[Samba] wbinfo -U id gives different users on same dc
L.P.H. van Belle
belle at bazuin.nl
Thu Feb 15 12:25:58 UTC 2018
sure,
https://github.com/thctlo/samba4/tree/master/howtos
now these are debian based, but if you read throught the howto.
start with stretch-base-2.0-samba-minimal-ad.txt
ok, that happens that .local cant be changed, but now its even more important that the resolving is correct.
the hosts
127.0.0.1 localhost localhost.localdomain
10.254.104.8 wdc04.aa.local wdc04 < is this the samba DC?
10.254.105.208 AA-SM2 << missing .domain or this, i "guess" base on you join below its this one.
setup host like this.
IP HOST_FQDN(hostname -f) ALIAS_NAME(hostname -s)
and /etc/resolv.conf
search aa.local < this is your primary samba domain.
nameserver 10.254.104.8 < this is your dc?
nameserver 10.254.104.13 and this is?
i also suggest, goto
https://wiki.archlinux.org/index.php/Samba/Active_Directory_domain_controller
some parts of my howto are also from arch examples.
Greetz,
Louis
Van: Özkan Göksu [mailto:ozkan.goksu at usishi.com]
Verzonden: donderdag 15 februari 2018 12:32
Aan: L.P.H. van Belle
CC: samba at lists.samba.org
Onderwerp: Re: [Samba] wbinfo -U id gives different users on same dc
Hi Louis,
Thanks for information, find it sometimes is a real challenge. Would you please share your how to link? I wish to read it.
For the .local domain I suppose I have nothing to do. This is a running windows Active Directory and it is not possible to change domain suffix.
Here is my /etc/hosts
127.0.0.1 localhost.localdomain localhost
10.254.104.8 wdc04.aa.local wdc04
10.254.105.208 AA-SM2
and /etc/resolv.conf
search aa.local
nameserver 10.254.104.8
nameserver 10.254.104.13
My distribution is Archlinux.
Greetings,
Ozkan
Sure there is,
Install debian, follow my howto and you will have success.
Just, your using an .local domain, and thats a reserved name for apples mDNS (zeroconf)
And should not be used. ( same for .lan )
https://wiki.samba.org/index.php/FAQ#Can_I_Use_the_.local_Top-level_Domain_for_My_AD_DNS_Zone.3F
So the info is good, thats not the problem, finding it, is.
Can you post your /etc/hosts and resolv.conf also to be sure these are ok.
And whats the running OS, thats a nice to know.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Özkan Göksu via samba
> Verzonden: donderdag 15 februari 2018 9:19
> Aan: Rowland Penny
> CC: samba at lists.samba.org
> Onderwerp: Re: [Samba] wbinfo -U id gives different users on same dc
>
> Thanks for helping me out. It is really appreciated. It is
> not easy to find
> out good online information about samba :(
>
> My original idea was to keep my understanding of important
> default options
> written in smb.conf after full reading of https://www.samba.org/
> samba/docs/4.7/man-html/smb.conf.5.html.
>
> For the "winbind enum users/group" options I added them since
> smb.conf(5)
> states some programs behaves oddly if they are not enabled:
> https://www.samba.org/samba/docs/4.7/man-html/smb.conf.5.html#
> winbindenumgroups. However I am removing them as you say.
>
> For the "dns update command? setting I thought it would solve
> my dns update
> problem whenever I try to join Active Directory. My samba
> version is 4.7.4.
>
> [root at AA-SM2 ]# net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- AA
> Joined 'AA-SM2' to dns domain 'aa.local'
> No DNS domain configured for aa-sm2. Unable to perform DNS Update.
> DNS update failed: NT_STATUS_INVALID_PARAMETER
>
> For the "socket options? setting I read it on the internet which is
> somewhat considered to be a best practice for samba performance. I am
> removing it also.
>
> BTW there is a long standing issue of mine which I haven?t
> found an answer.
> I always see limit warning at smbd service start up. It does
> no help no
> matter I set "max open files = 232040? in smb.conf nor
> /etc/security/limits
> settings.
