[Samba] Problems with winbind cache
Roger Lovato
rogerlovato at outlook.com
Fri Feb 3 13:20:55 UTC 2017
Hi guys!!
I'm facing problem with Samba 4 + winbind that I spent some days to solve that without success and I'll appreciate any help.
I self compile samba 4 and apparently everything is working fine. I installed samba on six distributed servers at remote branch offices and all users, groups, dns and other components are replicating with success.
But last week I saw that windind cache was not been updated and when I try to get users and groups with getent command, new members is not shown.
I tried some tricks and tips that I found in several websites and forums, but nothing is working. Yesterday I tried to flush winbind cache with command:
net cache flush
All winbind cache has been erased, but is not updated and now I don't have any users and groups when I try to get with getent command.
I read in the winbind manual that when I restart the daemon, all cache is erased and updated, but this not happens. I'm not found where winbind saves its cache!
My wbinfo listing correctly:
# wbinfo -u
LOVATO\rafael
LOVATO\xl.teste
LOVATO\dns-movd-gcp-007
LOVATO\dns-movd-mgf-001
LOVATO\dns-movd-gcp-006
LOVATO\administrator
LOVATO\xl.teste1
LOVATO\squid
LOVATO\krbtgt
LOVATO\guest
LOVATO\roger
wbinfo -g
LOVATO\cert publishers
LOVATO\ras and ias servers
LOVATO\allowed rodc password replication group
LOVATO\denied rodc password replication group
LOVATO\dnsadmins
LOVATO\enterprise read-only domain controllers
LOVATO\domain admins
LOVATO\domain users
LOVATO\domain guests
LOVATO\domain computers
LOVATO\domain controllers
LOVATO\schema admins
LOVATO\enterprise admins
LOVATO\group policy creator owners
LOVATO\read-only domain controllers
LOVATO\dnsupdateproxy
LOVATO\teste
LOVATO\proxynivel1
LOVATO\proxynivel2
LOVATO\proxynivel3
My smb.conf
[global]
workgroup = LOVATO
realm = LOVATO.INTRANET
netbios name = LVT-006
server role = active directory domain controller
passdb backend = samba_dsdb
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
#IDMAP
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
idmap config *:range = 70001-80000
idmap config LOVATO:backend = ad
idmap config LOVATO:schema_mode = rfc2307
idmap config LOVATO:range = 500-40000
#WINBIND
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind refresh tickets = yes
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
template shell = /bin/bash
#DESABILITANDO AS IMPRESSORAS
printcap name = /dev/null
printcap name = /dev/null
load printers = no
disable spoolss = yes
disable spoolss = yes
printing = bsd
### LOGS
log file = /var/log/samba/smbd.log
max log size = 50
log level = 10
vfs objects = recycle full_audit
### LIXEIRA
recycle:repository = Lixeira
recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~*
recycle:keeptree = yes
full_audit:success = rmdir mkdir open write rename unlink
full_audit:failure = rmdir mkdir open write rename unlink
full_audit:prefix = %U|%I|%m|%S
full_audit:failure = none
full_audit:facility = local5
full_audit:priority = notice
veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif
delete veto files = yes
dos filemode = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
My krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LOVATO.INTRANET
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realm]
LOVATO.INTRANET = {
kdc = lvt-006.lovato.intranet:88
default_domain = lovato.intranet
}
[domain_realm]
.lovato.intranet = LOVATO.INTRANET
lovato.intranet = LOVATO.INTRANET
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
My nsswitch.conf
passwd: files sss winbind
shadow: files sss
group: files sss winbind
Processes:
named 847 0.0 1.8 558900 68924 ? Ssl Feb02 0:15 /usr/sbin/named -u named -4
root 1543 0.0 1.1 585920 45312 ? Ss Feb02 0:00 /usr/local/samba/sbin/samba -D
root 1544 0.0 0.8 585920 32304 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1557 0.0 1.2 637780 48844 ? Ss Feb02 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root 1561 0.0 0.8 632284 32224 ? S Feb02 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root 1562 0.0 0.8 632308 32204 ? S Feb02 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
root 1545 0.3 1.0 592616 38832 ? S Feb02 2:41 \_ /usr/local/samba/sbin/samba -D
root 1546 0.0 0.8 585920 33624 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1547 0.0 0.8 585920 32184 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1548 0.0 0.9 585920 34680 ? S Feb02 0:01 \_ /usr/local/samba/sbin/samba -D
root 1549 0.0 0.8 585920 33852 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1550 0.0 0.9 592208 37212 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1551 0.1 0.9 594688 37676 ? S Feb02 1:01 \_ /usr/local/samba/sbin/samba -D
root 1552 0.0 0.8 585920 32304 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1553 0.0 1.2 609256 47364 ? Ss Feb02 0:02 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root 1560 0.0 0.9 616864 35820 ? S Feb02 0:32 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root 1564 0.0 0.9 610668 35372 ? S Feb02 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root 1569 0.0 0.9 616996 35576 ? S Feb02 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
root 1554 0.0 0.8 585920 32340 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1555 0.0 1.1 585920 42976 ? S Feb02 0:00 \_ /usr/local/samba/sbin/samba -D
root 1556 0.0 0.8 585920 33328 ? S Feb02 0:01 \_ /usr/local/samba/sbin/samba -D
Version:
# samba -V
Version 4.5.3
There is anyway to force winbind update?
More information about the samba
mailing list