[Samba] Linux Workstation x SMB4 DC

Rowland Penny rowlandpenny241155 at gmail.com
Wed Aug 5 20:12:07 UTC 2015 

On 05/08/15 20:57, Jefferson B. Limeira wrote:
> Em 2015-08-05 16:13, Rowland Penny escreveu:
>> On 05/08/15 19:55, Jefferson B. Limeira wrote:
>>>
>>> I'm using CentOS 6.5 in all computers, workstations and servers. 
>>> Samba 4.2.3, compiled last night.
>>>
>>> I wrote a script that connect at some workstations and run 'time id 
>>> teste', the result:
>>>
>>> # ./exec.sh  |grep ^real
>>> real    0m1.944s
>>> real    0m0.051s
>>> real    0m1.843s
>>> real    0m1.798s
>>> real    0m18.236s
>>> real    0m1.756s
>>> real    0m1.769s
>>> real    0m2.092s
>>> real    0m1.952s
>>> real    0m1.954s
>>> real    0m17.588s
>>> real    0m4.841s
>>> real    1m48.618s
>>> real    1m38.985s
>>> real    2m1.186s
>>> real    1m17.514s
>>> real    1m43.024s
>>> real    1m27.757s
>>> real    1m29.072s
>>>
>>
>> That is not slow, it is glacial :-)
>>
>>> From a certain moment, all workstation have increased response time. 
>>> At this moment, you believe in a problem on workstation configuration?
>>>
>>
>> There is something definitely wrong, but what ?
>>
>>> I set log level = 9 in smb.conf and restart winbind.
>>> A great time gap occurred after 'getpwnan teste' between 15:40:27 
>>> and 15:41:02
>>>
>>> [2015/08/05 15:40:27.870746,  3] 
>>> winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>>>   getpwnam teste
>>> [2015/08/05 15:41:02.906043,  6] 
>>> winbindd/winbindd.c:822(new_connection)
>>>   accepted socket 22
>>> [2015/08/05 15:41:02.906169,  3] 
>>> winbindd/winbindd_misc.c:384(winbindd_interface_version)
>>>   [ 2321]: request interface version
>>> [2015/08/05 15:41:02.906332,  3] 
>>> winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
>>>   [ 2321]: request location of privileged pipe
>>> [2015/08/05 15:41:02.906529,  6] 
>>> winbindd/winbindd.c:822(new_connection)
>>>   accepted socket 28
>>> [2015/08/05 15:41:02.906628,  6] 
>>> winbindd/winbindd.c:870(winbind_client_request_read)
>>>   closing socket 22, client exited
>>> [2015/08/05 15:41:02.906702,  3] 
>>> winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>>>   getpwnam teste
>>> [2015/08/05 15:41:19.232330,  5] 
>>> winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>>>   Could not convert sid 
>>> S-1-5-21-3802641769-3585385758-3926675344-500: 
>>> NT_STATUS_SERVER_DISABLED
>>>
>>
>> Hmm, 'S-1-5-21-3802641769-3585385758-3926675344-500' is the SID-RID
>> for 'Administrator' and 'NT_STATUS_SERVER_DISABLED' probably means
>> what it says.
>>
>> OK, how did you compile samba?
>> Why did you compile samba 4.2.3, it is available from Sernet.
>>
>> How are you starting samba on the various machines ?
>> Can you post the smb.conf from the DCs and the servers etc ?
>>
>> Can you check that the following daemons are running:
>>
>> DC: samba, smbd, winbindd
>> workstation or member server: smbd, nmbd, winbindd
>>> Sorry for my English.
>>>
>>
>> Never apologise for your English, as a native English speaking person,
>> I am honoured that you have taken the time to learn my language, I, on
>> the other hand, do not speak any other languages.
>>
>> Rowland
>
> I will try Sernet packages, its possible use/import my actual ldap 
> database?

Never tried it, but as the sernet packages use the same directory layout 
as the OS packages (well, the Debian ones at least) and everything 
important is in /var/lib/samba, you could try (on a test machine) 
backing up everything, install the sernet packages and putting the 
required files into the correct place (I am sure that some nice person 
on here can supply a directory listing for /var/lib/samba on Centos)

>
> Servers means DCs, ok?

Well possibly :-)
DC = Domain Controller, which is also a type of server, but then again, 
there are fileservers, member servers and print servers, not to mention 
workstations
> I actually have two DCs. Here is my smb.conf on a DC:
>
> $ cat /usr/local/samba/etc/smb.conf
> # Global parameters
> [global]
>     workgroup = BP
>     realm = BP.NET
>     netbios name = SRVSMB4-PDC
>     server role = active directory domain controller
>     dns forwarder = 192.168.200.1
>     idmap_ldb:use rfc2307 = yes
>     log level = 3
>
> [netlogon]
>     path = /usr/local/samba/var/locks/sysvol/bp.net/scripts
>     read only = No
>
> [sysvol]
>     path = /usr/local/samba/var/locks/sysvol
>     read only = No
>
> But on workstations I only have started winbind.
>

OK, the DC smb.conf is correct and I take it that you started the 
'samba' process on the DC, this in turn will have started the 'smbd' & 
'winbindd' processes automatically.

With the other servers (fileserver, print server, member server, 
workstation etc) you need to start the 'smbd', 'nmbd' and 'winbindd' 
processes, just starting the 'winbindd' process by itself is not enough.

Rowland

More information about the samba mailing list