[Samba] Second DC doesn't recognize users/groups on getent
Rowland Penny
rowlandpenny241155 at gmail.com
Tue Oct 13 13:45:52 UTC 2015
On 13/10/15 14:19, Guilherme Boing wrote:
> Hello,
>
> I just realized that my second DC does not recognize the users from the AD.
> wbinfo -u/-g are working just fine.
>
> [root at dc1 ~]# id bruno.castro
> uid=10004(POL\bruno.castro) gid=100(users)
> grupos=100(users),10001(POL\ti),3000009(BUILTIN\users)
>
> [root at dc2 ~]# id bruno.castro
> id: bruno.castro: no such user
>
> [root at dc1 ~]# wbinfo -i bruno.castro
> POL\bruno.castro:*:10004:100:Bruno de
> Castro:/home/POL/bruno.castro:/bin/bash
>
> [root at dc2 ~]# wbinfo -i bruno.castro
> POL\bruno.castro:*:10004:100:Bruno de
> Castro:/home/POL/bruno.castro:/bin/bash
>
> nsswitch.conf is fine, both dcs are like this:
> passwd: files sss winbind
> shadow: files sss winbind
> group: files sss winbind
>
>
> smb.conf is the same on both DCs (except for the netbios name, where DC1 is
> DC1 and DC2 is DC2)
> # Global parameters
> [global]
> workgroup = POL
> realm = POLE.ONLINE
> netbios name = DC1
> server role = active directory domain controller
> dns forwarder = 192.168.22.180
> log level = 3
> template shell = /bin/bash
> idmap_ldb:use rfc2307 = yes
> allow dns updates = nonsecure
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/pole.online/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> drs showrepl also does not prompt any error on both sides.
>
> What am I missing ?
> Not sure if it matters, but DC1 has 4 winbindd proccess running while DC2
> has only 3.
> Also noticed from log.winbindd on DC1 that whenever I do 'id brunocastro',
> the system is properly asking winbindd for the user, while on DC2 it does
> not happen.
>
> Both DCs are running CentOS 7 and Samba 4.3.0.
Hi, does running this:
ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=pole,dc=online" -s
sub "(&(objectClass=user)(sAMAccountName=bruno.castro))"
on both DCs, produce the same output?
It should,
Also, unless you are using sssd for sudo or autofs etc you do not need
it in /etc/nsswitch.conf if you are also using winbind. As it is setup,
sssd will respond before winbind, so this may not be a winbind problem,
it could be an sssd problem.
Rowland
More information about the samba
mailing list