[Samba] Linux workstations lose relationship with domain

Denis Morejon denis.morejon at etecsa.cu
Mon Mar 22 20:46:26 UTC 2021


We have 4.7.4 because we installed It about 4 years ago. Then, a year 
later, i tried  to update to 4.8 compiling over the 4.7.4 version and 
using samba-tool dbcheck --fix. But as result I lost some objects and a 
lot of workstations lost their relationship with the domain. So I had to 
go back (Using a previous Snapshot) because there were many computers. 
So we postponed this action and It took us a LONG time.

But we want to know if It happens because we need a stronger db backend 
like mysql or postgresql to store all this objects, instead of having 
the db in a file (Like It is as default). We do not know if we just need 
one dc and not two, in order to avoid data synchronization, or simply 
update to the last samba using the way you advised.

500 pc members and their users are too much for a simple samba domain?

Here the DC1 smb.conf

# Global parameters
[global]
         netbios name = DC1
         realm = DTCF.ETECSA.CU
         server role = active directory domain controller
         workgroup = DTCF

         idmap_ldb:use rfc2307 = yes
         ldap server require strong auth = No
         ntlm auth = yes

         dns forwarder = 192.168.91.16 192.168.91.4

         log level = 1 auth_audit:3
         log file = /var/log/samba/samba.log


[netlogon]
         path = /usr/local/samba/var/locks/sysvol/dtcf.etecsa.cu/scripts
         read only = No
         #acl_xattr:ignore system acls = yes
[sysvol]
         path = /usr/local/samba/var/locks/sysvol
         read only = No
         #acl_xattr:ignore system acls = yes


Here a file server smb.conf:

[global]

    netbios name = filespace
    workgroup = DTCF
    security = ADS
    realm = DTCF.ETECSA.CU
    encrypt passwords = yes

    #idmap config *:backend = rid
    idmap config *:range = 100000-200000

    winbind use default domain = yes
    winbind enum users  = yes
    winbind enum groups = yes

    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

    log level = 1
    log file = /var/log/samba/samba.log

[rcompartidos]
   comment = Recursos Compartidos de Usuarios
   path = /home/samba/shares/rcompartidos
   browseable = Yes
   read only = No
   force create mode = 0660
   force directory mode = 0660
   vfs objects = acl_xattr full_audit
   full_audit:prefix = %u|%I|%S
   full_audit:facility = local7
   #full_audit:success = mkdir rename unlink rmdir pwrite open
   full_audit:success = mkdir rename unlink rmdir pwrite
   full_audit:failure = none
   full_audit:priority = NOTICE



El 22/3/21 a las 14:22, Rowland penny via samba escribió:
> On 22/03/2021 17:41, Denis Morejon via samba wrote:
>> Hi:
>>
>> I have two domain controllers. dc1 and dc2. They both with debian 10 
>> and samba 4.7.4 installed from source. 
>
>
> Got to ask why 4.7.4 ? Debian 10 come with 4.9.5
>
>> And working find since a long time. Since a month ago some time a 
>> group of linux workstations lost domain's computer account a we had 
>> to re-join It. This have been happing each two weeks. I don't know 
>> what's the error. samba-tool dbcheck returns some warning:
>>
>> root at dc2:~# samba-tool dbcheck
>> Checking 7283 objects
>> NOTE: old (due to rename or delete) DN string component for 
>> lastKnownParent in object CN=SRVFACT-HP LaserJet 1200 
>> 0016448924\0ADEL:ff58fad6-9740-46a2-9387-13ae3adc7e0c,CN=Deleted 
>> Objects,DC=dtcf,DC=etecsa,DC=cu - 
>> <GUID=6c10d77d-fedc-4931-a01b-28d4a5e2484f>;<SID=S-1-5-21-1294415360-3796152602-1730644256-3104>;CN=SRVFACT,OU=Servers,DC=dtcf,DC=etecsa,DC=cu
>> Not fixing old string component
>
>
> they are deleted objects
>
> I would suggest you update Samba on the DC's (probably best to do this 
> by adding new DC's and demoting  the old ones after). You can find the 
> latest Samba here: https://apt.van-belle.nl/
>
> Can you post your smb.conf files, one from a DC and another from one 
> of the Unix domain members.
>
> Rowland
>
>
>
>


More information about the samba mailing list