[Samba] Second DC doesn't recognize users/groups on getent
mathias dufresne
infractory at gmail.com
Tue Oct 13 14:15:15 UTC 2015
No /var/lib/samba/private/sam.ldb -> you should have forgotten to perform
the samba-tool domain join command. No?
2015-10-13 16:00 GMT+02:00 Guilherme Boing <kolt+samba at frag.com.br>:
> Hello Rowland,
>
> I should also mention that Samba 4.3.0 was installed from tarball, I
> compiled it myself.
>
> DC2 does not have the /var/lib/samba/private/sam.ldb file. Also it did not
> return any result on DC1.
> However, using /usr/local/samba/private/sam.ldb, both DCs returned the same
> thing:
>
> # returned 4 records
> # 1 entries
> # 3 referrals
>
> I wonder why DC1 has the /var/lib/samba/private/sam.ldb file and DC2 does
> not.
>
> Regarding the sssd issue, I am not really using sssd. sssd is not even
> running, I believe when I first installed Samba through yum, it installed
> itself there. Still, I have removed sss from nsswitch on both DCs.
>
>
> On Tue, Oct 13, 2015 at 10:45 AM, Rowland Penny <
> rowlandpenny241155 at gmail.com> wrote:
>
> > On 13/10/15 14:19, Guilherme Boing wrote:
> >
> >> Hello,
> >>
> >> I just realized that my second DC does not recognize the users from the
> >> AD.
> >> wbinfo -u/-g are working just fine.
> >>
> >> [root at dc1 ~]# id bruno.castro
> >> uid=10004(POL\bruno.castro) gid=100(users)
> >> grupos=100(users),10001(POL\ti),3000009(BUILTIN\users)
> >>
> >> [root at dc2 ~]# id bruno.castro
> >> id: bruno.castro: no such user
> >>
> >> [root at dc1 ~]# wbinfo -i bruno.castro
> >> POL\bruno.castro:*:10004:100:Bruno de
> >> Castro:/home/POL/bruno.castro:/bin/bash
> >>
> >> [root at dc2 ~]# wbinfo -i bruno.castro
> >> POL\bruno.castro:*:10004:100:Bruno de
> >> Castro:/home/POL/bruno.castro:/bin/bash
> >>
> >> nsswitch.conf is fine, both dcs are like this:
> >> passwd: files sss winbind
> >> shadow: files sss winbind
> >> group: files sss winbind
> >>
> >>
> >> smb.conf is the same on both DCs (except for the netbios name, where DC1
> >> is
> >> DC1 and DC2 is DC2)
> >> # Global parameters
> >> [global]
> >> workgroup = POL
> >> realm = POLE.ONLINE
> >> netbios name = DC1
> >> server role = active directory domain controller
> >> dns forwarder = 192.168.22.180
> >> log level = 3
> >> template shell = /bin/bash
> >> idmap_ldb:use rfc2307 = yes
> >> allow dns updates = nonsecure
> >>
> >> [netlogon]
> >> path = /usr/local/samba/var/locks/sysvol/pole.online/scripts
> >> read only = No
> >>
> >> [sysvol]
> >> path = /usr/local/samba/var/locks/sysvol
> >> read only = No
> >>
> >> drs showrepl also does not prompt any error on both sides.
> >>
> >> What am I missing ?
> >> Not sure if it matters, but DC1 has 4 winbindd proccess running while
> DC2
> >> has only 3.
> >> Also noticed from log.winbindd on DC1 that whenever I do 'id
> brunocastro',
> >> the system is properly asking winbindd for the user, while on DC2 it
> does
> >> not happen.
> >>
> >> Both DCs are running CentOS 7 and Samba 4.3.0.
> >>
> >
> > Hi, does running this:
> >
> > ldbsearch -H /var/lib/samba/private/sam.ldb -b "dc=pole,dc=online" -s sub
> > "(&(objectClass=user)(sAMAccountName=bruno.castro))"
> >
> > on both DCs, produce the same output?
> > It should,
> >
> > Also, unless you are using sssd for sudo or autofs etc you do not need it
> > in /etc/nsswitch.conf if you are also using winbind. As it is setup, sssd
> > will respond before winbind, so this may not be a winbind problem, it
> could
> > be an sssd problem.
> >
> > Rowland
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list