Zombie Ryushu
2022-Jun-20 00:30 UTC
[Samba] Samba's winbindd is running but seems non-functional.
/tmp/.winbindd/pipe
The UNIX pipe over which clients communicate with the |winbindd|
program. For security reasons, the winbind client will only attempt
to connect to the winbindd daemon if both the |/tmp/.winbindd|
directory and |/tmp/.winbindd/pipe| file are owned by root.
$LOCKDIR/winbindd_privileged/pipe
The UNIX pipe over which 'privileged' clients communicate with the
|winbindd| program. For security reasons, access to some winbindd
functions - like those needed by the |ntlm_auth| utility - is
restricted. By default, only users in the 'root' group will get this
access, however the administrator may change the group permissions
on $LOCKDIR/winbindd_privileged to allow programs like 'squid' to
use ntlm_auth. Note that the winbind client will only attempt to
connect to the winbindd daemon if both the
|$LOCKDIR/winbindd_privileged| directory and
|$LOCKDIR/winbindd_privileged/pipe| file are owned by root.
I noticed that I do not have the /tmp/.winbindd/pipe file. What controls
it's creation? I do have the
$LOCKDIR/winbindd_privileged/pipe
Andrew Bartlett
2022-Jun-20 02:57 UTC
[Samba] Samba's winbindd is running but seems non-functional.
On Sun, 2022-06-19 at 20:30 -0400, Zombie Ryushu via samba wrote:> /tmp/.winbindd/pipe > > The UNIX pipe over which clients communicate with the |winbindd| > program. For security reasons, the winbind client will only attempt > to connect to the winbindd daemon if both the |/tmp/.winbindd| > directory and |/tmp/.winbindd/pipe| file are owned by root.> > I noticed that I do not have the /tmp/.winbindd/pipe file. What controls > it's creation? I do have the > $LOCKDIR/winbindd_privileged/pipeI spent far more than was warranted to fix this properly for Samba 4.17. The docs are old and out of date, we don't use /tmp/.winbindd any more. https://gitlab.com/samba-team/samba/-/merge_requests/2586 Note that if you are running Samba as an AD DC, winbindd is started internally by Samba, and should not be started by the system as well. ? Perhaps again work to ensure your system is as simple as possible. But also please just stop, then really stop and finally think about what might be different about your system compared to all the others that do 'just work' with Samba. Remove complexity. Perhaps set up a test environment that you can compare with - so you don't keep jumping at shadows - where you can see it does just work despite various errors in the docs. Finally, reopening old bugs isn't a good move to keep us helping you, so don't do that. If this thread (or worse, a mail stream) explodes like your many previous discussions then the Samba Team will not hesitate to put your posts under moderation. Andrew Bartlett -- Andrew Bartlett (he/him) https://samba.org/~abartlet/ Samba Team Member (since 2001) https://samba.org Samba Developer, Catalyst IT https://catalyst.net.nz/services/samba