Public bug reported:
I have installed samba, winbind, libpam-winbind, libnss-winbind,
kerberos, etc. so that I am able to in principle connect to a Windows
Server 2008 R2 active directory controller for AD based logins from
Ubuntu. I am able to use wbinfo -i, wbinfo -u, wbinfo -g to get the list
of users and see that the connection to the server is working. My
smb.conf is also configured for winbind user enum = yes, so that getent
passwd and getent group lists those from the server machine (implying
nsswitch.conf is also correct).
I don't know how to get winbind to start automatically on startup and
the apt install scripts didn't do this as expected.
The problem is, on startup of Ubuntu 16.04, the winbind service is not
started. This prevents logging in via the console, or the lightdm
manager with a domain user name and password.
I see that:
root@leon-ubuntu:/run/systemd/generator.late# systemctl status winbind
● winbind.service - LSB: start Winbind daemon
Loaded: loaded (/etc/init.d/winbind; bad; vendor preset: enabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
root@leon-ubuntu:/run/systemd/generator.late# service winbind status
● winbind.service - LSB: start Winbind daemon
Loaded: loaded (/etc/init.d/winbind; bad; vendor preset: enabled)
Active: inactive (dead)
Docs: man:systemd-sysv-generator(8)
root@leon-ubuntu:/run/systemd/generator.late# systemctl enable winbind.service
winbind.service is not a native service, redirecting to systemd-sysv-install
Executing /lib/systemd/systemd-sysv-install enable winbind
insserv: warning: current start runlevel(s) (empty) of script `winbind'
overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script `winbind'
overrides LSB defaults (0 1 6).
insserv: pushd() can not change to directory /etc/init.d: No such file or
directory
update-rc.d: error: insserv rejected the script header
I see no particular log entries in /var/log on startup, so it appears
confirmed that Ubuntu doesn't start winbind on startup as one would
expect.
If I am to manually start the winbind service with:
# service winbind start
then logging in works fine and everything is good and works as expected.
or with:
# systemctl winbind start
● winbind.service - LSB: start Winbind daemon
Loaded: loaded (/etc/init.d/winbind; bad; vendor preset: enabled)
Active: active (running) since Mi 2016-03-30 21:10:34 CEST; 38s ago
Docs: man:systemd-sysv-generator(8)
Process: 3841 ExecStart=/etc/init.d/winbind start (code=exited, status=0/SUCCE
Tasks: 2 (limit: 512)
CGroup: /system.slice/winbind.service
├─3860 /usr/sbin/winbindd -d10
└─3861 /usr/sbin/winbindd -d10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: msdfs: 10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: dmapi: 10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: registry: 10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: scavenger: 10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: dns: 10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: ldb: 10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: tevent: 10
Mär 30 21:10:34 leon-ubuntu winbind[3841]: Maximum core file size limits now 167
Mär 30 21:10:34 leon-ubuntu winbind[3841]:...done.
Mär 30 21:10:34 leon-ubuntu systemd[1]: Started LSB: start Winbind daemon.
The relevant configuration of nsswitch.conf:
passwd: compat winbind
group: compat winbind
shadow: compat
The relevant configuration of smb.conf:
[global]
realm = HOME.LAN
workgroup = HOME
security = ADS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
netbios name = leon-ubuntu
dns proxy = no
#idmap uid = 1-2
#idmap gid = 1-2
idmap config *:backend = tdb
idmap config *:range = 2000-
idmap config HOME:backend = rid
idmap config HOME:schema_mode = rfc2307
idmap config HOME:range = 1-9
idmap config HOME:default = yes
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind refresh tickets = yes
winbind normalize names = yes
store dos attributes = yes
vfs objects = acl_xattr
map acl inherit = yes
name resolve order = bcast host lmhosts wins
template shell = /bin/bash
template homedir = /home/%U
client use spnego = yes
client ntlmv2 auth = yes
encrypt passwords = yes
restrict anonymous = 2
usershare max shares = 100
usershare allow guests = yes
The results of the file /run/systemd/generator.late/winbind.service is:
# Automatically generated by systemd-sysv-generator
[Unit]
Documentation=man:systemd-sysv-generator(8)
SourcePath=/etc/init.d/winbind
Description=LSB: start Winbind daemon
Before=shutdown.target
After=network-online.target
After=remote-fs.target
After=systemd-journald-dev-log.socket
After=samba.service
Wants=network-online.target
Conflicts=shutdown.target