[Samba] Replication and KCC problems on upgrade

Rowland Penny rpenny at samba.org
Thu Mar 14 22:10:55 UTC 2019 

On Thu, 14 Mar 2019 16:56:17 -0500 (CDT)
Mike Ray <mray at xes-inc.com> wrote:

> ----- On Mar 1, 2019, at 9:20 AM, Mike Ray mray at xes-inc.com wrote:
> 
> > ----- On Mar 1, 2019, at 3:35 AM, samba samba at lists.samba.org
> > wrote:  
> >> 
> >> I wonder if this has anything to do with the 'you cannot upgrade
> >> directly from 4.7.x to 4.9.x' bug ?  
> > 
> > 
> > I was not aware of this bug. Do you think I should scrap this
> > upgrade and try again jumping like so? 4.0.6-12 -> 4.7 -> 4.8 -> 4.9
> >   
> 
> Upgrading 4.0.6-12 -> 4.7 -> 4.8 -> 4.9 got me to 4.9 without any
> replication/ldapcmp errors.
> 
> However, since 4.8, domain members using winbind are unable to ID
> users.
> 
> wbinfo -u and wbinfo -g return just fine, but id does not. It seems
> that it cannot resolve SIDs though:
> 
> wbinfo -S <sid>
> failed to call wbcSidToUid: WBC_ERR_DOMAIN_NOT_FOUND
> Could not convert sid <sid> to uid
> 
> 
> 
> My setup ran on 4.7 without issue.

Well it might have, but it isn't correct ;-)

> 
> [global]
>         netbios name = mray5
>         realm = TEST.REALM
>         workgroup = TEST
>         preferred master = no
>         security = ADS
>         encrypt passwords = yes
>         log level = 3
>         log file = /var/log/samba/%I
>         max log size = 50
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         winbind nested groups = Yes
>         winbind offline logon = Yes
>         idmap config * : range = 3000 - 4000
>         idmap config * : backend = tdb
>         idmap config TEST : schema_mode = rfc2307
>         idmap config TEST : backend = ad
>         idmap config TEST : range = 9000 - 12000

Okay to here
 
>         idmap config TEST : readonly = yes
>         idmap config TEST : default = yes

I don't recognise those two lines and they are not in 'man idmap_ad'

>         idmap cache time = 604800
>         idmap negative cache time = 604800
>         winbind cache time = 604800
>         template shell = /bin/bash
>         template homedir = /home/%U
>         winbind nss info = rfc2307

The line above has been replaced by:
        idmap config TEST : unix_nss_info = yes

>         usershare path =

Rowland

More information about the samba mailing list