And in addition to Rowlands comments.. Correct you hosts file to /etc/hosts 127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters # This server name and ip. 10.0.0.221 main.arbeitsgruppe.secret.tld main 10.0.0.224 backup.arbeitsgruppe.secret.tld backup Second. Post you resolv.conf that was asked already. That should contain something like: search arbeitsgruppe.secret.tld Server IP_of_DC Remove map to guest = Bad User from you smb.conf the default is ok. Try that and see what happens. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Stefan G. > Weichinger via samba > Verzonden: vrijdag 30 december 2016 12:38 > Aan: samba at lists.samba.org > Onderwerp: Re: [Samba] ADS domain member: winbind fails > > Am 2016-12-30 um 12:10 schrieb Rowland Penny via samba: > > > Was Samba running before the join ? > > I can't tell that anymore as I did hundreds of things inbetween. > > > Remove this line from your smb.conf: > > > > idmap config ARBEITSGRUPPE:schema_mode = rfc2307 > > > > It is not required as you are using the winbind 'rid' backend. > > "rid" was just a try as "ad" didn't work and I had no more ideas ... > I 'd maybe prefer "ad" ? > > > Try stopping all Samba processes, then leave the domain and join again. > > Now start smbd, nmbd and winbind. > > Did so. > > leave and join: at first try, nice. > > winbindd crashes immediately again. > > > If this doesn't fix it, can you tell us what OS you are using, What is > > the AD DC and post your /etc/hosts, /etc/krb5.conf and /etc/resolv.conf > > The DC "backup" is latest debian. Converted from NT4 today (you remember > the lengthy thread!) ... > > The member server "main" is gentoo linux. > > Both run samba-4.2.14. > > We can access shares on "main" ! even without winbindd running ... > > - > > # MEMBER SERVER (-> file services) > # cat /etc/hosts > > # IPv4 and IPv6 localhost aliases > 127.0.0.1 localhost > ::1 localhost > > 10.0.0.221 main.secret.tld main > 10.0.0.224 backup.secret.tld backup > > # cat /etc/krb5.conf > [libdefaults] > default_realm = ARBEITSGRUPPE.SECRET.TLD > dns_lookup_realm = false > dns_lookup_kdc = true > > # cat /etc/samba/smb.conf > [global] > security = ADS > workgroup = ARBEITSGRUPPE > realm = ARBEITSGRUPPE.SECRET.TLD > map to guest = Bad User > log file = /var/log/samba/%m.log > log level = 3 > > idmap config * : backend = tdb > idmap config * : range = 3000-7999 > > ## idmap config for the ARBEITSGRUPPE domain > idmap config ARBEITSGRUPPE:backend = rid > idmap config ARBEITSGRUPPE:range = 10000-999999 > > username map = /etc/samba/user.map > > winbind enum users = Yes > winbind enum groups = Yes > winbind use default domain = Yes > winbind refresh tickets = Yes > > - and we had an issue joining a win7 client, I provide details on this > later ... > > Thank you! > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Am 2016-12-30 um 13:20 schrieb L.P.H. van Belle via samba:> And in addition to Rowlands comments.. > > Correct you hosts file to > /etc/hosts > 127.0.0.1 localhost > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > # This server name and ip. > 10.0.0.221 main.arbeitsgruppe.secret.tld main > 10.0.0.224 backup.arbeitsgruppe.secret.tld backup > > > Second. Post you resolv.conf that was asked already. > That should contain something like: > search arbeitsgruppe.secret.tld > Server IP_of_DC > > > Remove > map to guest = Bad User > from you smb.conf the default is ok.did all that restarted the 3 services smbd nmbd winbind winbindd fails immediately: Dez 30 13:43:48 main systemd[1]: winbindd.service: Main process exited, code=killed, status=6/ABRT Dez 30 13:43:48 main systemd[1]: winbindd.service: Unit entered failed state. Dez 30 13:43:48 main systemd[1]: winbindd.service: Failed with result 'signal'. --- but maybe I have to row back anyway: editing GPOs via RSAT always kicks us off after a few minutes. Seems that my DC isn't working correctly yet. [global] workgroup = ARBEITSGRUPPE realm = arbeitsgruppe.secret.tld server role = active directory domain controller passdb backend = samba_dsdb dns forwarder = 10.0.0.254 rpc_server:tcpip = no rpc_daemon:spoolssd = embedded rpc_server:spoolss = embedded rpc_server:winreg = embedded rpc_server:ntsvcs = embedded rpc_server:eventlog = embedded rpc_server:srvsvc = embedded rpc_server:svcctl = embedded rpc_server:default = external winbindd:use external pipes = true idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb map archive = No map readonly = no store dos attributes = Yes vfs objects = dfs_samba4 acl_xattr we can login with old and new users, we see shares ... root at backup:~# cat /etc/resolv.conf search arbeitsgruppe.ikw-amstetten.at nameserver 10.0.0.224 # host -t SRV _ldap._tcp.backup.arbeitsgruppe.ikw-amstetten.at Host _ldap._tcp.backup.arbeitsgruppe.ikw-amstetten.at not found: 3(NXDOMAIN) --> this query has worked before thanks for any help
On Fri, 30 Dec 2016 13:54:42 +0100 "Stefan G. Weichinger via samba" <samba at lists.samba.org> wrote:> Am 2016-12-30 um 13:20 schrieb L.P.H. van Belle via samba: > > And in addition to Rowlands comments.. > > > > Correct you hosts file to > > /etc/hosts > > 127.0.0.1 localhost > > # The following lines are desirable for IPv6 capable hosts > > ::1 localhost ip6-localhost ip6-loopback > > ff02::1 ip6-allnodes > > ff02::2 ip6-allrouters > > > > # This server name and ip. > > 10.0.0.221 main.arbeitsgruppe.secret.tld main > > 10.0.0.224 backup.arbeitsgruppe.secret.tld backup > > > > > > Second. Post you resolv.conf that was asked already. > > That should contain something like: > > search arbeitsgruppe.secret.tld > > Server IP_of_DC > > > > > > Remove > > map to guest = Bad User > > from you smb.conf the default is ok. > > did all that > restarted the 3 services smbd nmbd winbind > > winbindd fails immediately: > > Dez 30 13:43:48 main systemd[1]: winbindd.service: Main process > exited, code=killed, status=6/ABRT > Dez 30 13:43:48 main systemd[1]: winbindd.service: Unit entered > failed state. > Dez 30 13:43:48 main systemd[1]: winbindd.service: Failed with result > 'signal'. > > > --- > > but maybe I have to row back anyway: > > editing GPOs via RSAT always kicks us off after a few minutes. > Seems that my DC isn't working correctly yet. > > [global] > workgroup = ARBEITSGRUPPE > realm = arbeitsgruppe.secret.tld > server role = active directory domain controller > passdb backend = samba_dsdb > dns forwarder = 10.0.0.254 > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > winbindd:use external pipes = true > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4 acl_xattr > >Is this the smb.conf you got when you ran the classicupgrade ? I don't think it is, can I suggest you remove any and all lines you have added and restart samba Rowland