>
> [2018/02/15 10:39:02.985913, 2] ../source3/param/loadparm.c:
> 321(max_open_files)
> rlimit_max: increasing rlimit_max (1024) to minimum Windows
> limit (16384)
> [2018/02/15 10:39:02.986630, 2] ../source3/param/loadparm.c:
> 2791(lp_do_section)
> Processing section "[yenitest]"
> [2018/02/15 10:39:02.987321, 2] ../source3/lib/interface.c:
> 345(add_interface)
> added interface vlan11 ip=192.168.11.3 bcast=192.168.11.255
> netmask=255.255.255.0
> [2018/02/15 10:39:02.987391, 2] ../source3/lib/interface.c:
> 345(add_interface)
> added interface vlan50 ip=10.0.50.4 bcast=10.0.50.255
> netmask=255.255.255.0
> [2018/02/15 10:39:02.987439, 2] ../source3/lib/interface.c:
> 345(add_interface)
> added interface enp2s0f0 ip=10.1.60.3 bcast=10.1.60.255
> netmask=255.255.255.0
> [2018/02/15 10:39:02.987484, 2] ../source3/lib/interface.c:
> 345(add_interface)
> added interface enp2s0f0 ip=10.1.60.5 bcast=10.1.60.255
> netmask=255.255.255.0
> [2018/02/15 10:39:02.987611, 1] ../source3/profile/profile_
> dummy.c:30(set_profile_level)
> INFO: Profiling support unavailable in this build.
> [2018/02/15 10:39:02.989393, 2] ../source3/passdb/pdb_
> interface.c:161(make_pdb_method_name)
> No builtin backend found, trying to load plugin
> [2018/02/15 10:39:03.006312, 1] ../source3/smbd/files.c:218(
> file_init_global)
> file_init_global: Information only: requested 232040 open
> files, 59392
> are available.
> [2018/02/15 10:39:03.009324, 0] ../lib/util/become_daemon.c:
> 124(daemon_ready)
> STATUS=daemon 'smbd' finished starting up and ready to
> serve connections
> [2018/02/15 10:39:03.009569, 2] ../source3/smbd/server.c:1395(
> smbd_parent_loop)
> waiting for connections
>
> Here are my settings in /etc/security/limits.
>
> * soft nofile 99000
> * hard nofile 999000
> * - memlock unlimited
> * - nofile 100000
> * - nproc 32768
> * - as unlimited
>
> @root soft nofile 99000
> @root hard nofile 999000
> @root - memlock unlimited
> @root - nofile 100000
> @root - nproc 32768
> @root - as unlimited
>
>
> Again thanks for you help,
>
> Ozkan
>
>
> *Özkan GÖKSU* | *Tekn. Geli??tirme* | ozkan.goksu at usishi.com
> <goktug.yildirim at usishi.com>
> C : +90 555 449 88 71 | T : +90 (216) 442 7070 |
> http://www.usishi.com
>
>
> 2018-02-14 17:26 GMT+02:00 Rowland Penny via samba
> <samba at lists.samba.org>:
>
> > On Wed, 14 Feb 2018 16:30:07 +0200
> > Özkan Göksu <ozkan.goksu at usishi.com> wrote:
> >
> > > RID solved my problem. But while reading docs I saw new
> things and I
> > > changed my smb.conf completely.
> > > I have read almost every parameter but i'm still not %100 sure.
> > > Can you do me a last favor?
> > > Please can you tell me do I have any problem with new smb.conf?
> > >
> >
> > No problems as such, but you don't need these because they
> are default
> > settings:
> >
> > winbind nested groups = yes
> > encrypt passwords = yes
> > strict locking = Auto
> > oplocks = yes
> > deadtime = 15
> > unix charset = UTF-8
> > case sensitive = auto
> > guest account = nobody
> > ntlm auth = no
> > client ntlmv2 auth = yes
> > kernel change notify = yes
> > domain logons = no
> > client use spnego = yes
> > strict sync = no
> >
> > All the next two lines do is make 'getent passwd' & 'getent group'
> > display a list of all users or groups AND slow things down,
> you do not
> > need them:
> >
> > winbind enum users = yes
> > winbind enum groups = yes
> >
> > The next line is only any good on a Samba DC:
> >
> > dns update command = /usr/sbin/samba_dnsupdate
> >
> > You shouldn't really mess with the socket options, that's
> the kernels
> > job:
> >
> > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> >
> > Rowland
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list