[Samba] Problems with winbind cache

Roger Lovato rogerlovato at outlook.com
Fri Feb 3 13:20:55 UTC 2017 

Hi guys!!


I'm facing problem with Samba 4 + winbind that I spent some days to solve that without success and I'll appreciate any help.


I self compile samba 4 and apparently everything is working fine. I installed samba on six distributed servers at remote branch offices and all users, groups, dns and other components are replicating with success.


But last week I saw that windind cache was not been updated and when I try to get users and groups with getent command, new members is not shown.


I tried some tricks and tips that I found in several websites and forums, but nothing is working. Yesterday I tried to flush winbind cache with command:


net cache flush


All winbind cache has been erased, but is not updated and now I don't have any users and groups when I try to get with getent command.


I read in the winbind manual that when I restart the daemon, all cache is erased and updated, but this not happens. I'm not found where winbind saves its cache!


My wbinfo listing correctly:


# wbinfo -u
LOVATO\rafael
LOVATO\xl.teste
LOVATO\dns-movd-gcp-007
LOVATO\dns-movd-mgf-001
LOVATO\dns-movd-gcp-006
LOVATO\administrator
LOVATO\xl.teste1
LOVATO\squid
LOVATO\krbtgt
LOVATO\guest
LOVATO\roger


wbinfo -g
LOVATO\cert publishers
LOVATO\ras and ias servers
LOVATO\allowed rodc password replication group
LOVATO\denied rodc password replication group
LOVATO\dnsadmins
LOVATO\enterprise read-only domain controllers
LOVATO\domain admins
LOVATO\domain users
LOVATO\domain guests
LOVATO\domain computers
LOVATO\domain controllers
LOVATO\schema admins
LOVATO\enterprise admins
LOVATO\group policy creator owners
LOVATO\read-only domain controllers
LOVATO\dnsupdateproxy
LOVATO\teste
LOVATO\proxynivel1
LOVATO\proxynivel2
LOVATO\proxynivel3


My smb.conf


[global]
  workgroup = LOVATO
  realm = LOVATO.INTRANET
  netbios name = LVT-006
  server role = active directory domain controller
  passdb backend = samba_dsdb
  server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
  rpc_server:tcpip = no
  rpc_daemon:spoolssd = embedded
  rpc_server:spoolss = embedded
  rpc_server:winreg = embedded
  rpc_server:ntsvcs = embedded
  rpc_server:eventlog = embedded
  rpc_server:srvsvc = embedded
  rpc_server:svcctl = embedded
  rpc_server:default = external
  #IDMAP
  idmap_ldb:use rfc2307 = yes
  idmap config * : backend = tdb
  idmap config *:range = 70001-80000
  idmap config LOVATO:backend = ad
  idmap config LOVATO:schema_mode = rfc2307
  idmap config LOVATO:range = 500-40000
  #WINBIND
  winbind nss info = rfc2307
  winbind trusted domains only = no
  winbind use default domain = yes
  winbind enum users  = yes
  winbind enum groups = yes
  winbind cache time = 10
  winbind refresh tickets = yes
  map archive = No
  map readonly = no
  store dos attributes = Yes
  vfs objects = dfs_samba4, acl_xattr
  template shell = /bin/bash
  #DESABILITANDO AS IMPRESSORAS
  printcap name = /dev/null
    printcap name = /dev/null
  load printers = no
  disable spoolss = yes
  disable spoolss = yes
  printing = bsd
  ### LOGS
  log file = /var/log/samba/smbd.log
  max log size = 50
  log level = 10
  vfs objects = recycle full_audit
  ### LIXEIRA
  recycle:repository = Lixeira
  recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~*
  recycle:keeptree = yes
  full_audit:success = rmdir mkdir open write rename unlink
  full_audit:failure = rmdir mkdir open write rename unlink
  full_audit:prefix = %U|%I|%m|%S
  full_audit:failure = none
  full_audit:facility = local5
  full_audit:priority = notice
  veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif
  delete veto files = yes
  dos filemode = yes

[netlogon]
  path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts
  read only = No

[sysvol]
  path = /usr/local/samba/var/locks/sysvol
  read only = No


My krb5.conf


[logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log

[libdefaults]
        default_realm = LOVATO.INTRANET
        dns_lookup_realm = true
        dns_lookup_kdc = true
        ticket_lifetime = 24h
        forwardable = yes

[realm]
        LOVATO.INTRANET = {
                kdc = lvt-006.lovato.intranet:88
                default_domain = lovato.intranet
}

[domain_realm]
        .lovato.intranet = LOVATO.INTRANET
        lovato.intranet = LOVATO.INTRANET

[appdefaults]
     pam = {
          debug = false
          ticket_lifetime = 36000
          renew_lifetime = 36000
          forwardable = true
          krb4_convert = false
     }


My nsswitch.conf


passwd:     files sss winbind
shadow:     files sss
group:      files sss winbind


Processes:


named      847  0.0  1.8 558900 68924 ?        Ssl  Feb02   0:15 /usr/sbin/named -u named -4
root      1543  0.0  1.1 585920 45312 ?        Ss   Feb02   0:00 /usr/local/samba/sbin/samba -D
root      1544  0.0  0.8 585920 32304 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1557  0.0  1.2 637780 48844 ?        Ss   Feb02   0:00  |   \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root      1561  0.0  0.8 632284 32224 ?        S    Feb02   0:00  |       \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root      1562  0.0  0.8 632308 32204 ?        S    Feb02   0:00  |       \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root      1545  0.3  1.0 592616 38832 ?        S    Feb02   2:41  \_ /usr/local/samba/sbin/samba -D
root      1546  0.0  0.8 585920 33624 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1547  0.0  0.8 585920 32184 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1548  0.0  0.9 585920 34680 ?        S    Feb02   0:01  \_ /usr/local/samba/sbin/samba -D
root      1549  0.0  0.8 585920 33852 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1550  0.0  0.9 592208 37212 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1551  0.1  0.9 594688 37676 ?        S    Feb02   1:01  \_ /usr/local/samba/sbin/samba -D
root      1552  0.0  0.8 585920 32304 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1553  0.0  1.2 609256 47364 ?        Ss   Feb02   0:02  |   \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root      1560  0.0  0.9 616864 35820 ?        S    Feb02   0:32  |       \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root      1564  0.0  0.9 610668 35372 ?        S    Feb02   0:00  |       \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root      1569  0.0  0.9 616996 35576 ?        S    Feb02   0:00  |       \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root      1554  0.0  0.8 585920 32340 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1555  0.0  1.1 585920 42976 ?        S    Feb02   0:00  \_ /usr/local/samba/sbin/samba -D
root      1556  0.0  0.8 585920 33328 ?        S    Feb02   0:01  \_ /usr/local/samba/sbin/samba -D


Version:

# samba -V
Version 4.5.3


There is anyway to force winbind update?

More information about the samba mailing list