[Samba] since i added second DC i have some trouble

J. Echter j.echter at echter-kuechen-elektro.de
Tue Jun 14 16:38:29 UTC 2016


Hi,

i provisioned a domain and all went well, until i added the second dc....

for example:

the new DC2 tells me:

getfacl /usr/local/samba/var/locks/sysvol

# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
user:BUILTIN\134administrators:rwx
user:BUILTIN\134users:r-x
user:ELEMAY\134guest:rwx
user:ELEMAY\134domain\040guests:r-x
group::rwx
group:BUILTIN\134administrators:rwx
group:BUILTIN\134users:r-x
group:ELEMAY\134guest:rwx
group:ELEMAY\134domain\040guests:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\134administrators:rwx
default:user:BUILTIN\134users:r-x
default:user:ELEMAY\134guest:rwx
default:user:ELEMAY\134domain\040guests:r-x
default:group::---
default:group:BUILTIN\134administrators:rwx
default:group:BUILTIN\134users:r-x
default:group:ELEMAY\134guest:rwx
default:group:ELEMAY\134domain\040guests:r-x
default:mask::rwx
default:other::---


the old DC1 tells me:

# file: usr/local/samba/var/locks/sysvol
# owner: root
# group: BUILTIN\134administrators
user::rwx
user:root:rwx
user:BUILTIN\134administrators:rwx
user:BUILTIN\134server\040operators:r-x
user:3000002:rwx
user:3000003:r-x
group::rwx
group:BUILTIN\134administrators:rwx
group:BUILTIN\134server\040operators:r-x
group:3000002:rwx
group:3000003:r-x
mask::rwx
other::---
default:user::rwx
default:user:root:rwx
default:user:BUILTIN\134administrators:rwx
default:user:BUILTIN\134server\040operators:r-x
default:user:3000002:rwx
default:user:3000003:r-x
default:group::---
default:group:BUILTIN\134administrators:rwx
default:group:BUILTIN\134server\040operators:r-x
default:group:3000002:rwx
default:group:3000003:r-x
default:mask::rwx
default:other::---

smb.conf is identical:

DC2:

testparm
Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC

Press enter to see a dump of your service definitions

# Global parameters
[global]
        realm = ELEMAY.ECHTER-KUECHEN-ELEKTRO.DE
        workgroup = ELEMAY
        dns forwarder = 192.168.0.1
        passdb backend = samba_dsdb
        server role = active directory domain controller
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind nss info = rfc2307
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        winbindd:use external pipes = true
        idmap config elemay:range = 10000-99999
        idmap config elemay:schema_mode = rfc2307
        idmap config elemay:backend = ad
        idmap config *:range = 2000-9999
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4 acl_xattr


[netlogon]
        path =
/usr/local/samba/var/locks/sysvol/elemay.echter-kuechen-elektro.de/scripts
        read only = No


[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


DC1:

testparm
Load smb config files from /usr/local/samba/etc/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[netlogon]"
Processing section "[sysvol]"
Processing section "[Profiles]"
Loaded services file OK.
Server role: ROLE_ACTIVE_DIRECTORY_DC

Press enter to see a dump of your service definitions

# Global parameters
[global]
        realm = ELEMAY.ECHTER-KUECHEN-ELEKTRO.DE
        workgroup = ELEMAY
        dns forwarder = 192.168.0.1
        passdb backend = samba_dsdb
        server role = active directory domain controller
        winbind enum groups = Yes
        winbind enum users = Yes
        winbind nss info = rfc2307
        rpc_server:tcpip = no
        rpc_daemon:spoolssd = embedded
        rpc_server:spoolss = embedded
        rpc_server:winreg = embedded
        rpc_server:ntsvcs = embedded
        rpc_server:eventlog = embedded
        rpc_server:srvsvc = embedded
        rpc_server:svcctl = embedded
        rpc_server:default = external
        winbindd:use external pipes = true
        idmap config elemay:range = 10000-99999
        idmap config elemay:schema_mode = rfc2307
        idmap config elemay:backend = ad
        idmap config *:range = 2000-9999
        idmap_ldb:use rfc2307 = yes
        idmap config * : backend = tdb
        map archive = No
        map readonly = no
        store dos attributes = Yes
        vfs objects = dfs_samba4 acl_xattr


[netlogon]
        path =
/usr/local/samba/var/locks/sysvol/elemay.echter-kuechen-elektro.de/scripts
        read only = No


[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


[Profiles]
        path = /srv/samba/Profiles/
        csc policy = disable
        profile acls = Yes
        create mask = 0600
        directory mask = 0700
        read only = No

getent passwd:

works on both and shows me domain users, for example:

dc2:

ELEMAY\guest:*:3000002:100::/home/ELEMAY/guest:/bin/false


dc1:

ELEMAY\guest:*:3000011:100::/home/ELEMAY/guest:/bin/false

but, as you see, it has different numbers.



what went wrong here?


thanks

juergen



More information about the samba mailing list