%U
template shell = /sbin/nologin

# Other
preferred master = No
domain master = No
passwd program = /usr/sbin/userpasswd %u
passwd chat = *password:* %n\n *password:* %n\n *successfully.*
passwd chat timeout = 10
username map = /etc/samba/smbusers
wide links = No
allow trusted domains = Yes

# LDAP settings
# include = /etc/samba/smb.ldap.conf

# Winbind LDAP settings
# include = /etc/samba/smb.winbind.conf

#============================ Share Definitions ==============================

# Flexshare
# include = /etc/samba/flexshare.conf

[homes]
    comment = Home Directories
    path = /home/%U
    valid users = %D\%S, %D+%S, %S
    read only = No
    browseable = No
    available = Yes

[printers]
    comment = Print Spool
    path = /var/spool/samba
    printing = cups
    cups options = raw
    use client driver = Yes
    printable = Yes
    read only = No
    browseable = No
    available = No

[print$]
    comment = Printer Drivers
    path = /var/samba/drivers
    read only = No
    browseable = No
    available = No

[netlogon]
    comment = Network Logon Service
    path = /var/samba/netlogon
    read only = No
    locking = No
    browseable = No
    available = No

[profiles]
    comment = Profile Share
    path = /var/samba/profiles
    read only = No
    profile acls = Yes
    browseable = No
    available = No
    force group = domain_users
    force directory mode = 02775

The two lines:
nmbd bind explicit broadcast = yes
socket address = 192.168.20.1

are because I need to stop nmb from listening on all addresses as the AD DC is running in Docker on this machine and the docker image won't start if nmb is listening on all addresses



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba