[Samba] AD woes

Emmanuel Florac eflorac at intellique.com
Thu Apr 22 14:42:45 UTC 2021 

Le Thu, 22 Apr 2021 15:36:06 +0200
Emmanuel Florac via samba <samba at lists.samba.org> écrivait:

> Le Wed, 21 Apr 2021 17:35:30 +0100
> Rowland penny via samba <samba at lists.samba.org> écrivait:
> 
> > On 21/04/2021 17:03, Emmanuel Florac wrote:  
> > > [global]
> > >
> > >      idmap config SOMEDOMAIN : range = 10000-999999    
> > 
> > 
> > As there doesn't seem to be anything wrong with your smb.conf, I
> > wonder if this is just down to the new RID's being too large, try
> > adding another 9 to the 'SOMEDOMAIN' range.  
> 
> There are only like 120 users so that shouldn't be a problem...
> Actually the last 4 users can't login, and those have been created on
> the new DC server. So I'll plan doing a "net ads leave" then a "net
> ads join" to see if it behaves better after that.
> 
> The winbind logs are full of these:
> 
> [2021/04/22 13:18:28.879147,
> 0] ../source3/lib/util_tdb.c:497(tdb_chainlock_with_timeout_internal)
> tdb_chainlock_with_timeout_internal: alarm (40) timed out for key
> NEWADSERVER.SOMEDOMAIN.local in tdb /var/run/samba/mutex.tdb
> [2021/04/22 13:18:28.879249,
> 0] ../source3/winbindd/winbindd_cm.c:1023(cm_prepare_connection)
> cm_prepare_connection: mutex grab failed for
> NEWADSERVER.SOMEDOMAIN.local [2021/04/22 13:18:28.880401,
> 0] ../source3/winbindd/winbindd_dual.c:107(child_write_response)
> 
> So it obviously have trouble connecting to the NEWADSERVER ...
> 

Seeing this I've seen bugs reports like
https://redmine.ixsystems.com/issues/35122

And thought "Hmm, maybe it's really as stupid as winbindd not switching
servers, what would happen if I simply restarted winbind?"

So I did just this, and suddenly, "wbinfo --dc-info=SOMEDOMAIN reports
the right server, and the new users are listed... So I'll have to check
that they can connect properly, but that looks promising!

-- 
------------------------------------------------------------------------
Emmanuel Florac     |   Direction technique
                    |   Intellique
                    |	<eflorac at intellique.com>
                    |   +33 1 78 94 84 02
------------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: Signature digitale OpenPGP
URL: <http://lists.samba.org/pipermail/samba/attachments/20210422/cb786e75/attachment.sig>

More information about the samba mailing list