[Samba] Long time before user shows up on member server
L.P.H. van Belle
belle at bazuin.nl
Wed Feb 10 13:32:40 UTC 2021
Follow these guidlines (for all servers basicly)
Make sure the primary dns is used first, so the one you
provisoned samba with.
/etc/hosts (DC1)
193.167.33.91 sad1.sad.arcada.fi sad1.arcada.fi sad1
2001:708:170:33::91 sad1.sad.arcada.fi sad1.arcada.fi sad1
/etc/hosts (DC2)
193.167.33.91 sad2.sad.arcada.fi sad2.arcada.fi sad2
2001:708:170:33::92 sad2.sad.arcada.fi sad2.arcada.fi sad2
/etc/resolv.conf
nameserver ip_AD-DC1_ITS_OWN_IP
nameserver ip_AD-DC2
search primary.dnsdomain.tld dnsdomain.tld
that should fix this.
> Non-authoritative answer:
> *** Can't find _kerberos._tcp.arcada.fi: No answer
after the sync in check of the AD, on DC2 add.
/etc/resolv.conf
nameserver ip_AD-DC2_ITS_OWN_IP
nameserver ip_AD-DC1
search primary.dnsdomain.tld dnsdomain.tld
this is a problem.
> idmap config SAD:range = 500-4000000
Debian system start with unix id from 1000 unless you adjusted the defaults
it adviced to use/start, outside the system range
(cat /etc/adduser.conf)
start with this, after the changes, reboot the DC's.
check that again and after it repeat for the member server.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Harald Hannelius [mailto:harald+samba at arcada.fi]
> Verzonden: woensdag 10 februari 2021 12:36
> Aan: L.P.H. van Belle
> CC: Harald Hannelius; samba at lists.samba.org
> Onderwerp: RE: [Samba] Long time before user shows up on member server
>
>
> On Wed, 10 Feb 2021, L.P.H. van Belle wrote:
>
> > Something in the DNS resolving is off.
>
> You seem to be correct. I seem to have the fqdn for the AD-DCs set in the
> top-level domain.
>
>
>
> > Can you run the following script on all the AD-DCs.
> > and the problem Member server.
> > If you anonymize it, keep the setup structure the same.
> > Like netbios name = HOSTNAME_CAPS_OR_NOT
> > or if realm = internal.domain.tld , use INT.REALM.TLD
> > we need exact as it.
> >
> > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-
> debug-info.sh
>
> AD DC number1:
>
> Collected config --- 2021-02-10-13:27 -----------
>
> Hostname: sad1
> DNS Domain: arcada.fi
> FQDN: sad1.arcada.fi
> ipaddress: 193.167.33.91 2001:708:170:33::91
>
> -----------
>
> Kerberos SRV _kerberos._tcp.arcada.fi record verified ok, sample output:
> Server: 2001:708:170:33::91
> Address: 2001:708:170:33::91#53
>
> Non-authoritative answer:
> *** Can't find _kerberos._tcp.arcada.fi: No answer
>
> Authoritative answers can be found from:
> arcada.fi
> origin = inet-server.arcada.fi
> mail addr = hostmaster.arcada.fi
> serial = 2021020800
> refresh = 7200
> retry = 3600
> expire = 2419200
> minimum = 86400
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.7 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
> link/ether 50:6b:8d:b9:dc:72 brd ff:ff:ff:ff:ff:ff
> inet 193.167.33.91/24 brd 193.167.33.255 scope global ens3
> inet6 2001:708:170:33::91/64 scope global
> inet6 fe80::526b:8dff:feb9:dc72/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 193.167.33.91 sad1.arcada.fi sad1 sad1.sad.arcada.fi
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> search sad.arcada.fi arcada.fi
> nameserver 2001:708:170:33::91
> #nameserver 2001:708:170:33::246
> #nameserver 193.167.33.232
> #nameserver 193.167.33.246
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = SAD.ARCADA.FI
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed,
> try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files systemd
> group: files systemd
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
>
> #log level = 3 passdb:5 auth:10 winbind:3
> #log level = 5
> dns forwarder = 2001:708:170:33::232
> netbios name = SAD1
> realm = SAD.ARCADA.FI
> server role = active directory domain controller
> workgroup = SAD
> idmap_ldb:use rfc2307 = yes
>
> logging = syslog
> syslog = 1
> log level = 1 auth_audit:3 auth_json_audit:3
> #log level = 3 auth_audit:5 auth_json_audit:5
>
> [netlogon]
> path = /var/lib/samba/sysvol/sad.arcada.fi/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
>
> BIND_DLZ not detected in smb.conf
>
> -----------
>
> Installed packages:
> ii acl 2.2.53-4 amd64
> access control list - utilities
> ii attr 1:2.4.48-4 amd64
> utilities for manipulating filesystem extended attributes
> ii krb5-config 2.6 all
> Configuration files for Kerberos Version 5
> ii krb5-locales 1.17-3+deb10u1 all
> internationalization support for MIT Kerberos
> ii krb5-user 1.17-3+deb10u1 amd64
> basic programs to authenticate using MIT Kerberos
> ii libacl1:amd64 2.2.53-4 amd64
> access control list - shared library
> ii libattr1:amd64 1:2.4.48-4 amd64
> extended attribute handling - shared library
> ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries - Support library
> ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> shared library for communication with SMB/CIFS servers
> ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba winbind client library
> ii python-pylibacl 0.5.3-2 amd64
> module for manipulating POSIX.1e ACLs
> ii python-pyxattr 0.6.1-1 amd64
> module for manipulating filesystem extended attributes
> ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64
> Python bindings for Samba
> ii samba 2:4.9.5+dfsg-5+deb10u1 amd64
> SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.9.5+dfsg-5+deb10u1 all
> common files used by both the Samba server and client
> ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba common files used by both the server and the client
> ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Directory Services Database
> ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba core libraries
> ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Virtual FileSystem plugins
> ii smbclient 2:4.9.5+dfsg-5+deb10u1 amd64
> command-line SMB/CIFS clients for Unix
> ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64
> service to resolve user and group information from Windows NT servers
>
> -----------
>
>
> AD DC number2:
>
> Collected config --- 2021-02-10-13:31 -----------
>
> Hostname: sad2
> DNS Domain: sad.arcada.fi
> FQDN: sad2.sad.arcada.fi
> ipaddress: 193.167.33.92 2001:708:170:33::92
>
> -----------
>
> Kerberos SRV _kerberos._tcp.sad.arcada.fi record verified ok, sample
> output:
> Server: 2001:708:170:33::91
> Address: 2001:708:170:33::91#53
>
> _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad1.sad.arcada.fi.
> _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad2.sad.arcada.fi.
> Samba is running as an AD DC
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.7 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
> link/ether 50:6b:8d:29:93:87 brd ff:ff:ff:ff:ff:ff
> inet 193.167.33.92/24 brd 193.167.33.255 scope global ens3
> inet6 2001:708:170:33::92/64 scope global
> inet6 fe80::526b:8dff:fe29:9387/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 193.167.33.91 sad1.arcada.fi sad1
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> search sad.arcada.fi arcada.fi
> nameserver 2001:708:170:33::91
> #nameserver 2001:708:170:33::246
> #nameserver 193.167.33.232
> #nameserver 193.167.33.246
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> dns_lookup_realm = false
> dns_lookup_kdc = true
> default_realm = SAD.ARCADA.FI
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed,
> try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files systemd
> group: files systemd
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = SAD2
> realm = SAD.ARCADA.FI
> server role = active directory domain controller
> workgroup = SAD
>
> logging = syslog
> syslog = 1
> log level = 1 auth_audit:3 auth_json_audit:3
>
> [netlogon]
> path = /var/lib/samba/sysvol/sad.arcada.fi/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> -----------
>
> BIND_DLZ not detected in smb.conf
>
> -----------
>
> Installed packages:
> ii acl 2.2.53-4 amd64
> access control list - utilities
> ii attr 1:2.4.48-4 amd64
> utilities for manipulating filesystem extended attributes
> ii krb5-config 2.6 all
> Configuration files for Kerberos Version 5
> ii krb5-locales 1.17-3+deb10u1 all
> internationalization support for MIT Kerberos
> ii krb5-user 1.17-3+deb10u1 amd64
> basic programs to authenticate using MIT Kerberos
> ii libacl1:amd64 2.2.53-4 amd64
> access control list - shared library
> ii libattr1:amd64 1:2.4.48-4 amd64
> extended attribute handling - shared library
> ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries - Support library
> ii libnss-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba nameservice integration plugins
> ii libpam-krb5:amd64 4.8-2+deb10u1 amd64
> PAM module for MIT Kerberos
> ii libpam-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Windows domain authentication integration plugin
> ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba winbind client library
> ii python-pylibacl 0.5.3-2 amd64
> module for manipulating POSIX.1e ACLs
> ii python-pyxattr 0.6.1-1 amd64
> module for manipulating filesystem extended attributes
> ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64
> Python bindings for Samba
> ii samba 2:4.9.5+dfsg-5+deb10u1 amd64
> SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.9.5+dfsg-5+deb10u1 all
> common files used by both the Samba server and client
> ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba common files used by both the server and the client
> ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Directory Services Database
> ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba core libraries
> ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Virtual FileSystem plugins
> ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64
> service to resolve user and group information from Windows NT servers
>
> -----------
>
>
> Member server:
>
> Collected config --- 2021-02-10-13:32 -----------
>
> Hostname: domus
> DNS Domain: sad.arcada.fi
> FQDN: domus.sad.arcada.fi
> ipaddress: 193.167.33.3 2001:708:170:33::3
>
> -----------
>
> Kerberos SRV _kerberos._tcp.sad.arcada.fi record verified ok, sample
> output:
> Server: 2001:708:170:33::232
> Address: 2001:708:170:33::232#53
>
> Non-authoritative answer:
> _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad2.sad.arcada.fi.
