[Samba] Problems after migration from samba 3.5.2 to samba 4.3.1

Fernando Favero favero.fernando at gmail.com
Mon Feb 15 17:22:55 UTC 2016 

My smb.conf files.
The OS is a CentOS 7

DC Server 1
-------------------------------
[global]
        workgroup = EXAMPLE.COM
        realm = campus.example.com
        netbios name = DC-SERVER1
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 8.8.8.8
        dsdb:schema update allowed = true
        winbind max clients = 2000
        bind interfaces only = yes
        interfaces = eth0

        log file = /var/log/samba/%m.log
        log level = 1

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


DC Server 2
-------------------------------
[global]
        workgroup = EXAMPLE.COM
        realm = campus.example.com
        netbios name = DC-SERVER2
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        dns forwarder = 8.8.8.8
        dsdb:schema update allowed = true
        winbind max clients = 2000
        bind interfaces only = yes
        interfaces = eth0

        log file = /var/log/samba/%m.log
        log level = 1

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/campus.example.com/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


FileServer1
-------------------------------
[global]
        netbios name = FileServer1
        server string = FileServer1
        security = ADS
        workgroup = EXAMPLE.COM
        realm = CAMPUS.EXAMPLE.COM
        bind interfaces only = yes
        interfaces = lo eth0
        winbind request timeout = 90

        log file = /var/log/samba/%m.log
        log level = 1

        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab
        winbind refresh tickets = yes
        winbind max clients = 2000

        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users  = yes
        winbind enum groups = yes

        idmap config *:backend = tdb
        idmap config *:range = 1000-50000

        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
        acl allow execute always = true


FileServer2
-------------------------------
[global]
        netbios name = FileServer2
        server string = FileServer2
        security = ADS
        workgroup = EXAMPLE.COM
        realm = CAMPUS.EXAMPLE.COM
        bind interfaces only = yes
        interfaces = lo eth0
        winbind request timeout = 90

        log file = /var/log/samba/%m.log
        log level = 1

        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab
        winbind refresh tickets = yes
        winbind max clients = 2000


        winbind trusted domains only = no
        winbind use default domain = yes
        winbind enum users  = yes
        winbind enum groups = yes

        idmap config *:backend = tdb
        idmap config *:range = 1000-50000

        vfs objects = acl_xattr
        map acl inherit = yes
        store dos attributes = yes
        acl allow execute always = true


On Mon, Feb 15, 2016 at 11:13 AM, Rowland penny <rpenny at samba.org> wrote:

> On 15/02/16 12:40, Fernando Favero wrote:
>
>> Hello,
>>
>>
>> 3 months ago, I migrated my domain from samba 3.5.2 (NT4 with LDAP) to
>> samba 4.3.1 (compiled from source) following classic upgrade instructions
>> on wiki page. The samba 4.3.1 is using Samba Internal DNS.
>>
>> 20.000 users and 2.800 computers were migrated.
>>
>> After the migration process, I joined 1 new DC server and 2 File Servers
>> to
>> domain.
>>
>> All users can login on domain, but we have some issues.
>>
>>
>> 1 – “wbinfo -u” doesn't show users, but “wbinfo -g” show groups normally
>>
>> 2 – On DC servers, samba process listen ports 135 and 1024 is using 100%
>> of
>> CPU
>>
>> 3 – On DC servers, samba process listen ports 464 and 88 are using ~ 50%
>> of
>> CPU
>>
>> 4 – On File Servers, run a “ls -l” on directories with user/groups
>> permissions from domain is very slow
>>
>> 5 – Sometimes, file servers lost connections to winbind process.
>>
>> wbinfo -t
>>
>> checking the trust secret for domain UEL.BR via RPC calls failed
>>
>> failed to call wbcCheckTrustCredentials: WBC_ERR_WINBIND_NOT_AVAILABLE
>>
>> Could not check secret
>>
>>
>> I have tried to find wath is wrong, but not found the solution yet.
>>
>>
>> Can someone help me ?
>>
>
> We can certainly try, but it will probably help if you can post your
> smb.conf files from the various Samba machines.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list