On Sun, 2 Sep 2018 22:37:05 -0400 Jamie Jackson via samba <samba at lists.samba.org> wrote:> Thanks for the workaround, Luca. I might end up going with: > > #!/bin/bash > getent group | grep -q 'Domain Users' && exit 0 > echo "restarting winbind" > sudo systemctl restart winbind > > > Rowland, it crashed again. Here's some info. Please let me know if I > should provide more: > https://gist.github.com/jamiejackson/8aa60fb0ac1f407ba73776aaaeaa542f >The last few lines of the log are these: [2018/09/01 23:19:27.748555, 3, pid=9795] ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid) msrpc_name_to_sid: name=REDACTED\ROOT [2018/09/01 23:19:27.748585, 3, pid=9795] ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid) name_to_sid [rpc] REDACTED\ROOT for domain REDACTED [2018/09/01 23:20:28.475336, 0, pid=9795] ../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler) Got sig[15] terminate (is_parent=0) It looks like you ran you script/commands on Sun Sep 2 21:35:39 EDT 2018 To my eye, there is nothing really wrong, there certainly isn't any evidence of a crash, the only evidence that I can see is that winbind has exited. So I went back to the info you posted earlier, at that time I concentrated on the smb.conf, this time I looked a lot more closely at this: $ ps -aux | grep '\(samba\|smb\|winbind\)' root 12600 0.0 0.0 399284 2324 ? Ss Aug31 0:16 /usr/sbin/winbindd --foreground --no-process-group root 12602 0.0 0.0 424328 5948 ? S Aug31 0:01 /usr/sbin/winbindd --foreground --no-process-group root 12857 0.0 0.0 406020 964 ? S Aug31 0:03 /usr/sbin/winbindd --foreground --no-process-group root 12858 0.0 0.0 399144 1416 ? S Aug31 0:00 /usr/sbin/winbindd --foreground --no-process-group root 12859 0.0 0.0 399144 1504 ? S Aug31 0:00 /usr/sbin/winbindd --foreground --no-process-group If I run the same command on a Unix domain member, I get this: root 2231 0.0 0.1 398220 17912 ? Ss Aug29 0:03 /usr/sbin/winbindd root 2593 0.0 0.1 455004 20328 ? S Aug29 0:10 /usr/sbin/winbindd root 2630 0.0 0.0 307728 15336 ? Ss Aug29 0:00 /usr/sbin/smbd -D root 2683 0.0 0.0 296524 4516 ? S Aug29 0:00 /usr/sbin/smbd -D root 2684 0.0 0.0 296524 4516 ? S Aug29 0:00 /usr/sbin/smbd -D root 2730 0.0 0.0 265088 9696 ? S Aug29 0:00 /usr/sbin/winbindd root 2745 0.0 0.0 265220 9560 ? S Aug29 0:00 /usr/sbin/winbindd root 2746 0.0 0.1 403600 16412 ? S Aug29 0:01 /usr/sbin/winbindd So, from that, can I ask these questions: Why isn't 'smbd' running ? Is 'nmbd' running ? Why aren't you running 'winbind' as a daemon ? Why do feel you don't need a process group for winbind ? Rowland
El 3/9/18 a les 11:16, Rowland Penny via samba ha escrit:> Why isn't 'smbd' running ?I'm also *not* running smbd, that's because, according to https://www.samba.org/samba/docs/current/man-html/smbd.8.html, "smbd — server to provide SMB/CIFS services to clients". I'm not providing any SMB/CIFS service to clients.> Is 'nmbd' running ?https://www.samba.org/samba/docs/current/man-html/nmbd.8.html "NetBIOS name server to provide NetBIOS over IP naming services to clients". I don't need that either.> Why aren't you running 'winbind' as a daemon ? > Why do feel you don't need a process group for winbind ?That doesn't apply here (it's running as a daemon, I didn't really investigated how my distro decided to start the service, as long as it starts I'm fine). Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007
