[Samba] wbinfo -r 'username' displays inconsistent results across DC's

lingpanda101 lingpanda101 at gmail.com
Fri May 11 16:18:29 UTC 2018 

Hello,

     Looking up a users group membership I'm showing different results 
on each DC. UID and GID mapping appears consistent but not all group 
membership is displayed. I've verified idmap.ldb is backup up and copied 
over to the other DC's. I do notice when taking a hot backup of 
idmap.ldb, the file size is dramatically smaller than the original. 
Using Microsoft RSAT to view group membership displays consistent 
results. This behavior is not consistent for all users. Many show 
consistent results while others do not. DC1 which is the first 
provisioned DC appears to display all group membership accurately with 
wbinfo -r.

Ubuntu 14.04LTS

Samba 4.7.5

smb.conf (Consistent across all DC's)

# Global parameters
[global]
         workgroup = DOMAIN
         realm = DOMAIN.LOCAL
         netbios name = DC1
         server role = active directory domain controller
         dns forwarder = 75.75.75.75 208.67.222.222
         idmap_ldb:use rfc2307 = Yes
         server services = -dns

         log file = /usr/local/samba/var/log.samba
         max log size = 5000
         log level = 0 auth_audit:3
         debug timestamp = Yes
         debug uid = Yes
         debug pid = Yes

         load printers = No
         printcap name = /dev/null
         disable spoolss = Yes

         tls enabled  = yes
         tls keyfile  = tls/myKey.pem
         tls certfile = tls/myCert.pem
         tls cafile   =

         ldap server require strong auth = no

[netlogon]
         path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
         read only = No

[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No


@DC2:~# wbinfo -r james
10000
3000141
3000223
3000224
10031
10004
3000363
3000030
3000004
3000005
3000008
10009
10053
10010
10011
10012
10013
10015
3000031
10034
10032
10033
3000440
10017
3000566
10019
10007
10022
10023
10024
3000009
3000034
3000000

@DC1:~# wbinfo -r james
10000
3000141
3000223
3000224
10031
3000368
3000030
3000004
3000005
3000008
10043
10009
10053
10010
10011
10012
10013
10015
3000031
10034
10032
10033
3000451
10017
10019
10007
10022
10023
10024
10025
10026
10030
10036
10037
10038
10039
10040
3000007
10041
10042
10044
3000515
10045
3000584
3000009
3000034
3000000

-- 
--
James

More information about the samba mailing list