I installed Samba 3.4.6 binaries on RHEL 5.0. smb.conf: # Samba config file created using SWAT # from UNKNOWN (127.0.0.1) # Date: 2010/03/06 16:31:09 [global] workgroup = EXAMPLEDM realm = EXAMPLEDM.COM netbios name = EXAMPLE-34 server string = Samba Server Version %v security = ADS password server = example-86.exampledm.com username map = /etc/samba/smbusers log level = 3 socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 local master = No domain master = No dns proxy = No wins server = example-86.exampledm.com idmap uid = 10000-20000 idmap gid = 10000-20000 template shell = /bin/bash winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes cups options = raw [homes] comment = Home Directories read only = No browseable = No browsable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No browsable = No [test] path = /test write list = +Administrator read only = No guest ok = Yes /etc/pam.d/samba: #%PAM-1.0 auth sufficient pam_winbind.so account sufficient pam_winbind.so password sufficient pam_winbind.so auth required pam_stack.so service=system-auth account required pam_stack.so service=system-auth The server REDHAT-34 was joined to the Active Directory domain EXAMPLEDM. The commands kinit, net ads user, etc. worked fine. However, I cannot start winbindd from the script /etc/rc.d/init.d/winbind. The error messages in the log were: [2010/03/06 10:24:18, 0] lib/util_sock.c:1790(create_pipe_sock) bind failed on pipe socket /tmp/.winbindd/pipe: Permission denied [2010/03/06 10:24:18, 0] winbindd/winbindd.c:1406(main) winbindd_setup_listeners() failed When I ran "/usr/sbin/winbindd" directly, the winbindd processes were started. However, I was not able to connect to the samba server as an AD user: [root@example-34 samba]# smbclient -L example-34 -U awang Enter awang's password: session setup failed: NT_STATUS_LOGON_FAILURE I did strace on the smbd processes and found the following in the strace output: lstat64("/tmp/.winbindd", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 lstat64("/tmp/.winbindd/pipe", 0xbf9c30ec) = -1 EACCES (Permission denied) What went wrong? Any help would be very much appreciated.
Additional info: wbinfo worked fine after winbindd was started from /usr/sbin/winbindd. Connection from a Windows machine as well as smbclient on the local host failed.
99% this is a selinux problem. Please disable it and retry. Closing this bug as INVALID because this probably not a Samba bug. Please re-open if it still happens without selinux. Thanks, Volker
On RHEL the winbind socket is placed in /var/run/winbind and the selinux policy is build to label that directory. See the RHEL packages for the patch that changes the place where the pipes are made available. Or make sure you change your policy to relabel /tmp/.winbind
Setting SELinux to permissive mode solved the problems. Closing.