On Mon, 3 Sep 2018 13:06:00 +0200 Luca Olivetti via samba <samba at lists.samba.org> wrote:> El 3/9/18 a les 11:16, Rowland Penny via samba ha escrit: > > > Why isn't 'smbd' running ? > > I'm also *not* running smbd, that's because, according to > https://www.samba.org/samba/docs/current/man-html/smbd.8.html, "smbd > — server to provide SMB/CIFS services to clients". > I'm not providing any SMB/CIFS service to clients.Start smbd.> > > > Is 'nmbd' running ? > > https://www.samba.org/samba/docs/current/man-html/nmbd.8.html > > "NetBIOS name server to provide NetBIOS over IP naming services to > clients". > > I don't need that either.You only need 'nmbd' if you want/need network browsing, so this is optional.> > > Why aren't you running 'winbind' as a daemon ? > > Why do feel you don't need a process group for winbind ? > > That doesn't apply here (it's running as a daemon, I didn't really > investigated how my distro decided to start the service, as long as > it starts I'm fine).No you are not fine, something is stopping winbind, it is NOT crashing. If it was running as a deamon, it would fork and whatever is killing winbind would only kill the child, not the main deamon. Please stop trying to be clever and run Samba as it is intended. Rowland> > Bye
On Mon, Sep 3, 2018 at 5:17 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Sun, 2 Sep 2018 22:37:05 -0400 > Jamie Jackson via samba <samba at lists.samba.org> wrote: > > > Thanks for the workaround, Luca. I might end up going with: > > > > #!/bin/bash > > getent group | grep -q 'Domain Users' && exit 0 > > echo "restarting winbind" > > sudo systemctl restart winbind > > > > > > Rowland, it crashed again. Here's some info. Please let me know if I > > should provide more: > > https://gist.github.com/jamiejackson/8aa60fb0ac1f407ba73776aaaeaa542f > > > > The last few lines of the log are these: > > [2018/09/01 23:19:27.748555, 3, pid=9795] > ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid) > msrpc_name_to_sid: name=REDACTED\ROOT > [2018/09/01 23:19:27.748585, 3, pid=9795] > ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid) > name_to_sid [rpc] REDACTED\ROOT for domain REDACTED > [2018/09/01 23:20:28.475336, 0, pid=9795] > ../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler) > Got sig[15] terminate (is_parent=0) > > It looks like you ran you script/commands on Sun Sep 2 21:35:39 EDT > 2018 > > To my eye, there is nothing really wrong, there certainly isn't any > evidence of a crash, the only evidence that I can see is that winbind > has exited. > > So I went back to the info you posted earlier, at that time I > concentrated on the smb.conf, this time I looked a lot more closely at > this: > > $ ps -aux | grep '\(samba\|smb\|winbind\)' > root 12600 0.0 0.0 399284 2324 ? Ss Aug31 0:16 > /usr/sbin/winbindd --foreground --no-process-group > root 12602 0.0 0.0 424328 5948 ? S Aug31 0:01 > /usr/sbin/winbindd --foreground --no-process-group > root 12857 0.0 0.0 406020 964 ? S Aug31 0:03 > /usr/sbin/winbindd --foreground --no-process-group > root 12858 0.0 0.0 399144 1416 ? S Aug31 0:00 > /usr/sbin/winbindd --foreground --no-process-group > root 12859 0.0 0.0 399144 1504 ? S Aug31 0:00 > /usr/sbin/winbindd --foreground --no-process-group > > If I run the same command on a Unix domain member, I get this: > > root 2231 0.0 0.1 398220 17912 ? Ss Aug29 0:03 > /usr/sbin/winbindd > root 2593 0.0 0.1 455004 20328 ? S Aug29 0:10 > /usr/sbin/winbindd > root 2630 0.0 0.0 307728 15336 ? Ss Aug29 0:00 > /usr/sbin/smbd -D > root 2683 0.0 0.0 296524 4516 ? S Aug29 0:00 > /usr/sbin/smbd -D > root 2684 0.0 0.0 296524 4516 ? S Aug29 0:00 > /usr/sbin/smbd -D > root 2730 0.0 0.0 265088 9696 ? S Aug29 0:00 > /usr/sbin/winbindd > root 2745 0.0 0.0 265220 9560 ? S Aug29 0:00 > /usr/sbin/winbindd > root 2746 0.0 0.1 403600 16412 ? S Aug29 0:01 > /usr/sbin/winbindd > > So, from that, can I ask these questions: > > Why isn't 'smbd' running ? >I didn't set this up, but I assume the sysadmins didn't run it because they, like Luca, probably assumed that smbd was for server functionality (to provide services to clients), whereas, AFAIK, our hosts only act as clients. Could you explain how smbd fits into this when the hosts are consuming remote services (but presumably not providing any)?