[Samba] Debugging Samba is a total PITA and this needs to improve
Sven Schwedas
sven.schwedas at tao.at
Tue May 21 14:43:56 UTC 2019
On 21.05.19 16:15, L.P.H. van Belle via samba wrote:
>> Since Cyrus IMAPD cannot query LDAP for group memberships, we
>> need this to make shared folders work with groups on our mail servers.
>> Useless on this machine, yes, but w/e, we're not seeing any performance issues.
> Huh... Doesn't this work something like : you can put this in idmap.conf
It should work that way, but the current release has a few bugs related
to it, and we still need to have working group ACLs until that's working.
>>> You see this note from the script:
>>> Running as Unix domain member and no user.map detected.
>>>
>>> Where is you user mapping? You dont use SePrivileges?
>>> Now its not wrong and possible to run it without, but it is
>> much more work to setup correctly for this.
>>
>> Where's this documented?
> https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
No, I mean SePrivileges in general. What would I want them for?
>>> Windows and it updates are moving fast
>>
>> Sure, but not really relevant here, since the member server broke
>> authentication for all client OSes, not just Windows clients.
>> `smbclient
>> -L //localhost` and `wbinfo -a` are just as broken on that
>> member server.
>
> smbclient -L //localhost ???? Come on...
It has the same results as Windows Explorer and wbinfo -a.
> I'm always amazed how a "localhost" test is compaired with a client (remote) test.
> Again , localhost =! Hostname
>
> smbclient -L //hostname.fdqn
> smbclient -L //hostname
Same results: Some users work, some don't. Same users affected.
>> Given that DRS replication and DNS are so broken, what'd be the best
>> approach for that? Nuke all DCs except the FSMO role holder,
>> update that
>> one, then add new DCs? Or just export all LDAP data and start
>> over from a clean 4.10 setup?
>
> I dont think its broken, i think its functioning wrong due to wrong settings.
Yes, you always think that. ;)
> Yes, clean setup is nice but not needed really.
>
> Make sure you review and have smb.conf adjusted to the version of samba your willing to run.
> Review: https://wiki.samba.org/index.php/Updating_Samba
Sure, that says:
> Verify that the directory replication between all DCs is working correctly:
That's already broken before the update:
https://up.tao.at/u/samba/graz-dc-sem.txt (FSMO role holder)
https://up.tao.at/u/samba/graz-dc-1b.txt
https://up.tao.at/u/samba/villach-dc-1a.txt
https://up.tao.at/u/samba/villach-dc-bis.txt
Similarly, if I do "samba-tool dbcheck --cross-ncs" without yet
upgrading, to see in what state the DBs are:
https://up.tao.at/u/samba/graz-dc-sem-dbcheck.txt
https://up.tao.at/u/samba/graz-dc-1b-dbcheck.txt
https://up.tao.at/u/samba/villach-dc-1a-dbcheck.txt
https://up.tao.at/u/samba/villach-dc-bis-dbcheck.txt
Doesn't look particularly healthy to me.
--
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas at tao.at | ☎ +43 680 301 7167
TAO Digital | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45 | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz | https://www.tao-digital.at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba/attachments/20190521/e0da54d3/signature.sig>
More information about the samba
mailing list