[Samba] Linux Workstation x SMB4 DC
Rowland Penny
rowlandpenny241155 at gmail.com
Wed Aug 5 20:12:07 UTC 2015
On 05/08/15 20:57, Jefferson B. Limeira wrote:
> Em 2015-08-05 16:13, Rowland Penny escreveu:
>> On 05/08/15 19:55, Jefferson B. Limeira wrote:
>>>
>>> I'm using CentOS 6.5 in all computers, workstations and servers.
>>> Samba 4.2.3, compiled last night.
>>>
>>> I wrote a script that connect at some workstations and run 'time id
>>> teste', the result:
>>>
>>> # ./exec.sh |grep ^real
>>> real 0m1.944s
>>> real 0m0.051s
>>> real 0m1.843s
>>> real 0m1.798s
>>> real 0m18.236s
>>> real 0m1.756s
>>> real 0m1.769s
>>> real 0m2.092s
>>> real 0m1.952s
>>> real 0m1.954s
>>> real 0m17.588s
>>> real 0m4.841s
>>> real 1m48.618s
>>> real 1m38.985s
>>> real 2m1.186s
>>> real 1m17.514s
>>> real 1m43.024s
>>> real 1m27.757s
>>> real 1m29.072s
>>>
>>
>> That is not slow, it is glacial :-)
>>
>>> From a certain moment, all workstation have increased response time.
>>> At this moment, you believe in a problem on workstation configuration?
>>>
>>
>> There is something definitely wrong, but what ?
>>
>>> I set log level = 9 in smb.conf and restart winbind.
>>> A great time gap occurred after 'getpwnan teste' between 15:40:27
>>> and 15:41:02
>>>
>>> [2015/08/05 15:40:27.870746, 3]
>>> winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>>> getpwnam teste
>>> [2015/08/05 15:41:02.906043, 6]
>>> winbindd/winbindd.c:822(new_connection)
>>> accepted socket 22
>>> [2015/08/05 15:41:02.906169, 3]
>>> winbindd/winbindd_misc.c:384(winbindd_interface_version)
>>> [ 2321]: request interface version
>>> [2015/08/05 15:41:02.906332, 3]
>>> winbindd/winbindd_misc.c:417(winbindd_priv_pipe_dir)
>>> [ 2321]: request location of privileged pipe
>>> [2015/08/05 15:41:02.906529, 6]
>>> winbindd/winbindd.c:822(new_connection)
>>> accepted socket 28
>>> [2015/08/05 15:41:02.906628, 6]
>>> winbindd/winbindd.c:870(winbind_client_request_read)
>>> closing socket 22, client exited
>>> [2015/08/05 15:41:02.906702, 3]
>>> winbindd/winbindd_getpwnam.c:56(winbindd_getpwnam_send)
>>> getpwnam teste
>>> [2015/08/05 15:41:19.232330, 5]
>>> winbindd/winbindd_getpwnam.c:137(winbindd_getpwnam_recv)
>>> Could not convert sid
>>> S-1-5-21-3802641769-3585385758-3926675344-500:
>>> NT_STATUS_SERVER_DISABLED
>>>
>>
>> Hmm, 'S-1-5-21-3802641769-3585385758-3926675344-500' is the SID-RID
>> for 'Administrator' and 'NT_STATUS_SERVER_DISABLED' probably means
>> what it says.
>>
>> OK, how did you compile samba?
>> Why did you compile samba 4.2.3, it is available from Sernet.
>>
>> How are you starting samba on the various machines ?
>> Can you post the smb.conf from the DCs and the servers etc ?
>>
>> Can you check that the following daemons are running:
>>
>> DC: samba, smbd, winbindd
>> workstation or member server: smbd, nmbd, winbindd
>>> Sorry for my English.
>>>
>>
>> Never apologise for your English, as a native English speaking person,
>> I am honoured that you have taken the time to learn my language, I, on
>> the other hand, do not speak any other languages.
>>
>> Rowland
>
> I will try Sernet packages, its possible use/import my actual ldap
> database?
Never tried it, but as the sernet packages use the same directory layout
as the OS packages (well, the Debian ones at least) and everything
important is in /var/lib/samba, you could try (on a test machine)
backing up everything, install the sernet packages and putting the
required files into the correct place (I am sure that some nice person
on here can supply a directory listing for /var/lib/samba on Centos)
>
> Servers means DCs, ok?
Well possibly :-)
DC = Domain Controller, which is also a type of server, but then again,
there are fileservers, member servers and print servers, not to mention
workstations
> I actually have two DCs. Here is my smb.conf on a DC:
>
> $ cat /usr/local/samba/etc/smb.conf
> # Global parameters
> [global]
> workgroup = BP
> realm = BP.NET
> netbios name = SRVSMB4-PDC
> server role = active directory domain controller
> dns forwarder = 192.168.200.1
> idmap_ldb:use rfc2307 = yes
> log level = 3
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/bp.net/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> But on workstations I only have started winbind.
>
OK, the DC smb.conf is correct and I take it that you started the
'samba' process on the DC, this in turn will have started the 'smbd' &
'winbindd' processes automatically.
With the other servers (fileserver, print server, member server,
workstation etc) you need to start the 'smbd', 'nmbd' and 'winbindd'
processes, just starting the 'winbindd' process by itself is not enough.
Rowland
More information about the samba
mailing list