> Is 'nmbd' running ? >Doesn't look like it: [jamie.jackson at rwhudxdkrdev ~]$ systemctl -a | grep '\(smb\|samba\|sssd\|winbind\|nmb\)' ● nmb.service not-found inactive dead nmb.service winbind.service loaded active running Samba Winbind Daemon> Why aren't you running 'winbind' as a daemon ? >No clue, but here's what I found in systemd: [jamie.jackson at rwhudxdkrdev ~]$ cat /usr/lib/systemd/system/winbind.service [Unit] Description=Samba Winbind Daemon After=syslog.target network.target nmb.service [Service] Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba Type=notify NotifyAccess=all PIDFile=/run/winbindd.pid EnvironmentFile=-/etc/sysconfig/samba ExecStart=/usr/sbin/winbindd --foreground --no-process-group "$WINBINDOPTIONS" ExecReload=/usr/bin/kill -HUP $MAINPID LimitCORE=infinity [Install] WantedBy=multi-user.target> Why do feel you don't need a process group for winbind ? >I'm not the implementor (but I can pass your questions on to that group). However, if I were to guess: The implementors probably aren't trying to be creative or contrary. I figure they probably found a solution that seemed to (mostly) work--maybe many years ago--and they might not know exactly how to implement AD integration in RHEL according to best practice. At this point, it might make more sense to throw out the current configuration (since I'm gleaning from your questions that it's unorthodox) and start fresh, but let's see what your impressions are after the latest bits of info above.> Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
El 3/9/18 a les 16:35, Jamie Jackson via samba ha escrit:> I didn't set this up, but I assume the sysadmins didn't run it because > they, like Luca, probably assumed that smbd was for server functionalityI didn't assume, it's the documentation that says so. In fact, the winbindd man page says that the winbind daemon provides services to smbd and ntlm_auth, not the reverse: "Even if winbind is not used for nsswitch, it still provides a service to smbd, ntlm_auth and the pam_winbind.so PAM module" So, according to the documentation, you can run winbindd alone but you cannot run smbd/ntlm_auth without winbindd. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007
On Mon, Sep 3, 2018 at 10:35 AM Jamie Jackson <jamiejaxon at gmail.com> wrote:> > > On Mon, Sep 3, 2018 at 5:17 AM Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Sun, 2 Sep 2018 22:37:05 -0400 >> Jamie Jackson via samba <samba at lists.samba.org> wrote: >> >> > Thanks for the workaround, Luca. I might end up going with: >> > >> > #!/bin/bash >> > getent group | grep -q 'Domain Users' && exit 0 >> > echo "restarting winbind" >> > sudo systemctl restart winbind >> > >> > >> > Rowland, it crashed again. Here's some info. Please let me know if I >> > should provide more: >> > https://gist.github.com/jamiejackson/8aa60fb0ac1f407ba73776aaaeaa542f >> > >> >> The last few lines of the log are these: >> >> [2018/09/01 23:19:27.748555, 3, pid=9795] >> ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid) >> msrpc_name_to_sid: name=REDACTED\ROOT >> [2018/09/01 23:19:27.748585, 3, pid=9795] >> ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid) >> name_to_sid [rpc] REDACTED\ROOT for domain REDACTED >> [2018/09/01 23:20:28.475336, 0, pid=9795] >> ../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler) >> Got sig[15] terminate (is_parent=0) >> >> It looks like you ran you script/commands on Sun Sep 2 21:35:39 EDT >> 2018 >> >> To my eye, there is nothing really wrong, there certainly isn't any >> evidence of a crash, the only evidence that I can see is that winbind >> has exited. >> >> So I went back to the info you posted earlier, at that time I >> concentrated on the smb.conf, this time I looked a lot more closely at >> this: >> >> $ ps -aux | grep '\(samba\|smb\|winbind\)' >> root 12600 0.0 0.0 399284 2324 ? Ss Aug31 0:16 >> /usr/sbin/winbindd --foreground --no-process-group >> root 12602 0.0 0.0 424328 5948 ? S Aug31 0:01 >> /usr/sbin/winbindd --foreground --no-process-group >> root 12857 0.0 0.0 406020 964 ? S Aug31 0:03 >> /usr/sbin/winbindd --foreground --no-process-group >> root 12858 0.0 0.0 399144 1416 ? S Aug31 0:00 >> /usr/sbin/winbindd --foreground --no-process-group >> root 