samba - Feb 2021 - How do I join an Centos8 workstation to an NT4 domain?

Please don't ream me for using an NT4 domain, but that is the beast I am 
stuck with.

I am trying to join a Centos 8 workstation to an NT4 domain and the only 
notes I have are not really applicable - 
https://documentation.clearos.com/content:en_us:kb_howtos_add_linux_workstation_to_the_samba_domain.
It references Ubuntu and its PAM configuration is irrelevant. In any 
case I believe the join is falling down before PAM even comes into play.

My samba config is:

[global]
         add machine script = /usr/sbin/useradd -d /var/lib/nobody -g 
100 -s /bin/false -M %u
         domain master = No
         idmap gid = 10000000-19999999
         idmap uid = 10000000-19999999
         security = DOMAIN
         template shell = /bin/bash
         winbind enum groups = Yes
         winbind enum users = Yes
         winbind use default domain = Yes
         workgroup = HOME
         idmap config * : range = 10000000-19999999
         idmap config * : backend = tdb


[homes]
         browseable = No
         comment = Home Directories
         inherit acls = Yes
         read only = No
         valid users = %S %D%w%S


[printers]
         browseable = No
         comment = All Printers
         create mask = 0600
         path = /var/tmp
         printable = Yes


[print$]
         comment = Printer Drivers
         create mask = 0664
         directory mask = 0775
         force group = @printadmin
         path = /var/lib/samba/drivers
         write list = @printadmin root

If I try to join the domain I get:

[root at proxmox106 ~]# net rpc join -U winadmin
Enter winadmin's password:
Failed to join domain: failed to find DC for domain HOME - The object 
was not found.

I am not sure what I am missing here.

resolv.conf:

# Generated by NetworkManager
search howitts.co.uk
nameserver 172.17.2.1

home.howitts.co.uk resolves to 172.17.2.1

As I read about the dislike of sssd, I have stopped it (but not removed 
it) and installed samba-winbind but it won't start:

? winbind.service - Samba Winbind Daemon
    Loaded: loaded (/usr/lib/systemd/system/winbind.service; disabled; 
vendor preset: disabled)
    Active: failed (Result: exit-code) since Tue 2021-02-23 11:06:17 
GMT; 3h 9min ago
      Docs: man:winbindd(8)
            man:samba(7)
            man:smb.conf(5)
   Process: 4428 ExecStart=/usr/sbin/winbindd --foreground 
--no-process-group $WINBINDOPTIONS (code=exited, status=1/FAILURE)
  Main PID: 4428 (code=exited, status=1/FAILURE)
    Status: "Starting process..."

Feb 23 11:06:17 proxmox106 systemd[1]: Starting Samba Winbind Daemon...
Feb 23 11:06:17 proxmox106 winbindd[4428]: [2021/02/23 11:06:17.888752, 
0] ../../source3/winbindd/winbindd_cache.c:3205(initialize_winbindd_cache)
Feb 23 11:06:17 proxmox106 winbindd[4428]:   initialize_winbindd_cache: 
clearing cache and re-creating with version number 2
Feb 23 11:06:17 proxmox106 winbindd[4428]: [2021/02/23 11:06:17.928571, 
0] ../../source3/winbindd/winbindd_util.c:1289(init_domain_list)
Feb 23 11:06:17 proxmox106 winbindd[4428]:   Could not fetch our SID - 
did we join?
Feb 23 11:06:17 proxmox106 winbindd[4428]: [2021/02/23 11:06:17.928702, 
0] ../../source3/winbindd/winbindd.c:1466(winbindd_register_handlers)
Feb 23 11:06:17 proxmox106 winbindd[4428]:   unable to initialize domain 
list
Feb 23 11:06:17 proxmox106 systemd[1]: winbind.service: Main process 
exited, code=exited, status=1/FAILURE
Feb 23 11:06:17 proxmox106 systemd[1]: winbind.service: Failed with 
result 'exit-code'.
Feb 23 11:06:17 proxmox106 systemd[1]: Failed to start Samba Winbind Daemon.

I am not sure how to fix thin one unless it fixes itself when the domain 
is joined

Centos is 8.3 and is fully up to date and samba is 4.12.3-12.el8.3.x86_64.

Any advice would be appreciated.

Thanks,

Nick

On 23/02/2021 14:19, Nick Howitt via samba wrote:
> Please don't ream me for using an NT4 domain, but that is the beast I 
> am stuck with.

You might think you are stuck with it, but unless you plan to upgrade to 
Samba AD, you might find you are stuck without it. NT4-style domains are 
going away, in fact they were deprecated at 4.13.0

It is your decision, but I felt that I should warn you.
>
> I am trying to join a Centos 8 workstation to an NT4 domain and the 
> only notes I have are not really applicable - 
>
https://documentation.clearos.com/content:en_us:kb_howtos_add_linux_workstation_to_the_samba_domain.
> It references Ubuntu and its PAM configuration is irrelevant. In any 
> case I believe the join is falling down before PAM even comes into play.

Ensure that all the Samba daemons are stopped, then try this '[global]' 
section of the smb.conf:

[global]
 ??????? domain master = No
 ??????? security = DOMAIN
 ??????? client min protocol = NT1
 ??????? template shell = /bin/bash
 ??????? winbind use default domain = Yes
 ??????? workgroup = HOME
 ??????? idmap config * : range = 3000-7999
 ??????? idmap config * : backend = tdb
 ??????? idmap config HOME : range = 10000000-19999999
 ??????? idmap config HOME : backend = rid

Try the join again and if it joins, then start winbind followed by smbd 
and nmbd.

Rowland