[Samba] Second DC doesn't recognize users/groups on getent
Guilherme Boing
kolt+samba at frag.com.br
Tue Oct 13 13:19:30 UTC 2015
Hello,
I just realized that my second DC does not recognize the users from the AD.
wbinfo -u/-g are working just fine.
[root at dc1 ~]# id bruno.castro
uid=10004(POL\bruno.castro) gid=100(users)
grupos=100(users),10001(POL\ti),3000009(BUILTIN\users)
[root at dc2 ~]# id bruno.castro
id: bruno.castro: no such user
[root at dc1 ~]# wbinfo -i bruno.castro
POL\bruno.castro:*:10004:100:Bruno de
Castro:/home/POL/bruno.castro:/bin/bash
[root at dc2 ~]# wbinfo -i bruno.castro
POL\bruno.castro:*:10004:100:Bruno de
Castro:/home/POL/bruno.castro:/bin/bash
nsswitch.conf is fine, both dcs are like this:
passwd: files sss winbind
shadow: files sss winbind
group: files sss winbind
smb.conf is the same on both DCs (except for the netbios name, where DC1 is
DC1 and DC2 is DC2)
# Global parameters
[global]
workgroup = POL
realm = POLE.ONLINE
netbios name = DC1
server role = active directory domain controller
dns forwarder = 192.168.22.180
log level = 3
template shell = /bin/bash
idmap_ldb:use rfc2307 = yes
allow dns updates = nonsecure
[netlogon]
path = /usr/local/samba/var/locks/sysvol/pole.online/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
drs showrepl also does not prompt any error on both sides.
What am I missing ?
Not sure if it matters, but DC1 has 4 winbindd proccess running while DC2
has only 3.
Also noticed from log.winbindd on DC1 that whenever I do 'id brunocastro',
the system is properly asking winbindd for the user, while on DC2 it does
not happen.
Both DCs are running CentOS 7 and Samba 4.3.0.
More information about the samba
mailing list