Dne 7.1.2019 v 12:36 Miroslav Geisselreiter napsal(a):
Dne 5.1.2019 v 0:46 Gordon Messmer napsal(a):
On 1/3/19 11:46 PM, Miroslav Geisselreiter wrote:
Previously I deleted all files from /var/lib/samba, than set ldap admin password: smbpasswd -W Than I re-join DC, it did not help.
Shame. I'm not really sure what else to try, beyond my previous suggestion that it doesn't make sense to be both a domain member and use an ldap passdb backend.
Try reverting the configuration file to the last known-good state. Leave the domain. Change "security = user". I'd expect that your system would work without any interactions with the DC.
I found some solution which solve only part of my problem and is not very "clean".
When I run winbind with these options client which are member of my NT4DOMAIN are now able to mout smb shares from NT4MEMBER server:
# winbindd -i -d 3 -S -n --option="netbios name"=NT4DOMAIN --option="ntlm auth"=yes
option "netbios name"=NT4DOMAIN overwrites this option from smb.conf: "netbios name"=NT4MEMBER
Nevertheless I am not able to mount smb shares from clients which are not members of NT4DOMAIN.
SOLVED:
I had to change only two parameters in smb.conf: security = user ntlm auth = yes
Everything works now like before upgrade and I do not even run winbind daemon.
Thanks to all for help and hints.