[Samba] Linux workstations lose relationship with domain
Denis Morejon
denis.morejon at etecsa.cu
Mon Mar 22 20:46:26 UTC 2021
We have 4.7.4 because we installed It about 4 years ago. Then, a year
later, i tried to update to 4.8 compiling over the 4.7.4 version and
using samba-tool dbcheck --fix. But as result I lost some objects and a
lot of workstations lost their relationship with the domain. So I had to
go back (Using a previous Snapshot) because there were many computers.
So we postponed this action and It took us a LONG time.
But we want to know if It happens because we need a stronger db backend
like mysql or postgresql to store all this objects, instead of having
the db in a file (Like It is as default). We do not know if we just need
one dc and not two, in order to avoid data synchronization, or simply
update to the last samba using the way you advised.
500 pc members and their users are too much for a simple samba domain?
Here the DC1 smb.conf
# Global parameters
[global]
netbios name = DC1
realm = DTCF.ETECSA.CU
server role = active directory domain controller
workgroup = DTCF
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = No
ntlm auth = yes
dns forwarder = 192.168.91.16 192.168.91.4
log level = 1 auth_audit:3
log file = /var/log/samba/samba.log
[netlogon]
path = /usr/local/samba/var/locks/sysvol/dtcf.etecsa.cu/scripts
read only = No
#acl_xattr:ignore system acls = yes
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
#acl_xattr:ignore system acls = yes
Here a file server smb.conf:
[global]
netbios name = filespace
workgroup = DTCF
security = ADS
realm = DTCF.ETECSA.CU
encrypt passwords = yes
#idmap config *:backend = rid
idmap config *:range = 100000-200000
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
log level = 1
log file = /var/log/samba/samba.log
[rcompartidos]
comment = Recursos Compartidos de Usuarios
path = /home/samba/shares/rcompartidos
browseable = Yes
read only = No
force create mode = 0660
force directory mode = 0660
vfs objects = acl_xattr full_audit
full_audit:prefix = %u|%I|%S
full_audit:facility = local7
#full_audit:success = mkdir rename unlink rmdir pwrite open
full_audit:success = mkdir rename unlink rmdir pwrite
full_audit:failure = none
full_audit:priority = NOTICE
El 22/3/21 a las 14:22, Rowland penny via samba escribió:
> On 22/03/2021 17:41, Denis Morejon via samba wrote:
>> Hi:
>>
>> I have two domain controllers. dc1 and dc2. They both with debian 10
>> and samba 4.7.4 installed from source.
>
>
> Got to ask why 4.7.4 ? Debian 10 come with 4.9.5
>
>> And working find since a long time. Since a month ago some time a
>> group of linux workstations lost domain's computer account a we had
>> to re-join It. This have been happing each two weeks. I don't know
>> what's the error. samba-tool dbcheck returns some warning:
>>
>> root at dc2:~# samba-tool dbcheck
>> Checking 7283 objects
>> NOTE: old (due to rename or delete) DN string component for
>> lastKnownParent in object CN=SRVFACT-HP LaserJet 1200
>> 0016448924\0ADEL:ff58fad6-9740-46a2-9387-13ae3adc7e0c,CN=Deleted
>> Objects,DC=dtcf,DC=etecsa,DC=cu -
>> <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu
>> Not fixing old string component
>
>
> they are deleted objects
>
> I would suggest you update Samba on the DC's (probably best to do this
> by adding new DC's and demoting the old ones after). You can find the
> latest Samba here: https://apt.van-belle.nl/
>
> Can you post your smb.conf files, one from a DC and another from one
> of the Unix domain members.
>
> Rowland
>
>
>
>
More information about the samba
mailing list