> _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad1.sad.arcada.fi.
>
> Authoritative answers can be found from:
> sad.arcada.fi nameserver = sad2.sad.arcada.fi.
> sad.arcada.fi nameserver = sad1.sad.arcada.fi.
> sad2.sad.arcada.fi has AAAA address 2001:708:170:33::92
> sad1.sad.arcada.fi internet address = 193.167.33.91
> sad2.sad.arcada.fi internet address = 193.167.33.92
> Samba is running as a Unix domain member
>
> -----------
> Checking file: /etc/os-release
>
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
>
> -----------
>
>
> This computer is running Debian 10.7 x86_64
>
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group
> default qlen 1000
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
> UP group default qlen 1000
> link/ether 50:6b:8d:c9:4f:64 brd ff:ff:ff:ff:ff:ff
> inet 193.167.33.3/24 brd 193.167.33.255 scope global ens3
> inet6 2001:708:170:33::3/64 scope global
> inet6 fe80::526b:8dff:fec9:4f64/64 scope link
>
> -----------
> Checking file: /etc/hosts
>
> 127.0.0.1 localhost
> 193.167.33.91 sad1.arcada.fi sad1
> 193.167.33.3 domus.sad.arcada.fi domus
> 2001:708:170:33:3 domus.sad.arcada.fi domus
>
> # The following lines are desirable for IPv6 capable hosts
> ::1 localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
>
> -----------
>
> Checking file: /etc/resolv.conf
>
> domain sad.arcada.fi
> search sad.arcada.fi arcada.fi
> nameserver 2001:708:170:33::232
> nameserver 2001:708:170:33::246
> nameserver 193.167.33.232
> nameserver 193.167.33.246
>
> -----------
>
> Checking file: /etc/krb5.conf
>
> [libdefaults]
> default_realm = SAD.ARCADA.FI
> dns_lookup_realm = false
> dns_lookup_kdc = true
>
> -----------
>
> Checking file: /etc/nsswitch.conf
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed,
> try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files winbind
> group: files winbind
> shadow: files
> gshadow: files
>
> hosts: files dns
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -----------
>
> Checking file: /etc/samba/smb.conf
>
> [global]
>
> log level = 0
> log file = /var/log/samba/log.%m
>
> utmp = yes
>
> workgroup = SAD
> security = ADS
> realm = SAD.ARCADA.FI
>
> winbind refresh tickets = Yes
> vfs objects = acl_xattr
> map acl inherit = Yes
> store dos attributes = Yes
>
>
> dedicated keytab file = /etc/krb5.keytab
> kerberos method = secrets and keytab
> winbind use default domain = yes
> # getent passwd, works without. Remove in prod
> winbind enum users = yes
> winbind enum groups = yes
> # To disable printers completely
> load printers = no
> printing = bsd
> printcap name = /dev/null
> disable spoolss = yes
>
> # Default ID mapping configuration for local BUILTIN accounts
> # and groups on a domain member. The default (*) domain:
> # - must not overlap with any domain ID mapping configuration!
> # - must use a read-write-enabled back end, such as tdb.
