[Samba] Samba AD - Issue with winbindd: Could not write result
Marco Coli
marco.coli at isolettaelba.eu
Fri Jun 23 05:09:47 UTC 2017
Il 22/06/2017 15:30, Rowland Penny via samba ha scritto:
> On Thu, 22 Jun 2017 14:47:36 +0200
> Marco Coli via samba <samba at lists.samba.org> wrote:
>
>> Hello,
>>
>> I have the same problems outlined in this old thread...
>> Only difference the original poster was on RHEL6.X, I am on RHEL7, he
>> compiled samba on its own, I used Sernet Samba (latest)...
>>
>> Unfortunately there is no solution on this thread. Suggestions?
>>
>> Thank you
>>
> Yikes, that was from nearly two years ago.
>
> Can you post:
> /etc/resolv.conf
> /etc/hostname
> /etc/hosts
> If using Bind9, its conf files
> /etc/samba/smb.conf
> /etc/krb5.conf
>
> Rowland
>
Yes very old, but it is the only similar problem (quite identical) I did
find.
Thank you for your interest, here we are:
cat /etc/resolv.conf
# Generated by NetworkManager
search niccolai.local
nameserver 10.0.0.253
----
[root at nic-mail ~]# cat /etc/hostname
nic-mail
----
[root at nic-mail ~]# cat /etc/hosts
10.0.0.253 nic-mail mail.niccolaitrafile.it nic-server-mail
nic-mail.niccolai.local nic-server-mail.niccolai.local
sogo.niccolaitrafile.it
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
____
[root at nic-mail ~]# cat /etc/named.conf
include "/etc/rndc.key";
# include "/var/lib/samba/private/named.conf";
include "/etc/named.conf.samba";
//
// named.conf for Red Hat caching-nameserver
//
options {
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
/*
* If there is a firewall between you and nameservers you want
* to talk to, you might need to uncomment the query-source
* directive below. Previous versions of BIND always asked
* questions using port 53, but BIND 8.1 uses an unprivileged
* port by default.
*/
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
// query-source address * port 53;
// forward first;
// forwarders {
// 8.8.8.8;
// 8.8.4.4;
# 151.99.125.2;
# 151.99.250.2;
# 213.92.5.54;
# 194.185.88.5;
# 151.99.125.3;
// };
};
//
// a caching only nameserver config
//
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "localdomain" IN {
type master;
file "localdomain.zone";
allow-update { none; };
};
zone "localhost" IN {
type master;
file "localhost.zone";
allow-update { none; };
};
zone "0.0.127.in-addr.arpa" IN {
type master;
file "named.local";
allow-update { none; };
};
zone
"0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa"
IN {
type master;
file "named.ip6.local";
allow-update { none; };
};
//zone "255.in-addr.arpa" IN {
// type master;
// file "named.broadcast";
// allow-update { none; };
// };
//zone "0.in-addr.arpa" IN {
// type master;
// file "named.zero";
// allow-update { none; };
//};
#zone "niccolai" IN {
# type master;
# file "niccolai";
# allow-update { key "rndckey" ; };
## allow-transfer { 10.0.0.19; };
## notify yes;
#};
#zone "10.in-addr.arpa" IN {
# type master;
# file "10.in-addr.arpa";
# allow-update { key "rndckey" ; };
## allow-transfer { 10.0.0.19; };
## notify yes;
#};
zone "niccolai.homelinux.org" IN {
type master;
file "homelinux";
allow-update { none; };
# allow-transfer { 10.0.0.19; };
notify yes;
};
zone "niccolaitrafile.it" IN {
type master;
file "niccolaitrafile.it";
allow-update { none; };
# allow-transfer { 10.0.0.19; };
# notify yes;
};
--------
[root at nic-mail ~]# cat /etc/named.conf.
