[Samba] Second DC doesn't recognize users/groups on getent

Rowland Penny rowlandpenny241155 at gmail.com
Tue Oct 13 15:10:46 UTC 2015 

On 13/10/15 15:48, mathias dufresne wrote:
> Yep, I understood reading Sketch's mail, my bad, I replied to quickly doing
> something else...
>
> 2015-10-13 16:27 GMT+02:00 Guilherme Boing <kolt+samba at frag.com.br>:
>
>> Yup, compiled it myself and did not change the path.
>> The query to the ldb returned the same thing on both DC1 and DC2.
>>
>> DNS and /etc/hosts are also fine, DC1 dns points to DC2 and DC2 to DC1.
>> Everything seems to be completely fine...
>>
>> I was looking into this issue because I was doing the sysvol replication
>> and noticed that the sysvol path had a '300000' as the group owner on DC2,
>> where on DC1 30000 translates to 'BUILTIN\administrators'.
>>
>> DC1:
>> drwxrwx---+ 3 root BUILTIN\administrators     31 Ago 24 08:01 sysvol
>>
>> DC2:
>> drwxrwx---+ 3 root 3000000     31 Aug 24 08:02 sysvol
>>
>> (SELinux is disabled btw)
>>
>> Not sure if this is going to break anything or not.
>>
>> @mathias,
>>
>> I didn't forgot to join, otherwise the DC wouldn't work. The DC2 *seems* to
>> be working just fine.
>> showrepl doesn't popup any error and is listed as a Domain Controller on
>> ADUC.
>>
>>
>> On Tue, Oct 13, 2015 at 11:10 AM, Sketch <smblist at rednsx.org> wrote:
>>
>>> On Tue, 13 Oct 2015, Guilherme Boing wrote:
>>>
>>> I should also mention that Samba 4.3.0 was installed from tarball, I
>>>> compiled it myself.
>>>>
>>>> DC2 does not have the /var/lib/samba/private/sam.ldb file. Also it did
>> not
>>>> return any result on DC1.
>>>>
>>>> I wonder why DC1 has the /var/lib/samba/private/sam.ldb file and DC2
>> does
>>>> not.
>>>>
>>> If you compiled it yourself and didn't change the path, the default path
>>> for the private dir is /usr/local/samba/private.  Most
>>> distributions/packagers use /var/lib/samba/private instead.
>>>
>>> The only other thing beyond what's already been suggested to check that I
>>> can think of is to make sure /etc/hosts and /etc/resolv.conf are set up
>>> properly.  Make sure your hostname points to your DNS IP and not
>> 127.0.0.1
>>> in /etc/hosts, and make sure /etc/resolv.conf points at your domain
>>> controllers' DNS.  DC2 should point to DC1 as it's first DNS server (and
>>> vice versa, once DC2 is working properly).
>>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>

OK, so you compiled samba yourself, this means that (unless you told 
configure otherwise) everything ends up in /usr/local/samba, that's why 
your path to sam.ldb is different to mine.

Anyway, if you have the same info in AD on both DCs (as you should) and 
you are getting different results on each DC, then this is very probably 
not going to be a Samba problem. You need to compare the setup on the 
DCs to see where, if anywhere, they differ.

Rowland

More information about the samba mailing list