Samba Team announced that domain member setups must use winbindd in 4.8.0: https://www.samba.org/samba/history/samba-4.8.0.html in 2018.
In order to accept AD Kerberos authentication you need to configure the server as domain member with 'security = ads' and without 'server role = standalone server'. In your case you most likely want to configure idmap_nss (see man idmap_nss) and run winbindd, but without nss_winbind. Note the above implies the patches from https://bugzilla.samba.org/show_bug.cgi?id=14901 are included. Unrelated here but the patch from https://bugzilla.samba.org/show_bug.cgi?id=14899 should also be applied. ** Bug watch added: Samba Bugzilla #14901 https://bugzilla.samba.org/show_bug.cgi?id=14901 ** Bug watch added: Samba Bugzilla #14899 https://bugzilla.samba.org/show_bug.cgi?id=14899 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1952219 Title: AD-joined Samba Server stops working after upgrade to 4.13.14+dfsg-0ubuntu0.20.04.1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1952219/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
