[Samba] Problems with winbind cache
Rowland Penny
rpenny at samba.org
Fri Feb 3 15:11:07 UTC 2017
On Fri, 3 Feb 2017 14:34:00 +0000
Roger Lovato <rogerlovato at outlook.com> wrote:
> I checked all of my servers and all with the same Symptoms and all
> winbind cache is not updated and with different contents.
>
>
> Regards
>
> ________________________________
> De: Roger Lovato
> Enviado: sexta-feira, 3 de fevereiro de 2017 12:29:57
> Para: Rowland Penny
> Assunto: Re: [Samba] Problems with winbind cache
>
>
> Hi,
>
>
> I've tried to used your smb.conf. Samba still working but same
> problem to getent. After that I tried to clean cache no users and no
> groups is shown, but with wbinfo is alright.
>
>
> I get this log every 5 seconds:
>
>
> ==> /var/log/samba/log.wb-LOVATO <==
> [2017/02/03 12:25:21.449835,
> 3] ../source3/winbindd/winbindd_misc.c:161(winbindd_dual_list_trusted_domains)
> [ 2014]: list trusted domains [2017/02/03 12:25:21.449907,
> 3] ../source3/winbindd/winbindd_samr.c:293(sam_trusted_domains) samr:
> trusted domains
>
> ==> /var/log/samba/smbd.log <==
> [2017/02/03 12:25:21.454913,
> 3] ../source4/smbd/service_stream.c:66(stream_terminate_connection)
> Terminating connection - 'dcesrv:
> NT_STATUS_CONNECTION_DISCONNECTED' [2017/02/03 12:25:21.454938,
> 3] ../source4/smbd/process_single.c:114(single_terminate)
> single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
>
>
I will say this again, just because 'wbinfo -u' shows the users in AD,
this DOESN'T mean the underlying Unix OS knows who they are.
This is my smb.conf:
[global]
netbios name = DC1
realm = SAMDOM.EXAMPLE.COM
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate
workgroup = SAMDOM
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
tls enabled = yes
tls keyfile = tls/DCKey.pem
tls certfile = tls/DCCert.pem
tls cafile =
template shell = /bin/bash
template homedir = /home/%U
winbind enum users = yes
winbind enum groups = yes
log level = 0
ldap server require strong auth = allow_sasl_over_tls
[netlogon]
path = /usr/local/samba/var/locks/sysvol/samdom.example.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
I use Devuan with a self compiled Samba and these are the links I
create:
ln -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so
ln -s /usr/local/samba/lib/libnss_wins.so.2 /lib/x86_64-linux-gnu/libnss_wins.so.2
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so
ln -s /usr/local/samba/lib/libnss_winbind.so.2 /lib/x86_64-linux-gnu/libnss_winbind.so.2
ln
-s /usr/local/samba/lib/security/pam_winbind.so /lib/x86_64-linux-gnu/security/pam_winbind.so
I would also suggest you check how PAM is setup.
Rowland
More information about the samba
mailing list