The Samba-Bugzilla – Bug 10066
winbindd does not honor socket directory options in smb.conf
Last modified: 2017-01-03 08:44:45 UTC
While trying to set up a test installation of samba on my development CentOS 6.4 machine, I needed to install it alongside the system samba. I did this by building samba with --prefix=/opt.
This led to the freshly built winbind putting its pipes in /opt/samba as expected. Also expected was the associated breakage for ID lookups (that worked with the system samba).
However I thought to use the socket options in smb.conf to let my new winbind use the old locations, but that turned out not to work:
[stijn@pclinvir028] </opt/samba/bin> ./testparm -v | grep winbindd
winbindd socket directory = /var/run/winbindd
winbindd privileged socket directory = /var/lib/samba/winbindd_privileged
[stijn@pclinvir028] </opt/samba/bin> ls -ld /var/run/winbindd /var/lib/samba/winbindd_privileged
drwxr-x---. 2 root root 4096 Aug 2 11:30 /var/lib/samba/winbindd_privileged/
drwxr-xr-x. 2 root root 4096 Aug 2 11:22 /var/run/winbindd/
[stijn@pclinvir028] </opt/samba/bin> sudo ls -l /var/run/winbindd /var/lib/samba/winbindd_privileged
[stijn@pclinvir028] </opt/samba/bin> sudo find /opt/samba -name pipe
This is with a checkout of v4-0-stable built from source.
FWIW I worked around it by replacing /lib64/libnss_winbind.so.2 with the freshly built copy, thus ensuring that the library used the --prefix I compiled with.
that option is unfortunately only used by winbind4 that is used by the "samba" daemon, not by the winbind daemon. we know this is highly confusing to have one aet of winbind parameters documented and have two different winbind versions that take very different parameters. andrew has plans to merge the two, which will make go away confusions like this hopefully.
Created attachment 12788 [details]
patch for master
"winbindd socket directory" is honoured, but "winbindd privileged socket directory" is not, and has not been in any configuration since we moved to just using the source3 winbindd with Samba 4.3.
We need to remove the manpage entry (and so the config option) for "winbindd privileged socket directory" and the associated stuff. Patch attached, submitted to samba-technical for master.