samba - Jan 2017 - Samba4 + Winbind

Hello Marc,


Thanks for your documentation.

Well I followed what you wrote, perhaps my wbinfo command fails when I try to
test the connectivity.


# wbinfo --ping-dc
checking the NETLOGON dc connection failed
failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
Could not ping our DC


My smb.conf is now this:


# Global parameters
[global]
        netbios name = DEVLUCAS1
        realm = LUCAS.UFES.BR
        workgroup = LUCAS
        server role = active directory domain controller
        winbind nss info = template
        template shell = /bin/bash
        template homedir = /home/%U

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/lucas.ufes.br/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No




I think that idmap is missing, but I didn't understand that properly (I also
read other documentations). If you could help me what is missing I will be
grateful.




Lucas












Hi Lukz,

I'm replying off list, because I haven't finally validated the procedure
for all supported Samba versions yet.

I published a new documentation about Winbindd on a Samba AD DC this
evening. I think this was what you're are looking for:
https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC

I have validated the procedure including PAM authentication on a 4.5.3
DC but I expect that it works on 4.4 and 4.3, too.

Please let me know if you have any comments or suggestions on the doc.

Regards,
Marc

On Thu, 5 Jan 2017 12:14:00 +0000
Lukz Ferris via samba <samba at lists.samba.org> wrote:
> Hello Marc,
> 
> 
> Thanks for your documentation.
> 
> Well I followed what you wrote, perhaps my wbinfo command fails when
> I try to test the connectivity.
> 
> 
> # wbinfo --ping-dc
> checking the NETLOGON dc connection failed
> failed to call wbcPingDc: WBC_ERR_WINBIND_NOT_AVAILABLE
> Could not ping our DC
> 
It looks like winbindd isn't running.
If you haven't compiled Samba yourself, did you install the winbind
package ?
> 
> My smb.conf is now this:
> 
> 
> # Global parameters
> [global]
>         netbios name = DEVLUCAS1
>         realm = LUCAS.UFES.BR
>         workgroup = LUCAS
>         server role = active directory domain controller
>         winbind nss info = template
Remove the line above, it isn't used on a DC
>         template shell = /bin/bash
>         template homedir = /home/%U
>
You do not seem to have a dns forwarder line, something like:

        dns forwarder = 8.8.8.8

You also need this line:

        idmap_ldb:use rfc2307 = yes
> [netlogon]
>         path = /usr/local/samba/var/locks/sysvol/lucas.ufes.br/scripts
>         read only = No
> 
> [sysvol]
>         path = /usr/local/samba/var/locks/sysvol
>         read only = No
> 
> 
> 
> 
> I think that idmap is missing, but I didn't understand that properly
> (I also read other documentations). If you could help me what is
> missing I will be grateful.
> 
> 
> 
> 
> Lucas
> 
Rowland