[Samba] Problems with winbind cache

L.P.H. van Belle belle at bazuin.nl
Fri Feb 3 13:58:59 UTC 2017


Try cleaning up your smb.conf also. 

 

>   vfs objects = dfs_samba4, acl_xattr 

Bit lower.

>   vfs objects = recycle full_audit 

Set this as : vfs objects = dfs_samba4, acl_xattr, recycle full_audit

 

Your using : >   winbind nss info = rfc2307 

So remove these lines 

>   idmap config * : backend = tdb
>   idmap config *:range = 70001-80000
>   idmap config LOVATO:backend = ad
>   idmap config LOVATO:schema_mode = rfc2307
>   idmap config LOVATO:range = 500-40000

 

 

2 x : 

>   disable spoolss = yes
>   disable spoolss = yes

 

Etc, so backup your smb.conf and cleanup first. 

 

As example, this is all i have.

 

[global]

        workgroup = NTDOM

        realm = REALM

        # netbios name is not needed, the computer it hostname wil be use, i think its handy to have it here. 

        netbios name = DC1

 

        server role = active directory domain controller

        # if you run bind_dlz and not samba dns, this is sufficent. 

        server services = -dns

 

        # Dont forget to set the idmap_ldb on ALL DC's if you use it

        idmap_ldb:use rfc2307 = yes

 

        winbind nss info = rfc2307

        winbind expand groups = 4

 

        # with rfc2307 this is only needed on the DC. 

        template shell = /bin/bash

        template homedir = /home/users/%U

 

        # disable printing completely, when set empty no error log messages.

        load printers = no

        printing = bsd

        printcap name = /dev/null

        disable spoolss = yes

 

        # disable usershares creating, when set empty no error log messages.

        usershare path =

 

        # Add and Update TLS Key

        tls enabled = yes

        tls keyfile = /........key.pem

        tls certfile = /........cert.pem

        tls cafile = /....... ca.pem

 

[sysvol]

......  

 


Van: Roger Lovato [mailto:rogerlovato at outlook.com] 
Verzonden: vrijdag 3 februari 2017 14:40
Aan: L.P.H. van Belle
Onderwerp: Re: [Samba] Problems with winbind cache


 

Hi,

 

Thanks for your help, but still not updating.. 

 

passwd:     files winbind sss


shadow:     files sss


group:      files winbind sss


 

getent don't get any user or group. 

 

Regards,





De: samba <samba-bounces at lists.samba.org> em nome de L.P.H. van Belle via samba <samba at lists.samba.org>
Enviado: sexta-feira, 3 de fevereiro de 2017 11:28:48
Para: samba at lists.samba.org
Assunto: Re: [Samba] Problems with winbind cache 

 




Try changing your nsswitch.conf to 

passwd:     files winbind sss
shadow:     files sss
group:      files winbind sss

now do. 

