samba - Oct 2021 - Domain member?

Hello,

I installed a new Ubuntu 20.04 system with Samba 4.14.8 and joined as member.

 

I am now trying to configure pam authentication with winbindd, following
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity,
and am struggling with:

 

root at le:/home/jo# wbinfo --ping-dc

checking the NETLOGON for domain[WORKGROUP] dc connection to "" failed

failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND

 

root at le:/home/jo# net ads info

LDAP server: 192.168.177.19

LDAP server name: cobra.samba.lindenberg.one

Realm: SAMBA.LINDENBERG.ONE

Bind Path: dc=SAMBA,dc=LINDENBERG,dc=ONE

LDAP port: 389

Server time: Mon, 25 Oct 2021 18:36:46 UTC

KDC server: 192.168.177.19

Server time offset: 0

Last machine account password change: Mon, 25 Oct 2021 18:15:42 UTC

 

My smb.conf on that client is:

# Global parameters

[global]

        netbios name = LE

        realm = SAMBA.LINDENBERG.ONE

        workgroup = SAMBA

        security = ADS

        dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool

#        idmap_ldb:use rfc2307 = yes

        disable netbios = yes

        smb encrypt = mandatory

        kerberos method = secrets and keytab

#        winbind refresh tickets = yes

        template shell = /bin/bash

        template homedir = /home/%U

        winbind use default domain = yes

 

systemctl status * ends with:

Oct 25 18:41:18 le smbd[835]:   daemon_ready: daemon 'smbd' finished
starting up and ready to serve connections

Oct 25 18:41:27 le smbd[835]: [2021/10/25 18:41:27.256861,  0]
../../source3/libads/kerberos_util.c:73(ads_kinit_password)

Oct 25 18:41:27 le smbd[835]:   kerberos_kinit_password LE$@SAMBA.LINDENBERG.ONE
failed: Client not found in Kerberos database

 

Oct 25 18:41:17 le nmbd[731]:   daemon_ready: daemon 'nmbd' finished
starting up and ready to serve connections

Oct 25 18:41:40 le nmbd[731]: [2021/10/25 18:41:40.800798,  0]
../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_st>

Oct 25 18:41:40 le nmbd[731]:   *****

Oct 25 18:41:40 le nmbd[731]:

Oct 25 18:41:40 le nmbd[731]:   Samba name server LE is now a local master
browser for workgroup SAMBA on subnet 192.168.176.9

Oct 25 18:41:40 le nmbd[731]:

Oct 25 18:41:40 le nmbd[731]:   *****

 

systemctl status winbindd

Unit winbindd.service could not be found.

 

Why is nmbd active if I ask to disable netbios?

special issue: DC and member are in different subnets.

 

Thanks, Joachim

On Mon, 2021-10-25 at 20:49 +0200, Joachim Lindenberg via samba
wrote:
> Hello,
> 
> I installed a new Ubuntu 20.04 system with Samba 4.14.8 and joined as
> member.
How did you join the domain ?
>  
> 
> I am now trying to configure pam authentication with winbindd,
> following 
>
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member#Testing_the_Winbindd_Connectivity
> , and am struggling with:
> 
>  
> 
> root at le:/home/jo# wbinfo --ping-dc
> 	
> checking the NETLOGON for domain[WORKGROUP] dc connection to ""
> failed
> 
> failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND
> 
>  
> 
> root at le:/home/jo# net ads info
> 
> LDAP server: 192.168.177.19
> 
> LDAP server name: cobra.samba.lindenberg.one
> 
> Realm: SAMBA.LINDENBERG.ONE
> 
> Bind Path: dc=SAMBA,dc=LINDENBERG,dc=ONE
> 
> LDAP port: 389
> 
> Server time: Mon, 25 Oct 2021 18:36:46 UTC
> 
> KDC server: 192.168.177.19
> 
> Server time offset: 0
> 
> Last machine account password change: Mon, 25 Oct 2021 18:15:42 UTC
> 
>  
> 
> My smb.conf on that client is:
> 
> # Global parameters
> 
> [global]
> 
>         netbios name = LE
> 
>         realm = SAMBA.LINDENBERG.ONE
> 
>         workgroup = SAMBA
> 
>         security = ADS
> 
>         dns update command = /usr/sbin/samba_dnsupdate --use-samba-
> tool
The line above is only used on a DC
> 
> #        idmap_ldb:use rfc2307 = yes
> 
>         disable netbios = yes
> 
>         smb encrypt = mandatory
> 
>         kerberos method = secrets and keytab
> 
> #        winbind refresh tickets = yes
> 
>         template shell = /bin/bash
> 
>         template homedir = /home/%U
> 
>         winbind use default domain = yes
Are you using sssd ?
> 
>  
> 
> systemctl status * ends with:
> 
> Oct 25 18:41:18 le smbd[835]:   daemon_ready: daemon 'smbd'
finished
> starting up and ready to serve connections
> 
> Oct 25 18:41:27 le smbd[835]: [2021/10/25 18:41:27.256861,  0]
> ../../source3/libads/kerberos_util.c:73(ads_kinit_password)
> 
> Oct 25 18:41:27 le smbd[835]:   kerberos_kinit_password 
> LE$@SAMBA.LINDENBERG.ONE failed: Client not found in Kerberos
> database
> 
>  
> 
> Oct 25 18:41:17 le nmbd[731]:   daemon_ready: daemon 'nmbd'
finished
> starting up and ready to serve connections
> 
> Oct 25 18:41:40 le nmbd[731]: [2021/10/25 18:41:40.800798,  0]
> ../../source3/nmbd/nmbd_become_lmb.c:398(become_local_master_st>
> 
> Oct 25 18:41:40 le nmbd[731]:   *****
> 
> Oct 25 18:41:40 le nmbd[731]:
> 
> Oct 25 18:41:40 le nmbd[731]:   Samba name server LE is now a local
> master browser for workgroup SAMBA on subnet 192.168.176.9
> 
> Oct 25 18:41:40 le nmbd[731]:
> 
> Oct 25 18:41:40 le nmbd[731]:   *****
> 
>  
> 
> systemctl status winbindd
> 
> Unit winbindd.service could not be found.
Have you installed winbind ?
> 
>  
> 
> Why is nmbd active if I ask to disable netbios?
You have only stopped Samba using nmbd, you need to stop it and then
disable it.
> 
> special issue: DC and member are in different subnets.
This shouldn't matter, as long as they are in the the same dns domain.

Rowland