[Samba] second dc not working properly

[Rowland penny]

On 28/12/2020 13:43, mj via samba wrote:
> Hi Rowland,
>
> On 12/28/20 12:49 PM, Rowland penny via samba wrote:
>>> (I run a script on the member server that verifies the existance of 
>>> our AD groups using "getent group")
>> But then again 'getent group' (without a specific group) shouldn't 
>> work because you shouldn't have the 'winbind enum' lines in a 
>> production Unix domain member smb.conf
>
> We have set:
> winbind enum users  = yes
> winbind enum groups = yes
>
> I could turn it off, but I don't think it's related the this issue, do 
> you..?
Probably not, but you do not need them and they can slow things down, 
didn't Sernet tell you this ?
>
>>> Curious if everybody here can actually reboot their DCs (or stop 
>>> samba on them) without any consequence on their domain member servers?
>> Yes, I can.
> Interesting.
I can turn a DC off and my Unix domain members do not notice. I should 
also mention that I never reboot my DC's or restart Samba unless I have to.
>
>>> We have three DCs, no problems between them, they have recently been 
>>> examined by sernet with basically no remarks. The DCs run 4.12.8 
>>> sernet, and the domain member server is still on 4.10.18. (yes, we 
>>> will upgrade that soon)
>>
>> Well if Sernet cannot find anything wrong (unless they only gave them 
>> a cursory glance), then there shouldn't be anything wrong, quite a 
>> few of the Samba team work there 😁
> Yes, I think they took a good look, to solve replication isues we were 
> having for two specific DNs, a month or two ago. (other than that, 
> these DCs have been running rock-solid for a couple of years)
>
> MJ
>
The problem is, whilst I understand that some users have the problem you 
are having, I cannot recreate it in my domain and as I cannot recreate 
the problem, I cannot attempt to find the cause 🙁

Rowland