[Samba] wbinfo -U id gives different users on same dc

Özkan Göksu ozkan.goksu at usishi.com
Thu Feb 15 08:19:13 UTC 2018 

Thanks for helping me out. It is really appreciated. It is not easy to find
out good online information about samba :(

My original idea was to keep my understanding of important default options
written in smb.conf after full reading of https://www.samba.org/
samba/docs/4.7/man-html/smb.conf.5.html.

For the "winbind enum users/group" options I added them since smb.conf(5)
states some programs behaves oddly if they are not enabled:
https://www.samba.org/samba/docs/4.7/man-html/smb.conf.5.html#
winbindenumgroups. However I am removing them as you say.

For the "dns update command” setting I thought it would solve my dns update
problem whenever I try to join Active Directory. My samba version is 4.7.4.

[root at AA-SM2 ]# net ads join -U administrator
Enter administrator's password:
Using short domain name -- AA
Joined 'AA-SM2' to dns domain 'aa.local'
No DNS domain configured for aa-sm2. Unable to perform DNS Update.
DNS update failed: NT_STATUS_INVALID_PARAMETER

For the "socket options” setting I read it on the internet which is
somewhat considered to be a best practice for samba performance. I am
removing it also.

BTW there is a long standing issue of mine which I haven’t found an answer.
I always see limit warning at smbd service start up. It does no help no
matter I set "max open files = 232040” in smb.conf nor /etc/security/limits
settings.

[2018/02/15 10:39:02.985913,  2] ../source3/param/loadparm.c:
321(max_open_files)
  rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
[2018/02/15 10:39:02.986630,  2] ../source3/param/loadparm.c:
2791(lp_do_section)
  Processing section "[yenitest]"
[2018/02/15 10:39:02.987321,  2] ../source3/lib/interface.c:
345(add_interface)
  added interface vlan11 ip=192.168.11.3 bcast=192.168.11.255
netmask=255.255.255.0
[2018/02/15 10:39:02.987391,  2] ../source3/lib/interface.c:
345(add_interface)
  added interface vlan50 ip=10.0.50.4 bcast=10.0.50.255
netmask=255.255.255.0
[2018/02/15 10:39:02.987439,  2] ../source3/lib/interface.c:
345(add_interface)
  added interface enp2s0f0 ip=10.1.60.3 bcast=10.1.60.255
netmask=255.255.255.0
[2018/02/15 10:39:02.987484,  2] ../source3/lib/interface.c:
345(add_interface)
  added interface enp2s0f0 ip=10.1.60.5 bcast=10.1.60.255
netmask=255.255.255.0
[2018/02/15 10:39:02.987611,  1] ../source3/profile/profile_
dummy.c:30(set_profile_level)
  INFO: Profiling support unavailable in this build.
[2018/02/15 10:39:02.989393,  2] ../source3/passdb/pdb_
interface.c:161(make_pdb_method_name)
  No builtin backend found, trying to load plugin
[2018/02/15 10:39:03.006312,  1] ../source3/smbd/files.c:218(
file_init_global)
  file_init_global: Information only: requested 232040 open files, 59392
are available.
[2018/02/15 10:39:03.009324,  0] ../lib/util/become_daemon.c:
124(daemon_ready)
  STATUS=daemon 'smbd' finished starting up and ready to serve connections
[2018/02/15 10:39:03.009569,  2] ../source3/smbd/server.c:1395(
smbd_parent_loop)
  waiting for connections

Here are my settings in /etc/security/limits.

* soft nofile  99000
* hard nofile 999000
* - memlock unlimited
* - nofile 100000
* - nproc 32768
* - as unlimited

@root soft nofile 99000
@root hard nofile 999000
@root - memlock unlimited
@root - nofile 100000
@root - nproc 32768
@root - as unlimited


Again thanks for you help,

Ozkan


*Özkan GÖKSU* | *Tekn. Geliştirme* | ozkan.goksu at usishi.com
<goktug.yildirim at usishi.com>
C : +90 555 449 88 71 | T : +90 (216) 442 7070 |
http://www.usishi.com


2018-02-14 17:26 GMT+02:00 Rowland Penny via samba <samba at lists.samba.org>:

> On Wed, 14 Feb 2018 16:30:07 +0200
> Özkan Göksu <ozkan.goksu at usishi.com> wrote:
>
> > RID solved my problem. But while reading docs I saw new things and I
> > changed my smb.conf completely.
> > I have read almost every parameter but i'm still not %100 sure.
> > Can you do me a last favor?
> > Please can you tell me do I have any problem with new smb.conf?
> >
>
> No problems as such, but you don't need these because they are default
> settings:
>
>     winbind nested groups = yes
>     encrypt passwords = yes
>     strict locking = Auto
>     oplocks = yes
>     deadtime = 15
>     unix charset = UTF-8
>     case sensitive = auto
>     guest account = nobody
>     ntlm auth = no
>     client ntlmv2 auth = yes
>     kernel change notify = yes
>     domain logons = no
>     client use spnego = yes
>     strict sync = no
>
> All the next two lines do is make 'getent passwd' & 'getent group'
> display a list of all users or groups AND slow things down, you do not
> need them:
>
>     winbind enum users = yes
>     winbind enum groups = yes
>
> The next line is only any good on a Samba DC:
>
>     dns update command = /usr/sbin/samba_dnsupdate
>
> You shouldn't really mess with the socket options, that's the kernels
> job:
>
>     socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list