samba - Jan 2015 - Winbindd dies instantly

Hi,

I'm trying to set up a Samba 4.1.16 file server for our (Samba 4) 
domain. But for some reason I can't seem to be able to get it to work. 
Even worse, I have run out of ideas on how to debug this. I've been 
tampering with this for quite some time now, but I've come to realize I 
can't figure this out on my own.

Can someone give me some pointers on where to look in order to fix this?


First off, smbd and nmbd seem to work just fine (as is to be expected), 
but winbindd dies instantly.

This is how I've gone about it:

     $ sudo service samba start

Everything starts. But windbindd stops.

     $ sudo net join ads -U administrator
     Joined domain DOMAIN.

     $ sudo service samba restart

Everything starts, but winbindd stops again.

output from winbindd:

    winbindd version 4.1.16 started.
    Copyright Andrew Tridgell and the Samba Team 1992-2013
    Maximum core file size limits now 16777216(soft) -1(hard)
    Registered MSG_REQ_POOL_USAGE
    Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
    lp_load_ex: refreshing parameters
    Initialising global parameters
    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
    (16384)
    params.c:pm_process() - Processing configuration file
    "/opt/samba/local/etc/smb.conf"
    Processing section "[Global]"
    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
    netmask=255.255.255.0
    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
    netmask=255.255.255.0
    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
    netmask=255.255.255.0
    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
    netmask=255.255.255.0
    initialize_winbindd_cache: clearing cache and re-creating with
    version number 2
    Added domain BUILTIN (null) S-1-5-32
    Added domain BLUNDER (null) S-1-5-21-2504862038-22785804-3050049357
    Could not fetch our SID - did we join?
    unable to initialize domain list


smb.conf:

    [Global]
       netbios name = BLUNDER
       workgroup = DOMAIN
       realm = SMBDOMAIN.HOST.COM
       server string = %h ArchLinux Host
       security = ads
       encrypt passwords = yes
       password server = pdc.smbdomain.host.com

       idmap config * : backend = rid
       idmap config * : range = 10000-20000

       winbind use default domain = Yes
       winbind enum users = Yes
       winbind enum groups = Yes
       winbind nested groups = Yes
       winbind separator = +
       winbind refresh tickets = yes

       template shell = /bin/false
    #  template homedir = /home/%D/%U

       preferred master = no
       dns proxy = no
       wins server = pdc.smbdomain.host.com
       wins proxy = no

       inherit acls = Yes
       map acl inherit = Yes
       acl group control = yes

       load printers = no
       debug level = 3
       use sendfile = no


Where do I go from here?

-- 
Kind regards,
     Jesper Koivum?ki

On 30/01/15 13:01, Jesper Koivum?ki wrote:
> Hi,
>
> I'm trying to set up a Samba 4.1.16 file server for our (Samba 4) 
> domain. But for some reason I can't seem to be able to get it to work. 
> Even worse, I have run out of ideas on how to debug this. I've been 
> tampering with this for quite some time now, but I've come to realize 
> I can't figure this out on my own.
>
> Can someone give me some pointers on where to look in order to fix this?
>
>
> First off, smbd and nmbd seem to work just fine (as is to be 
> expected), but winbindd dies instantly.
>
> This is how I've gone about it:
>
>     $ sudo service samba start
>
> Everything starts. But windbindd stops.
>
>     $ sudo net join ads -U administrator
>     Joined domain DOMAIN.
>
>     $ sudo service samba restart
>
> Everything starts, but winbindd stops again.
>
> output from winbindd:
>
>    winbindd version 4.1.16 started.
>    Copyright Andrew Tridgell and the Samba Team 1992-2013
>    Maximum core file size limits now 16777216(soft) -1(hard)
>    Registered MSG_REQ_POOL_USAGE
>    Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
>    lp_load_ex: refreshing parameters
>    Initialising global parameters
>    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>    (16384)
>    params.c:pm_process() - Processing configuration file
>    "/opt/samba/local/etc/smb.conf"
>    Processing section "[Global]"
>    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
>    netmask=255.255.255.0
>    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
>    netmask=255.255.255.0
>    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
>    netmask=255.255.255.0
>    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
>    netmask=255.255.255.0
>    initialize_winbindd_cache: clearing cache and re-creating with
>    version number 2
>    Added domain BUILTIN (null) S-1-5-32
>    Added domain BLUNDER (null) S-1-5-21-2504862038-22785804-3050049357
>    Could not fetch our SID - did we join?
>    unable to initialize domain list
>
>
> smb.conf:
>
>    [Global]
>       netbios name = BLUNDER
>       workgroup = DOMAIN
>       realm = SMBDOMAIN.HOST.COM
>       server string = %h ArchLinux Host
>       security = ads
>       encrypt passwords = yes
>       password server = pdc.smbdomain.host.com
>
>       idmap config * : backend = rid
>       idmap config * : range = 10000-20000
>
>       winbind use default domain = Yes
>       winbind enum users = Yes
>       winbind enum groups = Yes
>       winbind nested groups = Yes
>       winbind separator = +
>       winbind refresh tickets = yes
>
>       template shell = /bin/false
>    #  template homedir = /home/%D/%U
>
>       preferred master = no
>       dns proxy = no
>       wins server = pdc.smbdomain.host.com
>       wins proxy = no
>
>       inherit acls = Yes
>       map acl inherit = Yes
>       acl group control = yes
>
>       load printers = no
>       debug level = 3
>       use sendfile = no
>
>
> Where do I go from here?
>
Well, you could start by adding either:

