[Samba] Samba 4.6.2 member server errors

Rowland Penny rpenny at samba.org
Mon Oct 23 18:19:10 UTC 2017 

On Mon, 23 Oct 2017 13:56:27 -0400 (EDT)
me at tdiehl.org wrote:

> On Fri, 20 Oct 2017, Rowland Penny via samba wrote:
> 
> > On Fri, 20 Oct 2017 17:00:01 -0400 (EDT)
> > me at tdiehl.org wrote:
> >
> >> On Mon, 16 Oct 2017, Rowland Penny via samba wrote:
> >>> It seems to be treating computers as users (I could be barking up
> >>> the wrong tree here), can you post the contents
> >>> of /etc/hosts, /etc/hostname, /etc/resolv.conf
> >>> and /etc/nsswitch.conf from the domain member
> >>
> >> Here you go:
> >>
> >> # cat /etc/resolv.conf
> >> search kmg.mydomain.com mydomain.com
> >> nameserver 172.30.0.7
> >> nameserver 10.224.135.7
> >>
> >
> > I would remove 'mydomain.com' from the search line.
> 
> Done
> 
> > I also take it that '10.224.135.7' is a DC in the
> > 'kmg.mydomain.com', if it isn't, remove this nameserver.
> 
> Yes, 10.224.135.7 is a DC.
> 
> >
> >>
> >> The 2 name server ip addresses are the 2 dc's.
> >>
> >> # cat /etc/hosts
> >>
> >> 127.0.0.1    localhost localhost.localdomain
> >> 172.30.0.8    vfs1.kmg.mydomain.com vfs1
> >
> > I would remove 'localhost.localdomain', there is no such thing as
> > 'localdomain'
> 
> Done
> 
> >
> >>
> >>
> >> # cat /etc/hostname
> >> vfs1.kmg.mydomain.com
> >
> > The hostname should just be 'vfs1', it shouldn't be the FQDN.
> >
> >>
> >> # cat /etc/nsswitch.conf
> >> passwd:     files winbind
> >> shadow:     files
> >> group:      files winbind
> >>
> >> hosts:      files dns myhostname
> >
> > I would remove 'myhostname'
> 
> Done
> 
> >
> >>
> >> bootparams: nisplus [NOTFOUND=return] files
> >> ethers:     files
> >> netmasks:   files
> >> networks:   files
> >> protocols:  files
> >> rpc:        files
> >> services:   files sss
> >>
> >> netgroup:   files sss
> >>
> >> publickey:  nisplus
> >>
> >> automount:  files
> >> aliases:    files nisplus
> >>
> >
> > I would remove the two 'sss' instances
> 
> Done
> 
> I did net cache flush and rebooted. No change. Still getting the
> kerberos errors and winbind not going to sleep when no one is in the
> office.
> 
> I am wondering if I were to remove the member server from the domain,
> delete the tdb and ldb databases and then rejoin the domain if that
> would help.
> 
> Is there a db that tracks the kerberos information that I could reset?
> 
> Besides the added work and the downtime, is there a down side to
> doing this? If I understand correctly all of the important
> information is stored in the DC's. Is this correct?
> 
> I have the following in the smb.conf on the member servers:
> 
> idmap config * : backend = tdb 
> idmap config * : range = 3000-7999
> 
> idmap config KMG:backend = ad 
> idmap config KMG:schema_mode = rfc2307 
> idmap config KMG:unix_nss_info = yes 
> idmap config KMG:range = 10000-999999
> 
> Any other suggestions?
> 
> Regards,
> 

Unless I missed it, you have never said what OS this is.

How did you get to 4.6.2, did you install it directly or was it an
upgrade from a previous Samba version.

You said this is the only Unix domain member exhibiting this problem,
so you could try the windows fix, wipe the OS and start again ;-)

Provided you use the same smb.conf as on the other Unix domain members,
you should have no problems.
Just back everything up and leave the domain:
net ads leave -U Administrator

Rowland

More information about the samba mailing list