> idmap config * : backend = tdb
> #idmap config * : range = 3000-7999
> idmap config * : range = 5000000-9000000
> # - You must set a DOMAIN backend configuration
> # idmap config for the SAD domain
> idmap config SAD:backend = ad
> idmap config SAD:schema_mode = rfc2307
> #idmap config SAD:range = 10000-999999
> idmap config SAD:range = 500-4000000
> idmap config SAD:unix_nss_info = yes
>
> # To use the primary group from getent passwd/ gidNumber on AD LDAP:
> idmap config SAD:unix_primary_group = yes
>
> username map = /etc/samba/user.map
>
> [homes]
> comment = Home Directories
> invalid users = root altiuser
> browseable = no
> read only = no
> create mode = 0604
> directory mode = 0705
> force directory mode = 0705
> guest ok = no
>
> -----------
>
> Running as Unix domain member and user.map detected.
>
> Contents of /etc/samba/user.map
>
> !root = SAD\Administrator
>
> Server Role is set to : auto
>
> -----------
>
> Installed packages:
> ii acl 2.2.53-4 amd64
> access control list - utilities
> ii attr 1:2.4.48-4 amd64
> utilities for manipulating filesystem extended attributes
> ii krb5-config 2.6 all
> Configuration files for Kerberos Version 5
> ii krb5-locales 1.17-3+deb10u1 all
> internationalization support for MIT Kerberos
> ii krb5-user 1.17-3+deb10u1 amd64
> basic programs to authenticate using MIT Kerberos
> ii libacl1:amd64 2.2.53-4 amd64
> access control list - shared library
> ii libattr1:amd64 1:2.4.48-4 amd64
> extended attribute handling - shared library
> ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii libkrb5-3:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries
> ii libkrb5support0:amd64 1.17-3+deb10u1 amd64
> MIT Kerberos runtime libraries - Support library
> ii libnss-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba nameservice integration plugins
> ii libpam-krb5:amd64 4.8-2+deb10u1 amd64
> PAM module for MIT Kerberos
> ii libpam-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Windows domain authentication integration plugin
> ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba winbind client library
> ii python-pylibacl 0.5.3-2 amd64
> module for manipulating POSIX.1e ACLs
> ii python-pyxattr 0.6.1-1 amd64
> module for manipulating filesystem extended attributes
> ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64
> Python bindings for Samba
> ii samba 2:4.9.5+dfsg-5+deb10u1 amd64
> SMB/CIFS file, print, and login server for Unix
> ii samba-common 2:4.9.5+dfsg-5+deb10u1 all
> common files used by both the Samba server and client
> ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba common files used by both the server and the client
> ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Directory Services Database
> ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba core libraries
> ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64
> Samba Virtual FileSystem plugins
> ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64
> service to resolve user and group information from Windows NT servers
>
> -----------
>
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> >> -----Oorspronkelijk bericht-----
> >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Harald
> Hannelius
> >> via samba
> >> Verzonden: woensdag 10 februari 2021 9:30
> >> Aan: Rowland penny; samba at lists.samba.org
> >> Onderwerp: Re: [Samba] Long time before user shows up on member server
> >>
> >>
> >> On Tue, 9 Feb 2021, Harald Hannelius via samba wrote:
> >>>
> >>> On Mon, 8 Feb 2021, Rowland penny via samba wrote:
> >>>
> >>>> On 08/02/2021 12:31, Harald Hannelius via samba wrote:
> >>>>>
> >>>>> I have two Samba-servers acting as ROLE_ACTIVE_DIRECTORY_DC. When
> >> creating
> >>>>> a new user I found out that it takes over 220 seconds before the
> user
> >>>>> shows up using 'getent' in a member-server.
> >>>>>
> >>>>> Is there a way to speed this up a bit?
> >>>>
> >>>> Just because 'getent' doesn't immediately show a user on a Unix
> domain
> >>>> member doesn't mean it isn't available, but if you want to speed
> things
> >> up,
> >>>> run 'net cache flush' before running getent.
> >>>
> >>> Thanks, this helped a bit. The wait time for the user dropped to 116
> >> seconds.
> >>> This might be just luck, I have to wait for some more samples to drop
> >> in.
> >>>
> >>> No nscd running on the member-server.
> >>
> >> Nope, didn't help. I got one user who appeared without looping and
> another
> >> that the script waited 299 seconds for it to appear.
> >>
> >> Should I maybe run 'net cache flush' withing the loop, what if I run it
> >> once
> >> a second?
> >>
> >> --
> >>
> >> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
> >>
> >> --
> >> To unsubscribe from this list go to the following URL and read the
> >> instructions: https://lists.samba.org/mailman/options/samba
> >
> >
> >
> >
>
> --
>
> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
More information about the samba
mailing list