[Samba] Samba 4.6.2 member server errors

me at tdiehl.org me at tdiehl.org
Tue Oct 24 02:35:22 UTC 2017 

On Mon, 23 Oct 2017, Rowland Penny via samba wrote:

> On Mon, 23 Oct 2017 13:56:27 -0400 (EDT)
> me at tdiehl.org wrote:
>
>> On Fri, 20 Oct 2017, Rowland Penny via samba wrote:
>>
>>> On Fri, 20 Oct 2017 17:00:01 -0400 (EDT)
>>> me at tdiehl.org wrote:
>>>
>>>> On Mon, 16 Oct 2017, Rowland Penny via samba wrote:
>>>>> It seems to be treating computers as users (I could be barking up
>>>>> the wrong tree here), can you post the contents
>>>>> of /etc/hosts, /etc/hostname, /etc/resolv.conf
>>>>> and /etc/nsswitch.conf from the domain member
>>>>
>>>> Here you go:
>>>>
>>>> # cat /etc/resolv.conf
>>>> search kmg.mydomain.com mydomain.com
>>>> nameserver 172.30.0.7
>>>> nameserver 10.224.135.7
>>>>
>>>
>>> I would remove 'mydomain.com' from the search line.
>>
>> Done
>>
>>> I also take it that '10.224.135.7' is a DC in the
>>> 'kmg.mydomain.com', if it isn't, remove this nameserver.
>>
>> Yes, 10.224.135.7 is a DC.
>>
>>>
>>>>
>>>> The 2 name server ip addresses are the 2 dc's.
>>>>
>>>> # cat /etc/hosts
>>>>
>>>> 127.0.0.1    localhost localhost.localdomain
>>>> 172.30.0.8    vfs1.kmg.mydomain.com vfs1
>>>
>>> I would remove 'localhost.localdomain', there is no such thing as
>>> 'localdomain'
>>
>> Done
>>
>>>
>>>>
>>>>
>>>> # cat /etc/hostname
>>>> vfs1.kmg.mydomain.com
>>>
>>> The hostname should just be 'vfs1', it shouldn't be the FQDN.
>>>
>>>>
>>>> # cat /etc/nsswitch.conf
>>>> passwd:     files winbind
>>>> shadow:     files
>>>> group:      files winbind
>>>>
>>>> hosts:      files dns myhostname
>>>
>>> I would remove 'myhostname'
>>
>> Done
>>
>>>
>>>>
>>>> bootparams: nisplus [NOTFOUND=return] files
>>>> ethers:     files
>>>> netmasks:   files
>>>> networks:   files
>>>> protocols:  files
>>>> rpc:        files
>>>> services:   files sss
>>>>
>>>> netgroup:   files sss
>>>>
>>>> publickey:  nisplus
>>>>
>>>> automount:  files
>>>> aliases:    files nisplus
>>>>
>>>
>>> I would remove the two 'sss' instances
>>
>> Done
>>
>> I did net cache flush and rebooted. No change. Still getting the
>> kerberos errors and winbind not going to sleep when no one is in the
>> office.
>>
>> I am wondering if I were to remove the member server from the domain,
>> delete the tdb and ldb databases and then rejoin the domain if that
>> would help.
>>
>> Is there a db that tracks the kerberos information that I could reset?
>>
>> Besides the added work and the downtime, is there a down side to
>> doing this? If I understand correctly all of the important
>> information is stored in the DC's. Is this correct?
>>
>> I have the following in the smb.conf on the member servers:
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>>
>> idmap config KMG:backend = ad
>> idmap config KMG:schema_mode = rfc2307
>> idmap config KMG:unix_nss_info = yes
>> idmap config KMG:range = 10000-999999
>
> Unless I missed it, you have never said what OS this is.

It is Centos 7.4. They are VM's running on a vmware hypervisor.

In case it matters, There are 2 physical hosts. 1 DC and 1 Fileserver
on each physical hosts. When we are done the migration we will have total
of about 150 users split fairly evenly across the 2 physical hosts.

> How did you get to 4.6.2, did you install it directly or was it an
> upgrade from a previous Samba version.

This is a new domain. 2 self compiled 4.7.0 DC's and 2 member servers built
using the latest 4.6.2 rpms supplied with Centos 7.4 and configured as file
servers.

All were fresh installs.

Data is being migrated from a 10 year old samba 3.6 NT4 domain.
We chose to remove all of the windows 7 machines from the old NT4 domain
and join them to the new AD domain. All of the data is being rsync'd from
the old machines to the new file servers and permissions reset as necessary.

We did this to avoid problems associated with a classic upgrade and with
the exception of this problem it has gone well.

> You said this is the only Unix domain member exhibiting this problem,
> so you could try the windows fix, wipe the OS and start again ;-)

Well I think it is operating normally. There are 2 identical member servers
but only the server with the problem has data and users on it at this time.
The other one is currently in a different building and awaiting a move to
a new facility. Once it is in place, it is slated to go into production.
Light testing seems to show it is operating normally but given this issue,
I am not sure what it will do once I start transferring data to it and
loading it up.

> Provided you use the same smb.conf as on the other Unix domain members,
> you should have no problems.

Modulo the shares the smb.conf files are the same.

> Just back everything up and leave the domain:
> net ads leave -U Administrator

That is what I thought. Thanks for confirming that.

Regards,

-- 
Tom			me at tdiehl.org

More information about the samba mailing list