samba - Jun 2023 - [EXTERNAL]Re: SMB1 Domain stopped working after updates quick solution needed

On 6/12/2023 3:35 PM, Rowland Penny via samba wrote:
>
>
> On 12/06/2023 21:16, Mark Bannister via samba wrote:
>>>
>> Excellent.? OK,? I installed:
>>
>> sudo apt install winbind libpam-winbind libnss-winbind krb5-config 
>> samba-dsdb-modules samba-vfs-modules
>
> Did it actually install the last two ?
> I ask it this because I normally just install the 'samba' package
and
> get those as dependencies, yet you seemed to have the 'samba'
package
> already installed. However, you should be able to run winbind by 
> itself, you just get authentication.
>
> You also do not need krb5-config, your PDC doesn't use kerberos, that 
> is an AD thing.
>
Right, didn't install krb5-config actually.? It was in a cut and paste 
before I took it out.? Not sure about the last two if they actually 
installed, not sure I paid enough attention.
>>
>> Not sure I needed all that.? Winbind exits after starting.? I see 
>> this message in the log.winbindd-idmap.log
>>
>> [2023/06/12 15:08:45.470947,? 3] 
>> ../../source3/winbindd/idmap.c:397(idmap_init_domain)
>> ?? idmap backend rid not found
>> [2023/06/12 15:08:45.606645,? 3] 
>> ../../lib/util/modules.c:167(load_module_absolute_path)
>> ?? load_module_absolute_path: Module 
>> '/usr/lib/x86_64-linux-gnu/samba/idmap/rid.so' loaded
>>
>>
>
> Have you tried restarting all three binaries, smbd, nmbd and winbind ?
Yes, cold rebooted even.

>
>> It's been years since if messed with any winbind stuff.? Looks like
>> I'm missing something?
>
> And it has been years since I set up an NT4-style PDC, so a bit unsure.
>
> Rowland
>
Ok, so I need to search for info on a "NT4-sytle PDC"?? Everything I 
find is about AD.? Do you think this error is the reason for Winbind 
exiting "idmap backend rid not found"? ?

--
Mark B

On 12/06/2023 21:51, Mark Bannister via samba wrote:
>>
> Ok, so I need to search for info on a "NT4-sytle PDC"??
Everything I
> find is about AD.? Do you think this error is the reason for Winbind 
> exiting "idmap backend rid not found"? ?
> 
> -- 

Okay, after digging in some very old files, try this as the '[global]' 
part of your smb.conf

[global]
         workgroup = LINGROUP
         server string = APP Samba %v %h
         wins support = Yes
         dns proxy = No
         log file = /var/log/samba/log.%m
         max log size = 1000
         panic action = /usr/share/samba/panic-action %d
         server role = classic primary domain controller
         obey pam restrictions = Yes
         unix password sync = Yes
         passwd program = /usr/bin/passwd %u
         passwd chat = *Enter\snew\s*\spassword:* %n\n 
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
         pam password change = Yes
         map to guest = Bad User
         domain logons = Yes
         logon drive = H:
         logon home          logon path          logon script = logon.bat
         add machine script = sudo /usr/sbin/useradd -g machines -c "%u 
machine account" -d /var/lib/samba -s /bin/false %u
         add user script = /usr/sbin/adduser --quiet --disabled-password 
--gecos "" %u
         domain master = Yes
         load printers = No
         name resolve order = wins lmhosts host bcast
         ntlm auth = ntlmv1-permitted
         preferred master = Yes
         server max protocol = NT1
         client max protocol = NT1
         template homedir = /home/%U
         template shell = /bin/bash
         admin users = sysadmin
         hosts allow = 127.0.0.1 192.168.1. 192.168.0.0/26
         hosts deny = 0.0.0.0/0
         use client driver = Yes
         veto oplock files = 
/*.TV/*.FAM/*.dat/*.DAT/*.db/*.DB/*.X??/*.x??/*.Y??/*.y??/*.MB/*.mb/*.VAL/*.val/*.PX/*.px/*.mdb/*.MDB/*.lck/*.LCK/

Rowland