[Samba] Second DC doesn't recognize users/groups on getent
Guilherme Boing
kolt+samba at frag.com.br
Tue Oct 13 14:00:19 UTC 2015
Hello Rowland,
I should also mention that Samba 4.3.0 was installed from tarball, I
compiled it myself.
DC2 does not have the /var/lib/samba/private/sam.ldb file. Also it did not
return any result on DC1.
However, using /usr/local/samba/private/sam.ldb, both DCs returned the same
thing:
# returned 4 records
# 1 entries
# 3 referrals
I wonder why DC1 has the /var/lib/samba/private/sam.ldb file and DC2 does
not.
Regarding the sssd issue, I am not really using sssd. sssd is not even
running, I believe when I first installed Samba through yum, it installed
itself there. Still, I have removed sss from nsswitch on both DCs.
On Tue, Oct 13, 2015 at 10:45 AM, Rowland Penny <
rowlandpenny241155 at gmail.com> wrote:
> On 13/10/15 14:19, Guilherme Boing wrote:
>
>> Hello,
>>
>> I just realized that my second DC does not recognize the users from the
>> AD.
>> wbinfo -u/-g are working just fine.
>>
>> [root at dc1 ~]# id bruno.castro
>> uid=10004(POL\bruno.castro) gid=100(users)
>> grupos=100(users),10001(POL\ti),3000009(BUILTIN\users)
>>
>> [root at dc2 ~]# id bruno.castro
>> id: bruno.castro: no such user
>>
>> [root at dc1 ~]# wbinfo -i bruno.castro
>> POL\bruno.castro:*:10004:100:Bruno de
>> Castro:/home/POL/bruno.castro:/bin/bash
>>
>> [root at dc2 ~]# wbinfo -i bruno.castro
>> POL\bruno.castro:*:10004:100:Bruno de
>> Castro:/home/POL/bruno.castro:/bin/bash
>>
>> nsswitch.conf is fine, both dcs are like this:
>> passwd: files sss winbind
>> shadow: files sss winbind
>> group: files sss winbind
>>
>>
>> smb.conf is the same on both DCs (except for the netbios name, where DC1
>> is
>> DC1 and DC2 is DC2)
>> # Global parameters
>> [global]
>> workgroup = POL
>> realm = POLE.ONLINE
>> netbios name = DC1
>> server role = active directory domain controller
>> dns forwarder = 192.168.22.180
>> log level = 3
>> template shell = /bin/bash
>> idmap_ldb:use rfc2307 = yes
>> allow dns updates = nonsecure
>>
>> [netlogon]
>> path = /usr/local/samba/var/locks/sysvol/pole.online/scripts
>> read only = No
>>
>> [sysvol]
>> path = /usr/local/samba/var/locks/sysvol
>> read only = No
>>
>> drs showrepl also does not prompt any error on both sides.
>>
>> What am I missing ?
>> Not sure if it matters, but DC1 has 4 winbindd proccess running while DC2
>> has only 3.
>> Also noticed from log.winbindd on DC1 that whenever I do 'id brunocastro',
>> the system is properly asking winbindd for the user, while on DC2 it does
>> not happen.
>>
>> Both DCs are running CentOS 7 and Samba 4.3.0.
>>
>
> Hi, does running this:
>
> ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=pole,dc=online" -s sub
> "(&(objectClass=user)(sAMAccountName=bruno.castro))"
>
> on both DCs, produce the same output?
> It should,
>
> Also, unless you are using sssd for sudo or autofs etc you do not need it
> in /etc/nsswitch.conf if you are also using winbind. As it is setup, sssd
> will respond before winbind, so this may not be a winbind problem, it could
> be an sssd problem.
>
> Rowland
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list