net cache flush

restart winbind 

wbinfo -u
wbinfo -g 
getent passwd username 
getent passwd groupname



Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roger Lovato via
> samba
> Verzonden: vrijdag 3 februari 2017 14:21
> Aan: samba at lists.samba.org
> Onderwerp: [Samba] Problems with winbind cache
> 
> Hi guys!!
> 
> 
> I'm facing problem with Samba 4 + winbind that I spent some days to solve
> that without success and I'll appreciate any help.
> 
> 
> I self compile samba 4 and apparently everything is working fine. I
> installed samba on six distributed servers at remote branch offices and
> all users, groups, dns and other components are replicating with success.
> 
> 
> But last week I saw that windind cache was not been updated and when I try
> to get users and groups with getent command, new members is not shown.
> 
> 
> I tried some tricks and tips that I found in several websites and forums,
> but nothing is working. Yesterday I tried to flush winbind cache with
> command:
> 
> 
> net cache flush
> 
> 
> All winbind cache has been erased, but is not updated and now I don't have
> any users and groups when I try to get with getent command.
> 
> 
> I read in the winbind manual that when I restart the daemon, all cache is
> erased and updated, but this not happens. I'm not found where winbind
> saves its cache!
> 
> 
> My wbinfo listing correctly:
> 
> 
> # wbinfo -u
> LOVATO\rafael
> LOVATO\xl.teste
> LOVATO\dns-movd-gcp-007
> LOVATO\dns-movd-mgf-001
> LOVATO\dns-movd-gcp-006
> LOVATO\administrator
> LOVATO\xl.teste1
> LOVATO\squid
> LOVATO\krbtgt
> LOVATO\guest
> LOVATO\roger
> 
> 
> wbinfo -g
> LOVATO\cert publishers
> LOVATO\ras and ias servers
> LOVATO\allowed rodc password replication group
> LOVATO\denied rodc password replication group
> LOVATO\dnsadmins
> LOVATO\enterprise read-only domain controllers
> LOVATO\domain admins
> LOVATO\domain users
> LOVATO\domain guests
> LOVATO\domain computers
> LOVATO\domain controllers
> LOVATO\schema admins
> LOVATO\enterprise admins
> LOVATO\group policy creator owners
> LOVATO\read-only domain controllers
> LOVATO\dnsupdateproxy
> LOVATO\teste
> LOVATO\proxynivel1
> LOVATO\proxynivel2
> LOVATO\proxynivel3
> 
> 
> My smb.conf
> 
> 
> [global]
>   workgroup = LOVATO
>   realm = LOVATO.INTRANET
>   netbios name = LVT-006
>   server role = active directory domain controller
>   passdb backend = samba_dsdb
>   server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
>   rpc_server:tcpip = no
>   rpc_daemon:spoolssd = embedded
>   rpc_server:spoolss = embedded
>   rpc_server:winreg = embedded
>   rpc_server:ntsvcs = embedded
>   rpc_server:eventlog = embedded
>   rpc_server:srvsvc = embedded
>   rpc_server:svcctl = embedded
>   rpc_server:default = external
>   #IDMAP
>   idmap_ldb:use rfc2307 = yes
>   idmap config * : backend = tdb
>   idmap config *:range = 70001-80000
>   idmap config LOVATO:backend = ad
>   idmap config LOVATO:schema_mode = rfc2307
>   idmap config LOVATO:range = 500-40000
>   #WINBIND
>   winbind nss info = rfc2307
>   winbind trusted domains only = no
>   winbind use default domain = yes
>   winbind enum users  = yes
>   winbind enum groups = yes
>   winbind cache time = 10
>   winbind refresh tickets = yes
>   map archive = No
>   map readonly = no
>   store dos attributes = Yes
>   vfs objects = dfs_samba4, acl_xattr
>   template shell = /bin/bash
>   #DESABILITANDO AS IMPRESSORAS
>   printcap name = /dev/null
>     printcap name = /dev/null
>   load printers = no
>   disable spoolss = yes
>   disable spoolss = yes
>   printing = bsd
>   ### LOGS
>   log file = /var/log/samba/smbd.log
>   max log size = 50
>   log level = 10
>   vfs objects = recycle full_audit
>   ### LIXEIRA
>   recycle:repository = Lixeira
>   recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~*
>   recycle:keeptree = yes
>   full_audit:success = rmdir mkdir open write rename unlink
>   full_audit:failure = rmdir mkdir open write rename unlink
>   full_audit:prefix = %U|%I|%m|%S
>   full_audit:failure = none
>   full_audit:facility = local5
>   full_audit:priority = notice
>   veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif
>   delete veto files = yes
>   dos filemode = yes
> 
> [netlogon]
>   path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts
>   read only = No
> 
> [sysvol]
>   path = /usr/local/samba/var/locks/sysvol
>   read only = No
> 
> 
> My krb5.conf
> 
> 
> [logging]
>      default = FILE:/var/log/krb5libs.log
>      kdc = FILE:/var/log/krb5kdc.log
>      admin_server = FILE:/var/log/kadmind.log
> 
> [libdefaults]
>         default_realm = LOVATO.INTRANET
>         dns_lookup_realm = true
>         dns_lookup_kdc = true
>         ticket_lifetime = 24h
>         forwardable = yes
> 
> [realm]
>         LOVATO.INTRANET = {
>                 kdc = lvt-006.lovato.intranet:88
>                 default_domain = lovato.intranet
> }
> 
> [domain_realm]
>         .lovato.intranet = LOVATO.INTRANET
>         lovato.intranet = LOVATO.INTRANET
> 
> [appdefaults]
>      pam = {
>           debug = false
>           ticket_lifetime = 36000
>           renew_lifetime = 36000
>           forwardable = true
>           krb4_convert = false
>      }
> 
> 
> My nsswitch.conf
> 
> 
> passwd:     files sss winbind
> shadow:     files sss
> group:      files sss winbind
> 
> 
> Processes:
> 
> 
> named      847  0.0  1.8 558900 68924 ?        Ssl  Feb02   0:15
> /usr/sbin/named -u named -4
> root      1543  0.0  1.1 585920 45312 ?        Ss   Feb02   0:00
> /usr/local/samba/sbin/samba -D
> root      1544  0.0  0.8 585920 32304 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1557  0.0  1.2 637780 48844 ?        Ss   Feb02   0:00  |   \_
> /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --
> foreground
> root      1561  0.0  0.8 632284 32224 ?        S    Feb02   0:00  |
> \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --
> foreground
> root      1562  0.0  0.8 632308 32204 ?        S    Feb02   0:00  |
> \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --
> foreground
> root      1545  0.3  1.0 592616 38832 ?        S    Feb02   2:41  \_
> /usr/local/samba/sbin/samba -D
> root      1546  0.0  0.8 585920 33624 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1547  0.0  0.8 585920 32184 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1548  0.0  0.9 585920 34680 ?        S    Feb02   0:01  \_
> /usr/local/samba/sbin/samba -D
> root      1549  0.0  0.8 585920 33852 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1550  0.0  0.9 592208 37212 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1551  0.1  0.9 594688 37676 ?        S    Feb02   1:01  \_
> /usr/local/samba/sbin/samba -D
> root      1552  0.0  0.8 585920 32304 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1553  0.0  1.2 609256 47364 ?        Ss   Feb02   0:02  |   \_
> /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes -
> -foreground
> root      1560  0.0  0.9 616864 35820 ?        S    Feb02   0:32  |
> \_ /usr/local/samba/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> root      1564  0.0  0.9 610668 35372 ?        S    Feb02   0:00  |
> \_ /usr/local/samba/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> root      1569  0.0  0.9 616996 35576 ?        S    Feb02   0:00  |
> \_ /usr/local/samba/sbin/winbindd -D --option=server role
> check:inhibit=yes --foreground
> root      1554  0.0  0.8 585920 32340 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1555  0.0  1.1 585920 42976 ?        S    Feb02   0:00  \_
> /usr/local/samba/sbin/samba -D
> root      1556  0.0  0.8 585920 33328 ?        S    Feb02   0:01  \_
> /usr/local/samba/sbin/samba -D
> 
> 
> Version:
> 
> # samba -V
> Version 4.5.3
> 
> 
> There is anyway to force winbind update?
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba





More information about the samba mailing list