idmap config DOMAIN :backend = ad
idmap config DOMAIN :schema_mode = rfc2307
idmap config DOMAIN :range = 20001-29999

Or:

idmap config DOMAIN :backend = rid
idmap config DOMAIN :range = 20001-29999

to smb.conf, depending on which winbind backend you want use.

You can test if the join worked ok with 'sudo net ads testjoin'

What have you got in /etc/krb5.conf ?

Does /etc/resolv.conf point to the DC ?

Rowland

You wrote that you do 'service samba start'.
Do you you have samba-ad package installed? This would be only needed for a DC
and not for a memberserver. A DC starts its own winbind process which would fail
if it's not a DC.

Am 30. Januar 2015 14:01:16 MEZ, schrieb "Jesper Koivum?ki"
<jesper.koivumaki at kulturfonden.fi>:
>Hi,
>
>I'm trying to set up a Samba 4.1.16 file server for our (Samba 4) 
>domain. But for some reason I can't seem to be able to get it to work. 
>Even worse, I have run out of ideas on how to debug this. I've been 
>tampering with this for quite some time now, but I've come to realize I
>
>can't figure this out on my own.
>
>Can someone give me some pointers on where to look in order to fix
>this?
>
>
>First off, smbd and nmbd seem to work just fine (as is to be expected),
>
>but winbindd dies instantly.
>
>This is how I've gone about it:
>
>     $ sudo service samba start
>
>Everything starts. But windbindd stops.
>
>     $ sudo net join ads -U administrator
>     Joined domain DOMAIN.
>
>     $ sudo service samba restart
>
>Everything starts, but winbindd stops again.
>
>output from winbindd:
>
>    winbindd version 4.1.16 started.
>    Copyright Andrew Tridgell and the Samba Team 1992-2013
>    Maximum core file size limits now 16777216(soft) -1(hard)
>    Registered MSG_REQ_POOL_USAGE
>    Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
>    lp_load_ex: refreshing parameters
>    Initialising global parameters
>    rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
>    (16384)
>    params.c:pm_process() - Processing configuration file
>    "/opt/samba/local/etc/smb.conf"
>    Processing section "[Global]"
>    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
>    netmask=255.255.255.0
>    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
>    netmask=255.255.255.0
>    added interface eth0 ip=192.168.1.6 bcast=192.168.1.255
>    netmask=255.255.255.0
>    added interface eth0:0 ip=192.168.254.6 bcast=192.168.254.255
>    netmask=255.255.255.0
>    initialize_winbindd_cache: clearing cache and re-creating with
>    version number 2
>    Added domain BUILTIN (null) S-1-5-32
>    Added domain BLUNDER (null) S-1-5-21-2504862038-22785804-3050049357
>    Could not fetch our SID - did we join?
>    unable to initialize domain list
>
>
>smb.conf:
>
>    [Global]
>       netbios name = BLUNDER
>       workgroup = DOMAIN
>       realm = SMBDOMAIN.HOST.COM
>       server string = %h ArchLinux Host
>       security = ads
>       encrypt passwords = yes
>       password server = pdc.smbdomain.host.com
>
>       idmap config * : backend = rid
>       idmap config * : range = 10000-20000
>
>       winbind use default domain = Yes
>       winbind enum users = Yes
>       winbind enum groups = Yes
>       winbind nested groups = Yes
>       winbind separator = +
>       winbind refresh tickets = yes
>
>       template shell = /bin/false
>    #  template homedir = /home/%D/%U
>
>       preferred master = no
>       dns proxy = no
>       wins server = pdc.smbdomain.host.com
>       wins proxy = no
>
>       inherit acls = Yes
>       map acl inherit = Yes
>       acl group control = yes
>
>       load printers = no
>       debug level = 3
>       use sendfile = no
>
>
>Where do I go from here?
>
>-- 
>Kind regards,
>     Jesper Koivum?ki
>
>-- 
>To unsubscribe from this list go to the following URL and read the
>instructions:  https://lists.samba.org/mailman/options/samba