[Samba] getent/Winbind issues

Sat Jul 15 14:59:31 UTC 2017

On Sat, 15 Jul 2017 15:20:14 +0100
Carlos Jesus via samba <samba at lists.samba.org> wrote:

> Hi all,
> having a bit of a nuisance here. Hope you can help. Let's see.
> 
> A) I have a Dell Poweredge running a (mostly) vanilla Debian Jessie
> and Samba 4.5.0 as a AD-DC using internall DNS. All works as expected
> including winbind, wbinfo and getent. Against samba team
> recommendations the DC is also a fileserver.

You can use the DC as a fileserver, you just have to be aware of the
limitations ;-)

> 
> B) On a similar machine (that's where the problem lies), I installed
> Debian Stretch and Samba 4.5.0. 
> Copied the database from the first machine and upgraded to samba
> 4.6.5.

What 'database' did you copy ?
If you are referring to 'sam.ldb', then you will undoubtedly have
problems.
You should have created a new DC by joining the computer as a new DC,
transfer FSMO roles from the old DC and then demote the old DC.

> [global]
>         netbios name = EHSERVER
>         realm = EUROHIDRA.LOCAL
>         workgroup = EUROHIDRA
>         netbios name = EHSERVER
>         interfaces = lo br0
>         bind interfaces only = Yes
>         dns forwarder = 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220
>         server role = active directory domain controller
>         idmap_ldb:use rfc2307 = yes
>         log level = 4
>         log file = /var/log/samba/samba.log
> 
>         passwd program = /usr/bin/passwd %u
>         time server =yes
>         unix password sync = yes
>         name resolve order =  bcast host lmhosts wins
>         winbind refresh tickets = Yes
>         winbind separator = :
>         winbind enum users = yes
>         winbind enum groups = yes

I would remove the above 8 lines, apart from the last two, they either
shouldn't be in a DC smb.conf or don't do anything. You should only
add the last two whilst testing.

Rowland