[Samba] inconsistent winbind on upgraded member server
Mark Nienberg
mnlists at tippingstructural.com
Sun Dec 31 00:18:02 UTC 2017
I upgraded a domain member server from 4.5.5 to 4.6.2. After some initial
tests, where everything seemed to be working fine, I upgraded the OS from
CentOS 7.3 to 7.4. Now I have intermittent problems with domain users
trying to log in to the member server over ssh.
After a bunch of troubleshooting I determined that winbind sometimes
returns the user home directory and shell incorrectly and sometimes returns
it correctly.
I think the problem is best illustrated like this:
[mark at nikola ~]$ wbinfo -i mark
mark:*:500:513:Mark Nienberg:/home/STA/mark:/bin/false <--- wrong
[mark at nikola ~]$ finger mark
Login: mark Name: Mark Nienberg
Directory: /home/mark Shell: /bin/bash <-- correct
[mark at nikola ~]$ wbinfo -i mark
mark:*:500:513:Mark Nienberg:/home/mark:/bin/bash <-- now correct!
Results seem to continue to be correct for an hour or so, then they revert
to incorrect.
Here is part of smb.conf
[global]
workgroup = STA
security = ADS
realm = TIPPING.LAN
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config STA:backend = ad
idmap config STA:schema_mode = rfc2307
idmap config STA:range = 500-70000
# after upgrade to 4.6 series, comment out the following
#winbind nss info = rfc2307
# after upgrade to 4.6 series, uncomment the following
idmap config STA:unix_nss_info = yes
vfs objects = acl_xattr
map acl inherit = Yes
interfaces = ens192 lo
bind interfaces only = yes
store dos attributes = Yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
Any ideas appreciated.
Mark
More information about the samba
mailing list