[Samba] Uidnumbers strange behaviour on DC

Carlos Jesus camjesus2 at gmail.com
Wed Oct 3 12:33:08 UTC 2018


Dear all,
I have a problem with our samba installation and really need your input
since I'm running out of ideas.
Short story:
UidNumbers on a DC have a strange behaviour
Longer Story:
1) Self compiled samba ad-dc now on V4.8.5 (recently and painlessly
upgraded from 4.6.14) +bind9 +dhcp on debian stretch mostly managed through
RSAT
2) 2 DC's + 3 linux (debian/ubuntu) +20ish win10 clients configured
according to  (a hopefully correct) extensive reading of the wiki
3) One of the DC's is a file server (yeah... I know...; working on solving
this soon and actually this is why I noticed this issue)
4) The issue:
4a) On DC1: wbinfo --user-info=cmachado
EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
4b) on DC2: wbinfo --user-info=cmachado
EUROHIDRA\cmachado:*:10014:10001::/home/EUROHIDRA/cmachado:/bin/false
4c) On DC1:  wbinfo --uid-info=10014
EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
4d) On DC1:  wbinfo --uid-info=3000154
EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
4e) on RSAT Uidnumber: 10014
5) Now, if I do a net cache flush on DC1, I get:  wbinfo
--user-info=cmachado
EUROHIDRA\cmachado:*:10014:10001::/home/EUROHIDRA/cmachado:/bin/false
5a) After a samba restart, the "odd" Uidnumbers" return
6) This happens only for 3 (out of 20ish) users
7)On DC1: ldbsearch -H /usr/local/samba/private/sam.ldb
'(&(objectclass=user)(samaccountname=cmachado))'
# record 1
dn: CN=Cristina Machado,CN=Users,DC=eurohidra,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Cristina Machado
sn: Machado
givenName: Cristina
instanceType: 4
whenCreated: 20180112122221.0Z
displayName: Cristina Machado
uSNCreated: 498356
name: Cristina Machado
objectGUID: a5082771-0b7e-4f54-9083-1db1d731bb5f
userAccountControl: 66048
codePage: 0
countryCode: 0
pwdLastSet: 131602333415267730
primaryGroupID: 513
objectSid: S-1-5-21-2578023650-2965493730-3822412211-1605
accountExpires: 9223372036854775807
sAMAccountName: Cmachado
sAMAccountType: 805306368
userPrincipalName: Cmachado at eurohidra.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=eurohidra,DC=local
memberOf: CN=geral,CN=Users,DC=eurohidra,DC=local
memberOf: CN=tecnico,CN=Users,DC=eurohidra,DC=local
uidNumber: 10014
lastLogonTimestamp: 131822529122437820
whenChanged: 20180927144131.0Z
uSNChanged: 886823
msDS-SupportedEncryptionTypes: 0
lastLogon: 131830228531838880
logonCount: 804
distinguishedName: CN=Cristina Machado,CN=Users,DC=eurohidra,DC=local

# Referral
ref: ldap://eurohidra.local/CN=Configuration,DC=eurohidra,DC=local

# Referral
ref: ldap://eurohidra.local/DC=DomainDnsZones,DC=eurohidra,DC=local

# Referral
ref: ldap://eurohidra.local/DC=ForestDnsZones,DC=eurohidra,DC=local

# returned 4 records
# 1 entries
# 3 referrals

9) relevant smb.conf on DC1
[global]
        realm = EUROHIDRA.LOCAL
        workgroup = EUROHIDRA
        netbios name = EHSERVER
        interfaces = lo br0
        bind interfaces only = Yes
        server role = active directory domain controller
        idmap_ldb:use rfc2307 = yes
        log level = 2
        log file = /var/log/samba/samba.log
        username map = /usr/local/samba/etc/user.map
        services -dns
use sendfile =yes
server signing = No
write cache size = 2097152
min receivefile size = 16384
getwd cache = yes
read raw = Yes
write raw = Yes
strict locking = No
server min protocol = SMB2

        passwd program = /usr/bin/passwd %u
        time server =yes
        unix password sync = yes
        dedicated keytab file = /etc/krb5.keytab
        kerberos method = secrets and keytab
        winbind refresh tickets = Yes
        winbind use default domain = yes

        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

10) and on DC2
[global]
        realm = EUROHIDRA.LOCAL
        workgroup = EUROHIDRA
        netbios name = EHSECONDARY
        server role = active directory domain controller
        interfaces = lo br0
        bind interfaces only = Yes
        idmap_ldb:use rfc2307 = yes
        log level = 2
        log file = /var/log/samba/samba.log

server services = -dns

        load printers = no
        printing = bsd
        printcap name = /dev/null
        disable spoolss = yes

11) Any clues/advices that don't envolve "delete users and recreate"?. I
can't find anything relevant in the logs but feel free to ask for them or
any other configuration files of course
12) Thanks in advance for any help
Best Regards,

Carlos Jesus


More information about the samba mailing list