named.conf.DISTRIB named.conf.rpmnew named.conf.samba
[root at nic-mail ~]# cat /etc/named.conf.samba
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba4/private/named.conf";
#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
#dlz "niccolai.local" {
# For BIND 9.8.0
# database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";
# For BIND 9.9.0
database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
};
----
[root at nic-mail ~]# cat /etc/samba/smb.conf
# Global parameters
[global]
workgroup = NICCOLAI
realm = niccolai.local
netbios name = NIC-MAIL
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
drepl, winbind, ntp_signd, kcc, dnsupdate
# idmap_ldb:use rfc2307 = yes
interfaces = 127.0.0.1 10.0.0.253
bind interfaces only = yes
unix extensions = yes
allow insecure wide links = Yes
# Inseriti per evitare blocco per troppi files aperti
# deadtime = 20
# max open files = 490000
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120
TCP_KEEPINTVL=10 TCP_KEEPCNT=5
ldap server require strong auth = no
# Aggiunto da TT 13/6
## client use spnego = no
## client ntlmv2 auth = no
## client ipc max protocol = NT1
# Aggiunto da TT 19/6
## client ldap sasl wrapping = plain
[netlogon]
path = /var/lib/samba/sysvol/niccolai.local/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[profiles]
path = /archivi/samba/profiles
read only = no
[dati]
comment = Directory di lavoro
path = /archivi/samba/dati
read only = no
wide links = yes
[Com]
comment= Commesse
path = /archivi/samba/dbcommesse
read only = No
public = yes
wide links = yes
[Scambio]
comment= Scambio
path = /archivi/samba/scambio
read only = No
writeable = yes
[Acquisti]
path = /archivi/samba/acquisti
read only = No
wide links = yes
[Commerciale]
path = /archivi/samba/commerciale
read only = no
wide links = yes
[Contabilita]
path = /archivi/samba/contabilita
read only = no
[Tecnico]
path = /archivi/samba/tecnico
read only = no
[Amministrazione]
path = /archivi/samba/amministrazione
read only = no
[Info$]
path = /archivi/samba/informatica
read only = no
wide links = yes
[manuali]
path = /archivi/samba/manuali
read only = no
wide links = yes
[officina]
path = /archivi/samba/officina
read only = no
[magazzino_inserti]
path = /archivi/samba/MAGAZZINO_INSERTI
read only = no
[Foto]
path = /archivi/samba/foto
read only = no
wide links = yes
[Contenit]
path = /archivi/samba/contenitori
read only = no
wide links = yes
#[Backup]
# path = /BACKUP
# browseable = yes
# read only = no
# read only = yes
# vfs objects = acl_xattr
[Collaudo]
path = /archivi/samba/collaudo
read only = no
# vfs objects = acl_xattr
[Certificati_conformita]
path = /archivi/samba/certificati_conformita
read only = no
[Manuali_Macchine]
path = /archivi/samba/MANUALI_MACCHINE
read only = no
wide links = yes
[Deployment]
path = /archivi/samba/DEPLOYMENT
read only = no
guest ok = yes
-----
[root at nic-mail ~]# cat /etc/krb5.conf
[libdefaults]
default_realm = NICCOLAI.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = true
After some hours the services are down, the output of wbinfo -u becomes
empty, and some weird login/share problems begin.
If I restart the services (systemctl restart sernet-samba-ad ) all is ok.
It worked flawlessy for years, until 15 days ago... The server is
updated with latest kernel and latest samba:
[root at nic-mail ~]# uname -a
Linux nic-mail 3.10.0-514.21.2.el7.x86_64 #1 SMP Sun May 28 17:08:21 EDT
2017 x86_64 x86_64 x86_64 GNU/Linux
[root at nic-mail ~]# rpm -qa |grep samba
sernet-samba-libsmbclient0-4.6.5-8.el7.x86_64
sernet-samba-4.6.5-8.el7.x86_64
sernet-samba-libs-4.6.5-8.el7.x86_64
sernet-samba-common-4.6.5-8.el7.x86_64
sernet-samba-client-4.6.5-8.el7.x86_64
sernet-samba-ad-4.6.5-8.el7.x86_64
sernet-samba-winbind-4.6.5-8.el7.x86_64
Thank you!
More information about the samba
mailing list