[Samba] Problems with winbind cache

Rowland Penny rpenny at samba.org
Fri Feb 3 15:11:07 UTC 2017 

On Fri, 3 Feb 2017 14:34:00 +0000
Roger Lovato <rogerlovato at outlook.com> wrote:

> I checked all of my servers and all with the same Symptoms and all
> winbind cache is not updated and with different contents.
> 
> 
> Regards
> 
> ________________________________
> De: Roger Lovato
> Enviado: sexta-feira, 3 de fevereiro de 2017 12:29:57
> Para: Rowland Penny
> Assunto: Re: [Samba] Problems with winbind cache
> 
> 
> Hi,
> 
> 
> I've tried to used your smb.conf. Samba still working but same
> problem to getent. After that I tried to clean cache no users and no
> groups is shown, but with wbinfo is alright.
> 
> 
> I get this log every 5 seconds:
> 
> 
> ==> /var/log/samba/log.wb-LOVATO <==
> [2017/02/03 12:25:21.449835,
> 3] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
> [ 2014]: list trusted domains [2017/02/03 12:25:21.449907,
> 3] ../source3/winbindd/winbindd_samr.c:293(sam_trusted_domains) samr:
> trusted domains
> 
> ==> /var/log/samba/smbd.log <==
> [2017/02/03 12:25:21.454913,
> 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> Terminating connection - 'dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED' [2017/02/03 12:25:21.454938,
> 3] ../source4/smbd/process_single.c:114(single_terminate)
> single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
> 
> 

I will say this again, just because 'wbinfo -u' shows the users in AD,
this DOESN'T mean the underlying Unix OS knows who they are.

This is my smb.conf:

[global]
        netbios name = DC1
        realm = SAMDOM.EXAMPLE.COM
        server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
        workgroup = SAMDOM
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes
        tls enabled  = yes
        tls keyfile  = tls/DCKey.pem
        tls certfile = tls/DCCert.pem
        tls cafile   =
        template shell = /bin/bash
        template homedir = /home/%U
        winbind enum users = yes
        winbind enum groups = yes
        log level = 0
        ldap server require strong auth = allow_sasl_over_tls

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/samdom.example.com/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


I use Devuan with a self compiled Samba and these are the links I
create:

ln -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so
ln -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so.2

ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so.2

ln
-s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/pam_winbind.so

I would also suggest you check how PAM is setup.

Rowland

More information about the samba mailing list