[Samba] wbinfo only lists one DC and idmap troubles

[Andrea Venturoli]

On 1/12/26 11:10, Rowland Penny via samba wrote:

> You are, in my opinion, doing it the wrong way around, your AD clients
> should use the DCs as their nameservers and they should forward
> anything outside the AD dns domain to your Bind9 dns servers.

Hmm...
I cannot find this, but I remember I read a question (probably on this 
list) about what to choose between
a) pointing clients to Samba's internal DNS (which will forward 
everything it doesn't handle to BIND);
b) pointing client to BIND and let it contact Samba's internal DNS for 
AD zones.

The answer was "absolutely go for the latter" for performance reasons.
In any case I can change that, but does it matter WRT this problem?



> Well, yes, that is the way it is supposed to work, your clients contact
> a DC, which finds out the best DC to use and returns that. The 'best'
> DC can change.

So, back to my first question, it's normal that "wbinfo --dc-info 
local.xxxxxxx.it" only lists on DC. Right?



> I think what is happening to you is this:
> Your clients are being told to use a DC,
> You then turn off that DC

No.
The "on maintenance" DC was down before I turned on the client I mainly 
used for testing.



> Your clients cannot find the DC because it is turned off

There was the other DC running fine when the client I used for test was 
turned on.
That's the one winbind listed.



> directory and login shell, so they fall back to the template homedir
> and shell lines in AD and they default to '/home/%D/%U' & /bin/false'.

This is what I thought (winbind was using the templates).



Still, there's some strangeness:
a) at power on there was a good DC and this was listed by "wbinfo 
--dc-info local.xxxxxxx.it";
b) that DC holded the right data, still winbind wasn't getting it!
c) After turning back on the other DC, everything started working again, 
but winbind was still listing the first DC.



  bye & Thanks
	av.