[Samba] problem with samba4
Mario Pio Russo
mariopiorusso at ie.ibm.com
Thu Sep 24 13:41:00 UTC 2015
Good day all
I have a recurrent issue with winbind/samba4.
The environment is this:
I have 1 samba file share server based on samba 4.1.17, installed on Debian
Jessie latest release (8.0.2). This samba file shares uses Active Direcotry
as authentication. The AD Domain Controller is based on samba 4.2.3-7
installed on Ubuntu 14-04.
The access to the shares is granted via ACL. Every share has access
permission to a specific domain group. I use winbind in order to map domain
groups into local groups.
As general rule, all seems to work pretty fine. The only really repeating
issue is that winbind do not retain its domain-local group association
exactlly every 6 hrs and 15 minutes.
This means that the access to the shares is impossible as no domain group
is recognized anymore on the file share server.
This is evident also by running getent group: When all goes fine, I can see
the domain groups form getent, when the winbind does not have the
association, getent returns only the local groups.
The only solution at that point is to restart winbind. At the moment I have
a workaround: a script monitors the getent group command and when it does
not return domain groups, it restarts winbind and sends me an email.
questions are: is there any way to resolve this issue? is this issue
somehow related to the cache? is there a way to make sure winbind refresh
itself or its own cache?
Any help is much appreciated!!!!
thanks in advance
More information about the samba
mailing list