Alex Yoon
2024-Jan-30 19:00 UTC
[Samba] Using winbindd socket directory for multiple domains
Hello We have a setup on Ubuntu to join multiple AD domains and authenticate using NTLM_auth with freeRadius. Since there're multiple ADs domains involved, we were using "WINBINDD_SOCKET_DIR" environment variable to use the correct cache directory for each domain. Everything looks fine and all worked when using samba 4.7.9 running on Ubuntu 16.04. Now, we're upgrading to the latest 4.19.3 on Ubuntu 20.04 and having trouble making that work correctly. The package we used from "https://launchpad.net/~linux-schools/+archive/ubuntu/samba-latest". As an example, joined 2 ADs successfully with 2 different smb configuration files. - smb.domainA.com - smb.domainB.com The winbindd is running /usr/sbin/winbindd --foreground --configfile=/opt/nac/radius/raddb/smb.domainA.com /usr/sbin/winbindd --foreground --configfile=/opt/nac/radius/raddb/smb.domainB.com The smb.domainA.com looks like this. [global] log level = 3 workgroup = DOMAINA security = ads password server = 10.54.20.12 realm = DOMAINA.COM netbios name = nac20180 ntlm auth = no log file = /var/log/samba/log.%m max log size = 50 ; passdb backend = tdbsam interfaces = 10.54.20.180/255.255.255.0 allow trusted domains = yes winbind use default domain = no winbind nested groups = yes winbind separator = + winbind cache time = 3600 winbind enum users = yes winbind enum groups = yes rpc start on demand helpers = false pid directory = /var/run/smb.domainA.com lock directory = /var/cache/smb.domainA.com private dir = /var/cache/smb.domainA.com state directory = /var/cache/smb.domainA.com winbindd socket directory = /var/cache/smb.domainA.com and smb.domainB.com looks like this. [global] log level = 3 workgroup = DOMAINB security = ads password server = 10.54.27.51 realm = DOMAINB.COM netbios name = nac20180 ntlm auth = no log file = /var/log/samba/log.%m max log size = 50 ; passdb backend = tdbsam interfaces = 10.54.20.180/255.255.255.0 allow trusted domains = yes winbind use default domain = no winbind nested groups = yes winbind separator = + winbind cache time = 3600 winbind enum users = yes winbind enum groups = yes rpc start on demand helpers = false pid directory = /var/run/smb.domainB.com lock directory = /var/cache/smb.domainB.com private dir = /var/cache/smb.domainB.com state directory = /var/cache/smb.domainB.com winbindd socket directory = /var/cache/smb.domainB.com /var/log/samba/log.winbindd does seem to run okay and adding/updating both domains in the appropriate cache directory. The problem is that when using 'env WINBINDD_SOCKET_DIR' to run wbinfo (or ntlm_auth) command, it's failing to find the winbindd. I can confirm that the socket directories for both domains are updated / created / etc properly as far as I can tell. Examples of failure) /usr/bin/env WINBINDD_SOCKET_DIR=/var/cache/smb.domainA.com/ /usr/bin/wbinfo -u could not obtain winbind interface details: WBC_ERR_WINBIND_NOT_AVAILABLE could not obtain winbind domain name! Error looking up domain users /usr/bin/env WINBINDD_SOCKET_DIR=/var/cache/smb.domainB.com/ /usr/bin/wbinfo -p Ping to winbindd failed could not ping winbindd! /usr/bin/env WINBINDD_SOCKET_DIR=/var/cache/smb.domainA.com/ /usr/bin/ntlm_auth --configfile=/opt/nac/radius/raddb/smb.domainA.com --request-nt-key --username=ntlmpeap --domain=DOMAINA.COM --password=Password interpret_interface: Adding interface 10.54.20.180/255.255.255.0 added interface 10.54.20.180/25 ip=10.54.20.180 bcast=10.54.20.255 netmask=255.255.255.0 lp_load_ex: refreshing parameters Initialising global parameters Processing section "[global]" interpret_interface: Adding interface 10.54.20.180/255.255.255.0 added interface 10.54.20.180/25 ip=10.54.20.180 bcast=10.54.20.255 netmask=255.255.255.0 lp_load_ex: refreshing parameters Initialising global parameters Processing section "[global]" interpret_interface: Adding interface 10.54.20.180/255.255.255.0 added interface 10.54.20.180/25 ip=10.54.20.180 bcast=10.54.20.255 netmask=255.255.255.0 could not obtain winbind separator! Reading winbind reply failed! (0x01) : (0x0) Looking for some solution / suggestion or anything. Would be much appreicated! Thank you!