Web lists-archives.com

Re: [Samba] Doman join issues




Hi Rowland,

I get the same error messages even with the following smb.conf, generated by the migration process. 

[global]
          workgroup = LIN
         realm = LIN.COM
         netbios name = LINSERVER01
        server role = active directory domain controller
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        idmap_ldb:use rfc2307 = yes
        log file = /var/log/samba/log.%m
        log level = 4
[netlogon]
        path = /var/lib/samba/sysvol/lin.com/scripts
        read only = No
[sysvol]
        path = /var/lib/samba/sysvol
        read only = No


Regards,
Praveen Ghimire





-----Original Message-----
From: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] On Behalf Of Rowland Penny via samba
Sent: Monday, 6 May 2019 4:47 PM
To: samba@xxxxxxxxxxxxxxx
Subject: Re: [Samba] Doman join issues

On Mon, 6 May 2019 02:51:18 +0000
Praveen Ghimire via samba <samba@xxxxxxxxxxxxxxx> wrote:

> From: Praveen Ghimire via samba <samba@xxxxxxxxxxxxxxx>
> To: "samba@xxxxxxxxxxxxxxx" <samba@xxxxxxxxxxxxxxx>
> Subject: [Samba] Doman join issues
> Date: Mon, 6 May 2019 02:51:18 +0000
> Reply-To: Praveen Ghimire <PGhimire@xxxxxxxxxxxxxx>
> Sender: "samba" <samba-bounces@xxxxxxxxxxxxxxx>
> 
> Hi,
> 
> We are running test migration on the following environment in 
> preparation for the prod migration. Any suggestions will be grealty 
> appreciated.
> 
> OS: Ubuntu18.04
> Hypervisor: Proxmox Container (LXC)
> Samba Version 4.6.7
> DNS: BIND9_DLZ
> AD and File server in the same server. Have gone through the Samba 
> documentation regarding this

Obviously not well enough, or the warnings are not obvious enough ;-)

> Smb.conf
> 
> [global]
>         workgroup = LIN
>         realm = LIN.COM
>         netbios name = LINSERVER01
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         log file = /var/log/samba/log.%m
>         log level = 4
>         acl allow execute always = True
>         server services = -dns
>         allow dns updates = nonsecure

The above lines are okay for a DC

>         winbind enum users = yes
>         winbind enum groups = yes

The above lines just slow things down and should only be used for testing purposes.

>         winbind nss info = rfc2307
>         idmap config * : backend = tdb
>         idmap config * : range = 4000-7999
>         idmap config LIN:backend = ad
>         idmap config LIN:schema_mode = rfc2307
>         idmap config LIN:range = 10000-999999

The above lines have no place on a DC, even if you are using it as a fileserver.

> We are seeing issues with winbind
> 
> * winbind.service - Samba Winbind Daemon
>    Loaded: loaded (/lib/systemd/system/winbind.service; enabled; 
> vendor preset: enabled) Active: failed (Result: exit-code) since Mon
> 2019-05-06 02:14:54 UTC; 22min ago Docs: man:winbindd(8)
>            man:samba(7)
>            man:smb.conf(5)
>   Process: 145 ExecStart=/usr/sbin/winbindd --foreground 
> --no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE) 
> Main PID: 145 (code=exited, status=1/FAILURE)
> 
> May 06 02:14:54 linserver01 systemd[1]: Starting Samba Winbind 
> Daemon... May 06 02:14:54 linserver01 systemd[1]: winbind.service:
> Main process exited, code=exited, status=1/FAILURE May 06 02:14:54
> linserver01 systemd[1]: winbind.service: Failed with result 
> 'exit-code'. May 06 02:14:54 linserver01 systemd[1]: Failed to start 
> Samba Winbind Daemon.

There is an obvious way to stop the above, stop trying to start winbind yourself and allow Samba to do it for you.

Rowland



--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

______________________________________________________________________
This email has been scanned by the Symantec Email Security.cloud service.
For more information please visit http://www.symanteccloud.com ______________________________________________________________________
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba