[Samba] samba4 AD - winbind Could not write result
Sam
sr42354 at gmail.com
Mon May 23 15:36:10 UTC 2016
Le 23/05/2016 à 14:46, Rowland penny a écrit :
> On 23/05/16 12:56, Sam wrote:
>>
>
> It looks like your problems have nothing to do with dhcp, one problem
> appears to be related to dnssec:
>
> May 23 10:52:27 S4 named[2162]: validating @0x7eff24296b50:
> choices.truste.com A: no valid signature found
>
> If you have 'dnssec-validation yes;' in 'named.conf.options', change
> it to 'dnssec-validation auto;'
>
> Your main problem has been reported before, not sure if a fix was
> found, can I suggest you upgrade to the latest Sernet 4.2 package
> (4.2.12), this may contain a fix. If it doesn't, can you post the
> smb.conf from the DCs, also both resolv.conf files, raise the log
> level to 10 and see if anything else pops out.
>
> Rowland
>
> ||
Hello Rowland,
in named.conf.options, dnssec-validation is already set to auto.
Ok I put syslog = 10 in smb.conf and tell if I get more details.
I prefer not trying to upgrade, the servers are in production.
here is the files :
S4bis smb.conf file :
# Global parameters
[global]
workgroup = ARIANE
realm = ariane.intra
netbios name = S4BIS
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
## KEEP THIS OFF !! Only used for modify-ing the AD Schema
## ONLY DONE ONES ON THE DC WITH THE FSMO Roles
sdb:schema update allowed = no
## Dont forget to set the idmap_ldb on ALL DC's if you use it
idmap_ldb:use rfc2307 = yes
idmap config * :backend = tdb
idmap config * :range = 2000-9999
idmap config ARIANE : backend = ad
idmap config ARIANE : range = 10000-3999999
#when using idmap backend RID enable these
#template shell = /bin/sh
template homedir = /home/users/%ACCOUNTNAME%
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind max clients = 800
interfaces = 127.0.0.1 172.20.2.3
bind interfaces only = yes
time server = yes
wins support = yes
# Disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
kerberos method = system keytab
client ldap sasl wrapping = sign
allow dns updates = secure
nsupdate command = /usr/bin/nsupdate -g
[netlogon]
path = /var/lib/samba/sysvol/ariane.intra/scripts
read only = No
acl_xattr:ignore system acl = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
acl_xattr:ignore system acl = yes
S4bis Resolv.conf file :
search ariane.intra
nameserver 172.20.2.2
nameserver 172.20.2.3
S4 smb.conf file :
# Global parameters
[global]
workgroup = ARIANE
realm = ariane.intra
netbios name = S4
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbindd, ntp_signd, kcc, dnsupdate
## KEEP THIS OFF !! Only used for modify-ing the AD Schema
## ONLY DONE ONES ON THE DC WITH THE FSMO Roles
sdb:schema update allowed = no
## Dont forget to set the idmap_ldb on ALL DC's if you use it
idmap_ldb:use rfc2307 = yes
idmap config * :backend = tdb
idmap config * :range = 2000-9999
idmap config ARIANE : backend = ad
idmap config ARIANE : range = 10000-3999999
#when using idmap backend RID enable these
#template shell = /bin/sh
template homedir = /home/users/%ACCOUNTNAME%
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind max clients = 800
interfaces = 127.0.0.1 172.20.2.2
bind interfaces only = yes
time server = yes
wins support = yes
# Disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
kerberos method = system keytab
client ldap sasl wrapping = sign
allow dns updates = secure
nsupdate command = /usr/bin/nsupdate -g
syslog = 10
[netlogon]
path = /var/lib/samba/sysvol/ariane.intra/scripts
read only = No
acl_xattr:ignore system acl = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
acl_xattr:ignore system acl = yes
S4bis Resolv.conf file :
search ariane.intra
nameserver 172.20.2.3
nameserver 172.20.2.2
Thank you!
Sam
More information about the samba
mailing list