[Samba] member server resolv.conf question
L.P.H. van Belle
belle at bazuin.nl
Thu Dec 1 16:09:27 UTC 2016
Hi Bob,
Im leaving the office, but i think if you remove the "wins support = yes" lines from your DC smb.conf wil help.
Or set it explicit to no.
After that, reboot the DC(s .
Then when thats done.
Reboot the member, no changes needed.
Now, check the logs again, if there are still messages, then you need to find the other master browser.. , so check every samba server if needed.
And just a tip install debian-goodies.
That give you the program checkrestart, and after every update you do,
run : checkrestart
Is you see lots of services that needs restarting, reboot helps better when there are a lot.
I hoop it helps out.
I can check my mail again in about 3-4 hours.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson
> Trophy via samba
> Verzonden: donderdag 1 december 2016 16:20
> Aan: SAMBA MailList
> Onderwerp: [Samba] member server resolv.conf question
> Urgentie: Hoog
>
> Yesterday I was "tailing" a log file (nmbd, I think) and noticed
> complaints by my member server that there was another "domain master" at
> the ipaddress on my DC1.
>
> This morning Windows clients are being denied updates to
> "116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.)
>
> I think I have an error in my smb.conf file for this server as I have
> had an issue in the past with domian master when I switched from an
> older member server to this newer one.
>
> My smb.conf (slightly sanitized.):
>
> adminlinux at dtmbr02:~$ cat /etc/samba/smb.conf
> [global]
> workgroup = DTDOM
> server string = Samba Server Version %v
> security = ads
> realm = DTSHRM.DT
> use sendfile = true
>
> log level = 4
>
> preferred master = yes
> domain master = yes
> dns proxy = yes
>
> host msdfs = no
>
> idmap_ldb:use rfc2307 = yes
> idmap config * : backend = tdb
> idmap config * : range = 50001-80000 <<default was
> 10000-299999
> ## map ids from the domain the range may not overlap !
> idmap config DTDOM : backend = ad
> idmap config DTDOM : schema_mode = rfc2307
> idmap config DTDOM : range = 10000-40000 << default was
> 10000-99999
> winbind separator = +
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind enum users = yes
> winbind enum groups = yes
> winbind use default domain = yes
> winbind refresh tickets = yes
> winbind offline logon = yes
>
> ## wins server = 192.168.16.49 192.168.16.50
>
> template shell = /bin/bash
> template homedir = /home/samba/DTDOM/users/%U
>
> # user Administrator workaround, without it you are unable to set
> privileges
> username map = /etc/samba/samba_usermapping
>
> # For ACL support on member file server
>
> vfs objects = acl_xattr
> map acl inherit = yes
> store dos attributes = yes
>
> # Share Setting Globally
> usershare allow guests = no
> unix extensions = no
> reset on zero vc = yes
> veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> hide unreadable = yes
>
> # disable printing completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> restrict anonymous = 2
> log file = /var/log/samba/log.%m
> max log size = 50
>
> #============================ Share Definitions
> ============================
>
> [testshare]
> comment = Test share
> path = /samba/testshare
> read only = no
> force group = "domain users"
> directory mask = 0770
> force directory mode = 0770
> create mask = 0660
> force create mode = 0660
> follow symlinks = yes
> wide links = yes
>
> I tried commenting out the "preferred master" and "domain master"
> entries but no change.
>
> What do I need to clean up here?
>
> Please help! It is a busy day here and I cannot work without this!
>
> --
> _______________________________
>
> Bob Wooden of Donelson Trophy
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list