12859 0.0 0.0 399144 1504 ? S Aug31 0:00 >> /usr/sbin/winbindd --foreground --no-process-group >> >> If I run the same command on a Unix domain member, I get this: >> >> root 2231 0.0 0.1 398220 17912 ? Ss Aug29 0:03 >> /usr/sbin/winbindd >> root 2593 0.0 0.1 455004 20328 ? S Aug29 0:10 >> /usr/sbin/winbindd >> root 2630 0.0 0.0 307728 15336 ? Ss Aug29 0:00 >> /usr/sbin/smbd -D >> root 2683 0.0 0.0 296524 4516 ? S Aug29 0:00 >> /usr/sbin/smbd -D >> root 2684 0.0 0.0 296524 4516 ? S Aug29 0:00 >> /usr/sbin/smbd -D >> root 2730 0.0 0.0 265088 9696 ? S Aug29 0:00 >> /usr/sbin/winbindd >> root 2745 0.0 0.0 265220 9560 ? S Aug29 0:00 >> /usr/sbin/winbindd >> root 2746 0.0 0.1 403600 16412 ? S Aug29 0:01 >> /usr/sbin/winbindd >> >> So, from that, can I ask these questions: >> >> Why isn't 'smbd' running ? >> > > I didn't set this up, but I assume the sysadmins didn't run it because > they, like Luca, probably assumed that smbd was for server functionality > (to provide services to clients), whereas, AFAIK, our hosts only act as > clients. Could you explain how smbd fits into this when the hosts are > consuming remote services (but presumably not providing any)? > > >> Is 'nmbd' running ? >> > > Doesn't look like it: > > [jamie.jackson at rwhudxdkrdev ~]$ systemctl -a | grep > '\(smb\|samba\|sssd\|winbind\|nmb\)' > ● nmb.service > not-found inactive dead > nmb.service > winbind.service > loaded active running Samba > Winbind Daemon > > >> Why aren't you running 'winbind' as a daemon ? >> > > No clue, but here's what I found in systemd: > > [jamie.jackson at rwhudxdkrdev ~]$ cat > /usr/lib/systemd/system/winbind.service > [Unit] > Description=Samba Winbind Daemon > After=syslog.target network.target nmb.service > > [Service] > Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba > Type=notify > NotifyAccess=all > PIDFile=/run/winbindd.pid > EnvironmentFile=-/etc/sysconfig/samba > ExecStart=/usr/sbin/winbindd --foreground --no-process-group > "$WINBINDOPTIONS" > ExecReload=/usr/bin/kill -HUP $MAINPID > LimitCORE=infinity > > [Install] > WantedBy=multi-user.target > >FYI, I just checked, and on a stock RHEL 7.5 box, with samba-winbind installed, the above is what you get. (The file above is stock.)> Why do feel you don't need a process group for winbind ? >> > > I'm not the implementor (but I can pass your questions on to that group). > However, if I were to guess: The implementors probably aren't trying to be > creative or contrary. I figure they probably found a solution that seemed > to (mostly) work--maybe many years ago--and they might not know exactly how > to implement AD integration in RHEL according to best practice. > > At this point, it might make more sense to throw out the current > configuration (since I'm gleaning from your questions that it's unorthodox) > and start fresh, but let's see what your impressions are after the latest > bits of info above. > > >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> >
And even the "stock" setting is not correct. :-/ > After=syslog.target network.target nmb.service It's better to have: After=syslog.target network-online.target nmb.service And check if you nsswitch.conf contains winbind at the end and not beginning. If you use systemctl, use it like this get all status : systemctl status smbd nmbd winbind Get all service info with : systemctl cat smbd nmbd winbind Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Jamie Jackson via samba > Verzonden: maandag 3 september 2018 16:48 > Aan: rpenny at samba.org > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] winbindd crashing -- how to auto-heal? > > On Mon, Sep 3, 2018 at 10:35 AM Jamie Jackson > <jamiejaxon at gmail.com> wrote: > > > > > > > On Mon, Sep 3, 2018 at 5:17 AM Rowland Penny via samba < > > samba at lists.samba.org> wrote: > > > >> On Sun, 2 Sep 2018 22:37:05 -0400 > >> Jamie Jackson via samba <samba at lists.samba.org> wrote: > >> > >> > Thanks for the workaround, Luca. I might end up going with: > >> > > >> > #!