[Samba] Samba 4.6.2 member server errors
me at tdiehl.org
me at tdiehl.org
Mon Oct 23 17:56:27 UTC 2017
On Fri, 20 Oct 2017, Rowland Penny via samba wrote:
> On Fri, 20 Oct 2017 17:00:01 -0400 (EDT)
> me at tdiehl.org wrote:
>
>> On Mon, 16 Oct 2017, Rowland Penny via samba wrote:
>>> It seems to be treating computers as users (I could be barking up
>>> the wrong tree here), can you post the contents
>>> of /etc/hosts, /etc/hostname, /etc/resolv.conf
>>> and /etc/nsswitch.conf from the domain member
>>
>> Here you go:
>>
>> # cat /etc/resolv.conf
>> search kmg.mydomain.com mydomain.com
>> nameserver 172.30.0.7
>> nameserver 10.224.135.7
>>
>
> I would remove 'mydomain.com' from the search line.
Done
> I also take it that '10.224.135.7' is a DC in the 'kmg.mydomain.com',
> if it isn't, remove this nameserver.
Yes, 10.224.135.7 is a DC.
>
>>
>> The 2 name server ip addresses are the 2 dc's.
>>
>> # cat /etc/hosts
>>
>> 127.0.0.1 localhost localhost.localdomain
>> 172.30.0.8 vfs1.kmg.mydomain.com vfs1
>
> I would remove 'localhost.localdomain', there is no such thing as
> 'localdomain'
Done
>
>>
>>
>> # cat /etc/hostname
>> vfs1.kmg.mydomain.com
>
> The hostname should just be 'vfs1', it shouldn't be the FQDN.
>
>>
>> # cat /etc/nsswitch.conf
>> passwd: files winbind
>> shadow: files
>> group: files winbind
>>
>> hosts: files dns myhostname
>
> I would remove 'myhostname'
Done
>
>>
>> bootparams: nisplus [NOTFOUND=return] files
>> ethers: files
>> netmasks: files
>> networks: files
>> protocols: files
>> rpc: files
>> services: files sss
>>
>> netgroup: files sss
>>
>> publickey: nisplus
>>
>> automount: files
>> aliases: files nisplus
>>
>
> I would remove the two 'sss' instances
Done
I did net cache flush and rebooted. No change. Still getting the kerberos
errors and winbind not going to sleep when no one is in the office.
I am wondering if I were to remove the member server from the domain, delete
the tdb and ldb databases and then rejoin the domain if that would help.
Is there a db that tracks the kerberos information that I could reset?
Besides the added work and the downtime, is there a down side to doing this?
If I understand correctly all of the important information is stored in
the DC's. Is this correct?
I have the following in the smb.conf on the member servers:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config KMG:backend = ad
idmap config KMG:schema_mode = rfc2307
idmap config KMG:unix_nss_info = yes
idmap config KMG:range = 10000-999999
Any other suggestions?
Regards,
--
Tom me at tdiehl.org
More information about the samba
mailing list