rpenny> OK, based on the fact you are running Fedora and
rpenny> have virtually have no winbind lines in smb.conf,
Seems I cut off my smb.conf short. I do have these two
lines that may be winbind related:
idmap config * : backend = tdb
idmap config * : range = 1000-199999
rpenny> you are probably running sssd.
Great, another daemon to read about in my spare time:-).
I've been ignoring that thing since it showed up.
rpenny> In which case, you could try turning winbind off
I stopped and disabled sssd instead, then restarted smb,
nmb, winbind, and already have a couple of winbindd warning
lines in the logs:
winbindd: ads_find_dc: name resolution for realm 'XXX.CO'
(domain 'XXX_01') failed: NT_STATUS_NO_LOGON_SERVERS
-- HASM
On 01/02/16 17:50, HASM wrote:> rpenny> OK, based on the fact you are running Fedora and > rpenny> have virtually have no winbind lines in smb.conf, > > Seems I cut off my smb.conf short. I do have these two > lines that may be winbind related: > > idmap config * : backend = tdb > idmap config * : range = 1000-199999If they are the only 'idmap config' lines you have in smb.conf and you want to use winbind instead of sssd, then can I refer you to my previous comment, go back to the Samba wiki page and click on one of the links.> > rpenny> you are probably running sssd. > > Great, another daemon to read about in my spare time:-). > I've been ignoring that thing since it showed up.You don't have to use sssd, but fedora probably expects you to do so, you can use winbind instead.> > rpenny> In which case, you could try turning winbind off > > I stopped and disabled sssd instead, then restarted smb, > nmb, winbind, and already have a couple of winbindd warning > lines in the logs: > > winbindd: ads_find_dc: name resolution for realm 'XXX.CO' > (domain 'XXX_01') failed: NT_STATUS_NO_LOGON_SERVERS > > -- HASM >Is firewalld running ? Rowland
hasm> Seems I cut off my smb.conf short. I do have these two hasm> lines that may be winbind related: hasm> idmap config * : backend = tdb hasm> idmap config * : range = 1000-199999 rpenny> then can I refer you to my previous comment, go back rpenny> to the Samba wiki page and click on one of the rpenny> links. A little rewind here. My smb.conf hasn't changed (much) in ages, and it works/worked fine for whatever "I do with it". Maybe it needs tuning, maybe not. Maybe I don't need to run winbin at all, that's not the point. It's when my company bought some other company and the internal IT did something to integrate their domain into ours, that winbind started spitting those lines. Maybe the AD is misconfigured, but if it is I can't do anything about it (rather than point it out to them, maybe). rpenny> You don't have to use sssd, but fedora probably expects rpenny> you to do so, you can use winbind instead. I stop as many new things that fedora throws at us as long as possible. Sssd will now be off until something breaks. rpenny> Is firewalld running ? No, I use iptables/ip6tables. -- HASM