[Samba] Unable to contact RPC server on a new DC
Andrey Repin
anrdaemon at yandex.ru
Thu Nov 9 02:18:33 UTC 2023
Greetings, Rowland Penny via samba!
>>
>> > winbind enum groups = Yes
>> > winbind enum users = Yes
>> > winbind nss info = rfc2307
>> > winbind use default domain = Yes
>> > idmap config darkdragon : unix_nss_info = yes
>> > idmap config darkdragon : unix_primary_group = yes
>> > idmap config darkdragon : range = 2048-131071
>> > idmap config darkdragon : schema_mode = rfc2307
>> > idmap config darkdragon : backend = ad
>> > idmap config * : range = 1024-2047
>> > idmap config * : schema_mode = rfc2307
>> > idmap config * : backend = tdb
>> > store dos attributes = Yes
>> > vfs objects = dfs_samba4 acl_xattr
>>
>> I agree that most of these either defaults or irrelevant for a DC. I
>> mostly keep them for self-reference.
> Then I suggest you just comment them out, you definitely shouldn't have
> the 'idmap config' lines in a DC smb.conf
I think I understand what was going on. Previously, Samba DC wasn't using
Winbind even if configured. It seems, this is no longer the case.
Commenting out winbind configuration restored normal users authentication,
so far.
>> What about errors I see on the DC? Can we first try to fix these?
>> Internet results only telling that "cleaning up the DB helps" without
>> much of any useful info.
>>
>>
> Get rid of the extraneous parameters in your DC smb.conf and your
> problems may just go away.
The error in log.samba (about failed DNS update due to duplicated record) is
still actual. Any pointers about resolving it?
--
With best regards,
Andrey Repin
Thursday, November 9, 2023 02:33:46
Sorry for my terrible english...
More information about the samba
mailing list