/bin/bash > >> > getent group | grep -q 'Domain Users' && exit 0 > >> > echo "restarting winbind" > >> > sudo systemctl restart winbind > >> > > >> > > >> > Rowland, it crashed again. Here's some info. Please let > me know if I > >> > should provide more: > >> > > https://gist.github.com/jamiejackson/8aa60fb0ac1f407ba73776aaaeaa542f > >> > > >> > >> The last few lines of the log are these: > >> > >> [2018/09/01 23:19:27.748555, 3, pid=9795] > >> ../source3/winbindd/winbindd_msrpc.c:244(msrpc_name_to_sid) > >> msrpc_name_to_sid: name=REDACTED\ROOT > >> [2018/09/01 23:19:27.748585, 3, pid=9795] > >> ../source3/winbindd/winbindd_msrpc.c:258(msrpc_name_to_sid) > >> name_to_sid [rpc] REDACTED\ROOT for domain REDACTED > >> [2018/09/01 23:20:28.475336, 0, pid=9795] > >> ../source3/winbindd/winbindd.c:281(winbindd_sig_term_handler) > >> Got sig[15] terminate (is_parent=0) > >> > >> It looks like you ran you script/commands on Sun Sep 2 > 21:35:39 EDT > >> 2018 > >> > >> To my eye, there is nothing really wrong, there certainly isn't any > >> evidence of a crash, the only evidence that I can see is > that winbind > >> has exited. > >> > >> So I went back to the info you posted earlier, at that time I > >> concentrated on the smb.conf, this time I looked a lot > more closely at > >> this: > >> > >> $ ps -aux | grep '\(samba\|smb\|winbind\)' > >> root 12600 0.0 0.0 399284 2324 ? Ss Aug31 0:16 > >> /usr/sbin/winbindd --foreground --no-process-group > >> root 12602 0.0 0.0 424328 5948 ? S Aug31 0:01 > >> /usr/sbin/winbindd --foreground --no-process-group > >> root 12857 0.0 0.0 406020 964 ? S Aug31 0:03 > >> /usr/sbin/winbindd --foreground --no-process-group > >> root 12858 0.0 0.0 399144 1416 ? S Aug31 0:00 > >> /usr/sbin/winbindd --foreground --no-process-group > >> root 12859 0.0 0.0 399144 1504 ? S Aug31 0:00 > >> /usr/sbin/winbindd --foreground --no-process-group > >> > >> If I run the same command on a Unix domain member, I get this: > >> > >> root 2231 0.0 0.1 398220 17912 ? Ss Aug29 0:03 > >> /usr/sbin/winbindd > >> root 2593 0.0 0.1 455004 20328 ? S Aug29 0:10 > >> /usr/sbin/winbindd > >> root 2630 0.0 0.0 307728 15336 ? Ss Aug29 0:00 > >> /usr/sbin/smbd -D > >> root 2683 0.0 0.0 296524 4516 ? S Aug29 0:00 > >> /usr/sbin/smbd -D > >> root 2684 0.0 0.0 296524 4516 ? S Aug29 0:00 > >> /usr/sbin/smbd -D > >> root 2730 0.0 0.0 265088 9696 ? S Aug29 0:00 > >> /usr/sbin/winbindd > >> root 2745 0.0 0.0 265220 9560 ? S Aug29 0:00 > >> /usr/sbin/winbindd > >> root 2746 0.0 0.1 403600 16412 ? S Aug29 0:01 > >> /usr/sbin/winbindd > >> > >> So, from that, can I ask these questions: > >> > >> Why isn't 'smbd' running ? > >> > > > > I didn't set this up, but I assume the sysadmins didn't run > it because > > they, like Luca, probably assumed that smbd was for server > functionality > > (to provide services to clients), whereas, AFAIK, our hosts > only act as > > clients. Could you explain how smbd fits into this when the > hosts are > > consuming remote services (but presumably not providing any)? > > > > > >> Is 'nmbd' running ? > >> > > > > Doesn't look like it: > > > > [jamie.jackson at rwhudxdkrdev ~]$ systemctl -a | grep > > '\(smb\|samba\|sssd\|winbind\|nmb\)' > > ??? nmb.service > > not-found inactive dead > > nmb.service > > winbind.service > > loaded active > running Samba > > Winbind Daemon > > > > > >> Why aren't you running 'winbind' as a daemon ? > >> > > > > No clue, but here's what I found in systemd: > > > > [jamie.jackson at rwhudxdkrdev ~]$ cat > > /usr/lib/systemd/system/winbind.service > > [Unit] > > Description=Samba Winbind Daemon > > After=syslog.target network.target nmb.service > > > > [Service] > > Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba > > Type=notify > > NotifyAccess=all > > PIDFile=/run/winbindd.pid > > EnvironmentFile=-/etc/sysconfig/samba > > ExecStart=/usr/sbin/winbindd --foreground --no-process-group > > "$WINBINDOPTIONS" > > ExecReload=/usr/bin/kill -HUP $MAINPID > > LimitCORE=infinity > > > > [Install] > > WantedBy=multi-user.target > > > > > FYI, I just checked, and on a stock RHEL 7.5 box, with samba-winbind > installed, the above is what you get. (The file above is stock.) > > > > Why do feel you don't need a process group for winbind ? > >> > > > > I'm not the implementor (but I can pass your questions on > to that group). > > However, if I were to guess: The implementors probably > aren't trying to be > > creative or contrary. I figure they probably found a > solution that seemed > > to (mostly) work--maybe many years ago--and they might not > know exactly how > > to implement AD integration in RHEL according to best practice. > > > > At this point, it might make more sense to throw out the current > > configuration (since I'm gleaning from your questions that > it's unorthodox) > > and start fresh, but let's see what your impressions are > after the latest > > bits of info above. > > > > > >> Rowland > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > >> > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
On Mon, 3 Sep 2018 10:35:38 -0400 Jamie Jackson <jamiejaxon at gmail.com> wrote:> On Mon, Sep 3, 2018 at 5:17 AM Rowland Penny via samba < > samba at lists.samba.org> wrote: > > > Why isn't 'smbd' running ? > > > > I didn't set this up, but I assume the sysadmins didn't run it because > they, like Luca, probably assumed that smbd was for server > functionality (to provide services to clients), whereas, AFAIK, our > hosts only act as clients. Could you explain how smbd fits into this > when the hosts are consuming remote services (but presumably not > providing any)? >I take it the 'sysadmins' are more used to administrating Windows, if so, just ask them if they would turn SMB off on a Windows PC.> > > Is 'nmbd' running ? > > > > Doesn't look like it: > > [jamie.jackson at rwhudxdkrdev ~]$ systemctl -a | grep > '\(smb\|samba\|sssd\|winbind\|nmb\)' > ● nmb.service > not-found inactive dead > nmb.service > winbind.service > loaded active running > Samba Winbind Daemon >As I said earlier, you only need nmbd if you need network browsing.> > > Why aren't you running 'winbind' as a daemon ? > > > > No clue, but here's what I found in systemd: > > [jamie.jackson at rwhudxdkrdev ~]$ > cat /usr/lib/systemd/system/winbind.service [Unit] > Description=Samba Winbind Daemon > After=syslog.target network.target nmb.service > > [Service] > Environment=KRB5CCNAME=FILE:/run/samba/krb5cc_samba > Type=notify > NotifyAccess=all > PIDFile=/run/winbindd.pid > EnvironmentFile=-/etc/sysconfig/samba > ExecStart=/usr/sbin/winbindd --foreground --no-process-group > "$WINBINDOPTIONS" > ExecReload=/usr/bin/kill -HUP $MAINPID > LimitCORE=infinity > > [Install] > WantedBy=multi-user.targetNot really up to date with systemd (I do not use it), but I would remove '--foreground --no-process-group', this would allow winbind to run normally. I would also check the smbd service file, you need to the Samba binaries as deamons.> > > > > Why do feel you don't need a process group for winbind ? > > > > I'm not the implementor (but I can pass your questions on to that > group). However, if I were to guess: The implementors probably aren't > trying to be creative or contrary. I figure they probably found a > solution that seemed to (mostly) work--maybe many years ago--and they > might not know exactly how to implement AD integration in RHEL > according to best practice.It shouldn't really matter what the OS is, you just need to run it in an accepted way, yours isn't.> > At this point, it might make more sense to throw out the current > configuration (since I'm gleaning from your questions that it's > unorthodox) and start fresh, but let's see what your impressions are > after the latest bits of info above.I personally do not use the autorid backend, the 'ad' & 'rid' backends have always been enough for me and I think they may be sufficient for you, the only problem would be the Unix IDs. Rowland