[Samba] Samba 4.6.2 member server errors
Rowland Penny
rpenny at samba.org
Mon Oct 23 18:19:10 UTC 2017
On Mon, 23 Oct 2017 13:56:27 -0400 (EDT)
me at tdiehl.org wrote:
> On Fri, 20 Oct 2017, Rowland Penny via samba wrote:
>
> > On Fri, 20 Oct 2017 17:00:01 -0400 (EDT)
> > me at tdiehl.org wrote:
> >
> >> On Mon, 16 Oct 2017, Rowland Penny via samba wrote:
> >>> It seems to be treating computers as users (I could be barking up
> >>> the wrong tree here), can you post the contents
> >>> of /etc/hosts, /etc/hostname, /etc/resolv.conf
> >>> and /etc/nsswitch.conf from the domain member
> >>
> >> Here you go:
> >>
> >> # cat /etc/resolv.conf
> >> search kmg.mydomain.com mydomain.com
> >> nameserver 172.30.0.7
> >> nameserver 10.224.135.7
> >>
> >
> > I would remove 'mydomain.com' from the search line.
>
> Done
>
> > I also take it that '10.224.135.7' is a DC in the
> > 'kmg.mydomain.com', if it isn't, remove this nameserver.
>
> Yes, 10.224.135.7 is a DC.
>
> >
> >>
> >> The 2 name server ip addresses are the 2 dc's.
> >>
> >> # cat /etc/hosts
> >>
> >> 127.0.0.1 localhost localhost.localdomain
> >> 172.30.0.8 vfs1.kmg.mydomain.com vfs1
> >
> > I would remove 'localhost.localdomain', there is no such thing as
> > 'localdomain'
>
> Done
>
> >
> >>
> >>
> >> # cat /etc/hostname
> >> vfs1.kmg.mydomain.com
> >
> > The hostname should just be 'vfs1', it shouldn't be the FQDN.
> >
> >>
> >> # cat /etc/nsswitch.conf
> >> passwd: files winbind
> >> shadow: files
> >> group: files winbind
> >>
> >> hosts: files dns myhostname
> >
> > I would remove 'myhostname'
>
> Done
>
> >
> >>
> >> bootparams: nisplus [NOTFOUND=return] files
> >> ethers: files
> >> netmasks: files
> >> networks: files
> >> protocols: files
> >> rpc: files
> >> services: files sss
> >>
> >> netgroup: files sss
> >>
> >> publickey: nisplus
> >>
> >> automount: files
> >> aliases: files nisplus
> >>
> >
> > I would remove the two 'sss' instances
>
> Done
>
> I did net cache flush and rebooted. No change. Still getting the
> kerberos errors and winbind not going to sleep when no one is in the
> office.
>
> I am wondering if I were to remove the member server from the domain,
> delete the tdb and ldb databases and then rejoin the domain if that
> would help.
>
> Is there a db that tracks the kerberos information that I could reset?
>
> Besides the added work and the downtime, is there a down side to
> doing this? If I understand correctly all of the important
> information is stored in the DC's. Is this correct?
>
> I have the following in the smb.conf on the member servers:
>
> idmap config * : backend = tdb
> idmap config * : range = 3000-7999
>
> idmap config KMG:backend = ad
> idmap config KMG:schema_mode = rfc2307
> idmap config KMG:unix_nss_info = yes
> idmap config KMG:range = 10000-999999
>
> Any other suggestions?
>
> Regards,
>
Unless I missed it, you have never said what OS this is.
How did you get to 4.6.2, did you install it directly or was it an
upgrade from a previous Samba version.
You said this is the only Unix domain member exhibiting this problem,
so you could try the windows fix, wipe the OS and start again ;-)
Provided you use the same smb.conf as on the other Unix domain members,
you should have no problems.
Just back everything up and leave the domain:
net ads leave -U Administrator
Rowland
More information about the samba
mailing list