On Thu, 25 Jan 2024 15:48:39 +0000
Vincent DROUIN via samba <samba at lists.samba.org> wrote:
> Hello,
>
> I'm trying to use to use a Samba share service with authentication
> delegated to a Windows Active Directory Server.
>
> I manage to join successfully to the AD using net ads join command,
> with or without Kerberos, using either "security = domain" or
> "security = ads".
You really should only use 'security = ads', 'domain' is meant
for the
legacy NT4-style domains.
> Nevertheless, if I use "disable netbios" option,
> winbindd immediately fails to use "name_status_find",
It would, it requires netbios. If you turn the logging up to 5, you
will get a log message telling you this.
> the domain is
> then added to the negative connection cache and the whole thing stops
> working.
What stops working ? The entire domain, or whatever you are trying to
do ?
>
> The winbind ping is also failing if netbios is disabled.
Are we taking 'wbinfo -P', because I have netbios turned off in
smb.conf (I also do not run nmbd) and that command works for myself:
wbinfo -P
checking the NETLOGON for domain[SAMDOM] dc connection to
"rpidc2.samdom.example.com" succeeded
Though I am using a Samba AD DC
>
> Am I missing some configuration parameter that would prevent such a
> behavior? NetBios is an unsecure deprecated protocol : why is it
> mandatory to have it to verify communication with the domain?
It isn't mandatory, as far as I am aware, as for you having a
missing parameter, it is doubtful, but I haven't a clue because I do
not know what you have in your smb.conf.
Rowland