[Samba] Problems with winbind cache
L.P.H. van Belle
belle at bazuin.nl
Fri Feb 3 13:28:48 UTC 2017
Try changing your nsswitch.conf to
passwd: files winbind sss
shadow: files sss
group: files winbind sss
now do.
net cache flush
restart winbind
wbinfo -u
wbinfo -g
getent passwd username
getent passwd groupname
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roger Lovato via
> samba
> Verzonden: vrijdag 3 februari 2017 14:21
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Problems with winbind cache
>
> Hi guys!!
>
>
> I'm facing problem with Samba 4 + winbind that I spent some days to solve
> that without success and I'll appreciate any help.
>
>
> I self compile samba 4 and apparently everything is working fine. I
> installed samba on six distributed servers at remote branch offices and
> all users, groups, dns and other components are replicating with success.
>
>
> But last week I saw that windind cache was not been updated and when I try
> to get users and groups with getent command, new members is not shown.
>
>
> I tried some tricks and tips that I found in several websites and forums,
> but nothing is working. Yesterday I tried to flush winbind cache with
> command:
>
>
> net cache flush
>
>
> All winbind cache has been erased, but is not updated and now I don't have
> any users and groups when I try to get with getent command.
>
>
> I read in the winbind manual that when I restart the daemon, all cache is
> erased and updated, but this not happens. I'm not found where winbind
> saves its cache!
>
>
> My wbinfo listing correctly:
>
>
> # wbinfo -u
> LOVATO\rafael
> LOVATO\xl.teste
> LOVATO\dns-movd-gcp-007
> LOVATO\dns-movd-mgf-001
> LOVATO\dns-movd-gcp-006
> LOVATO\administrator
> LOVATO\xl.teste1
> LOVATO\squid
> LOVATO\krbtgt
> LOVATO\guest
> LOVATO\roger
>
>
> wbinfo -g
> LOVATO\cert publishers
> LOVATO\ras and ias servers
> LOVATO\allowed rodc password replication group
> LOVATO\denied rodc password replication group
> LOVATO\dnsadmins
> LOVATO\enterprise read-only domain controllers
> LOVATO\domain admins
> LOVATO\domain users
> LOVATO\domain guests
> LOVATO\domain computers
> LOVATO\domain controllers
> LOVATO\schema admins
> LOVATO\enterprise admins
> LOVATO\group policy creator owners
> LOVATO\read-only domain controllers
> LOVATO\dnsupdateproxy
> LOVATO\teste
> LOVATO\proxynivel1
> LOVATO\proxynivel2
> LOVATO\proxynivel3
>
>
> My smb.conf
>
>
> [global]
> workgroup = LOVATO
> realm = LOVATO.INTRANET
> netbios name = LVT-006
> server role = active directory domain controller
> passdb backend = samba_dsdb
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
> rpc_server:tcpip = no
> rpc_daemon:spoolssd = embedded
> rpc_server:spoolss = embedded
> rpc_server:winreg = embedded
> rpc_server:ntsvcs = embedded
> rpc_server:eventlog = embedded
> rpc_server:srvsvc = embedded
> rpc_server:svcctl = embedded
> rpc_server:default = external
> #IDMAP
> idmap_ldb:use rfc2307 = yes
> idmap config * : backend = tdb
> idmap config *:range = 70001-80000
> idmap config LOVATO:backend = ad
> idmap config LOVATO:schema_mode = rfc2307
> idmap config LOVATO:range = 500-40000
> #WINBIND
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> winbind cache time = 10
> winbind refresh tickets = yes
> map archive = No
> map readonly = no
> store dos attributes = Yes
> vfs objects = dfs_samba4, acl_xattr
> template shell = /bin/bash
> #DESABILITANDO AS IMPRESSORAS
> printcap name = /dev/null
> printcap name = /dev/null
> load printers = no
> disable spoolss = yes
> disable spoolss = yes
> printing = bsd
> ### LOGS
> log file = /var/log/samba/smbd.log
> max log size = 50
> log level = 10
> vfs objects = recycle full_audit
> ### LIXEIRA
> recycle:repository = Lixeira
> recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~*
> recycle:keeptree = yes
> full_audit:success = rmdir mkdir open write rename unlink
> full_audit:failure = rmdir mkdir open write rename unlink
> full_audit:prefix = %U|%I|%m|%S
> full_audit:failure = none
> full_audit:facility = local5
> full_audit:priority = notice
> veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif
> delete veto files = yes
> dos filemode = yes
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
>
> My krb5.conf
>
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> kdc = FILE:/var/log/krb5kdc.log
> admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> default_realm = LOVATO.INTRANET
> dns_lookup_realm = true
> dns_lookup_kdc = true
> ticket_lifetime = 24h
> forwardable = yes
>
> [realm]
> LOVATO.INTRANET = {
> kdc = lvt-006.lovato.intranet:88
> default_domain = lovato.intranet
> }
>
> [domain_realm]
> .lovato.intranet = LOVATO.INTRANET
> lovato.intranet = LOVATO.INTRANET
>
> [appdefaults]
> pam = {
> debug = false
> ticket_lifetime = 36000
> renew_lifetime = 36000
> forwardable = true
> krb4_convert = false
> }
>
>
> My nsswitch.conf
>
>
> passwd: files sss winbind
> shadow: files sss
> group: files sss winbind
>
>
> Processes:
>
>
> named 847 0.0 1.8 558900 68924 ? Ssl Feb02 0:15
> /usr/sbin/named -u named -4
> root 1543 0.0 1.1 585920 45312 ? Ss Feb02 0:00
> /usr/local/samba/sbin/samba -D
> root 1544 0.0 0.8 585920 32304 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1557 0.0 1.2 637780 48844 ? Ss Feb02 0:00 | \_
> /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --
> foreground
> root 1561 0.0 0.8 632284 32224 ? S Feb02 0:00 |
> \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --
> foreground
> root 1562 0.0 0.8 632308 32204 ? S Feb02 0:00 |
> \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --
> foreground
> root 1545 0.3 1.0 592616 38832 ? S Feb02 2:41 \_
> /usr/local/samba/sbin/samba -D
> root 1546 0.0 0.8 585920 33624 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1547 0.0 0.8 585920 32184 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1548 0.0 0.9 585920 34680 ? S Feb02 0:01 \_
> /usr/local/samba/sbin/samba -D
> root 1549 0.0 0.8 585920 33852 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1550 0.0 0.9 592208 37212 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1551 0.1 0.9 594688 37676 ? S Feb02 1:01 \_
> /usr/local/samba/sbin/samba -D
> root 1552 0.0 0.8 585920 32304 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1553 0.0 1.2 609256 47364 ? Ss Feb02 0:02 | \_
> /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes -
> -foreground
> root 1560 0.0 0.9 616864 35820 ? S Feb02 0:32 |
> \_ /usr/local/samba/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> root 1564 0.0 0.9 610668 35372 ? S Feb02 0:00 |
> \_ /usr/local/samba/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> root 1569 0.0 0.9 616996 35576 ? S Feb02 0:00 |
> \_ /usr/local/samba/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> root 1554 0.0 0.8 585920 32340 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1555 0.0 1.1 585920 42976 ? S Feb02 0:00 \_
> /usr/local/samba/sbin/samba -D
> root 1556 0.0 0.8 585920 33328 ? S Feb02 0:01 \_
> /usr/local/samba/sbin/samba -D
>
>
> Version:
>
> # samba -V
> Version 4.5.3
>
>
> There is anyway to force winbind update?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list