[Pkg-samba-maint] Bug#862580: Bug #862580: Winbind crashes on ssh login of a domain user.
c2h5oh at web.de
Fri May 19 18:41:07 UTC 2017
Hello Louis and Mathieu,
thanks for your fast reply.
I'm using 2:4.5.8+dfsg amd64 from stretch and my Debian machines are
members of a Windows 2008R2 DC Active Directory ("net ads join ...")
with a single server and about 100 Windows 7 members and 40 Debian
members. ("Server role: ROLE_DOMAIN_MEMBER")
I followed the guide from
and changed some settings in smb.conf to fix certain issues after
reading 'man smb.conf' (and various online sources from forums, howtos,
tutorials, up to https://www.samba.org/samba/docs/* and
Samba configuration worked acceptable for jessie: about 3 to 8 login
issues a day with 40+ Computers and about 60-70 domain logins.
Testparm dumps the following service definitions (without shares):
# Global parameters
realm = WORK.COMPANY
workgroup = WORK
domain master = No
local master = No
os level = 0
preferred master = No
client ldap sasl wrapping = seal
log file = /var/log/samba/winbind-debug.log
name resolve order = lmhosts host bcast
password server = 172.16.0.1 *
restrict anonymous = 2
security = ADS
template shell = /bin/bash
winbind enum groups = Yes
winbind enum users = Yes
winbind refresh tickets = Yes
winbind use default domain = Yes
idmap config * : range = 11000-20000
idmap config * : backend = tdb
There are some things missing in testparms output, that are in smb.conf:
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
log level = 2 winbind:3
template homedir = /home/%D/%U
"The setting 'security=ads' should NOT be combined with the 'password
Since I had problems with WINS and name resolution (e.g. failing
nmblookup) I decided to use 'password server' anyway and to remove WINS.
I'm only using the tdb backend since SID/uid/gid mapping is not that
important for me (I work with temporary user accounts and all user data
is stored on the Windows 2008R2 DC in NTFS shares). Homedirs of domain
users are created with pam_mkhomedir and deleted on logout.
The range starts with 11000 because I had different backends some time
ago, but that has been before I installed the current machine.
I would like to test samba-4.5.9 or samba-4.6 (or at least the new
testparm), but I didn't build samba from sources before.
Thanks for your interest,
More information about the Pkg-samba-maint