[Samba] member server resolv.conf question

Bob of Donelson Trophy bob at donelsontrophy.net
Thu Dec 1 15:20:15 UTC 2016 

Yesterday I was "tailing" a log file (nmbd, I think) and noticed
complaints by my member server that there was another "domain master" at
the ipaddress on my DC1. 

This morning Windows clients are being denied updates to
"116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.) 

I think I have an error in my smb.conf file for this server as I have
had an issue in the past with domian master when I switched from an
older member server to this newer one. 

My smb.conf (slightly sanitized.): 

adminlinux at dtmbr02:~$ cat /etc/samba/smb.conf
[global]
    workgroup = DTDOM
    server string = Samba Server Version %v
    security = ads
    realm = DTSHRM.DT
    use sendfile = true

    log level = 4

    preferred master = yes
    domain master = yes
    dns proxy = yes

    host msdfs = no

    idmap_ldb:use rfc2307 = yes
    idmap config * : backend = tdb
    idmap config * : range = 50001-80000        <<default was
10000-299999
    ## map ids from the domain  the range may not overlap !
    idmap config DTDOM : backend = ad
    idmap config DTDOM : schema_mode = rfc2307
    idmap config DTDOM : range = 10000-40000    << default was
10000-99999
    winbind separator = +
    winbind nss info = rfc2307
    winbind trusted domains only = no
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind refresh tickets = yes
    winbind offline logon = yes

##    wins server = 192.168.16.49    192.168.16.50

    template shell = /bin/bash
    template homedir = /home/samba/DTDOM/users/%U

    # user Administrator workaround, without it you are unable to set
privileges
    username map = /etc/samba/samba_usermapping

    # For ACL support on member file server

    vfs objects = acl_xattr
    map acl inherit = yes
    store dos attributes = yes

    # Share Setting Globally
    usershare allow guests = no
        unix extensions = no
    reset on zero vc = yes
    veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
    hide unreadable = yes

    # disable printing completely
    load printers = no
    printing = bsd
    printcap name = /dev/null
    disable spoolss = yes

    restrict anonymous = 2
    log file = /var/log/samba/log.%m
    max log size = 50

#============================ Share Definitions
============================

[testshare]
    comment = Test share
    path = /samba/testshare
    read only = no
    force group = "domain users"
    directory mask = 0770
    force directory mode = 0770
    create mask = 0660
    force create mode = 0660
    follow symlinks = yes
        wide links = yes 

I tried commenting out the "preferred master" and "domain master"
entries but no change. 

What do I need to clean up here? 

Please help! It is a busy day here and I cannot work without this! 

-- 
_______________________________

Bob Wooden of Donelson Trophy

More information about the samba mailing list