Miguel Medalha
2015-Apr-23 16:33 UTC
[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
> with a samba 4.2.1 AD DC you automatically use the separate 'winbindd' > deamon and the 'winbind' deamon built into the samba daemon should be > ignored. There is no way that I know to 'disable' the winbind built into > samba, but there is a way to turn it on and turn off 'winbindd', which > is the way I suggested. >The Samba 4.2 release notes contains the following: If required the old internal winbind can be activated by setting 'server services = +winbind -winbindd'. Upgrading users with a server services parameter specified should ensure they change 'winbind' to 'winbindd' to obtain the new functionality. So what I was proposing was the equivalent (-winbind +winbindd) of the inversion of this parameter and see what happens. Since you are admitting this can be a bug in Samba, why not a bug in the turning the winbind types on and off? Maybe I am very wrong, but I only wanted to help with something that is very easy to test.
Rowland Penny
2015-Apr-23 16:46 UTC
[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
On 23/04/15 17:33, Miguel Medalha wrote:>> with a samba 4.2.1 AD DC you automatically use the separate 'winbindd' >> deamon and the 'winbind' deamon built into the samba daemon should be >> ignored. There is no way that I know to 'disable' the winbind built into >> samba, but there is a way to turn it on and turn off 'winbindd', which >> is the way I suggested. >> > The Samba 4.2 release notes contains the following: > > If required the old internal winbind can be activated by setting > 'server services = +winbind -winbindd'. Upgrading users with a server > services parameter specified should ensure they change 'winbind' to > 'winbindd' to obtain the new functionality. > > So what I was proposing was the equivalent (-winbind +winbindd) of the > inversion of this parameter and see what happens. > Since you are admitting this can be a bug in Samba, why not a bug in the > turning the winbind types on and off? > > Maybe I am very wrong, but I only wanted to help with something that is > very easy to test. > >Hi Miguel, What I was proposing was something to try and find out if there is a problem that can be cured by using the builtin 'winbind'. The OP is using bind9 instead of the internal dns server, so his smb.conf has a 'server services' line and changing 'winbindd' in that line to 'winbind' is the same as what you have posted. Rowland
Rowland Penny
2015-Apr-23 17:18 UTC
[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
On 23/04/15 17:46, Rowland Penny wrote:> On 23/04/15 17:33, Miguel Medalha wrote: >>> with a samba 4.2.1 AD DC you automatically use the separate 'winbindd' >>> deamon and the 'winbind' deamon built into the samba daemon should be >>> ignored. There is no way that I know to 'disable' the winbind built >>> into >>> samba, but there is a way to turn it on and turn off 'winbindd', which >>> is the way I suggested. >>> >> The Samba 4.2 release notes contains the following: >> >> If required the old internal winbind can be activated by setting >> 'server services = +winbind -winbindd'. Upgrading users with a server >> services parameter specified should ensure they change 'winbind' to >> 'winbindd' to obtain the new functionality. >> >> So what I was proposing was the equivalent (-winbind +winbindd) of the >> inversion of this parameter and see what happens. >> Since you are admitting this can be a bug in Samba, why not a bug in the >> turning the winbind types on and off? >> >> Maybe I am very wrong, but I only wanted to help with something that is >> very easy to test. >> >> > > Hi Miguel, > > What I was proposing was something to try and find out if there is a > problem that can be cured by using the builtin 'winbind'. The OP is > using bind9 instead of the internal dns server, so his smb.conf has a > 'server services' line and changing 'winbindd' in that line to > 'winbind' is the same as what you have posted. > > Rowland > >OK, it seems that this is a bug, the OP over on the samba-technical mailing list was having problems with groups having different ID numbers on different DCs, even though they had the same uidNumber in AD. swapping 'winbindd' to 'winbind' seems to have cured this. He says that he will file a bug report. Rowland
Miguel Medalha
2015-Apr-23 17:56 UTC
[Samba] RFC2307 attributes not being read by DC2 in 4.2.1
> What I was proposing was something to try and find out if there is a > problem that can be cured by using the builtin 'winbind'. The OP is > using bind9 instead of the internal dns server, so his smb.conf has a > 'server services' line and changing 'winbindd' in that line to 'winbind' > is the same as what you have posted. >Well, I am not a native speaker of English and probably I didn't express myself too welll... What I was proposing IS NOT the same. I was proposing that he stiil uses winbindd WHILE EXPLICITLY DISABLING WINBIND, instead of doing it implicitly. I was not denying your suggestion, it is a valid one and he should try it, but mine is a different one and I thought he could try it also because it costs nothing to do it.