Web lists-archives.com

Re: [Samba] net ads and wbinfo are painfully slow -- but they work

On Tue, 31 Jan 2017 14:24:09 -0800
Chris Stankevitz <chrisstankevitz@xxxxxxxxx> wrote:

> On Tue, Jan 31, 2017 at 12:36 PM, Rowland Penny via samba
> <samba@xxxxxxxxxxxxxxx> wrote:
> > time net ads testjoin
> > Join is OK
> >
> > real    0m0.476s
> > user    0m0.108s
> > sys     0m0.008s
> Yes, I know... I have a similar setup (same version of samba, same
> hardware, same OS but a different windows domain on a different
> network) that is working fine.
> > Is the Windows AD DC running a dns server ?
> > Does the Unix client have the AD DC as its nameserver ?
> Yes and yes.  If I didn't have that, I'm not sure how samba could have
> joined the domain given my configuration.  (But I don't understand
> what is going on under the hood.)
> > Can you post your /etc/resolv.conf and /etc/hosts
> Config files posted below.  But first an exciting hint:
> When I try to ssh into the box while samba utilities (like "net ads"
> and "wbinfo") are frozen -- the ssh login is also frozen until
> everything is released.  Maybe nsswitch I fouled.
> /etc/resolv.conf:
> root@nickel:~ # cat /etc/resolv.conf
> nameserver
> nameserver
> domain mydomain.local

I take it at least one of the above nameservers is the AD DC, is the
other another AD DC ? If it isn't, then remove it. If they are both
DCs, try changing the order.
I would also change the 'domain mydomain.local' to 'search
Is a firewall getting in the way ?

> /etc/hosts:
>               localhost localhost.mydomain.local
>            nickel.mydomain.local nickel
>             iron.mydomain.local iron

I take it the machine has a fixed IP and as you are relying on dns to
find the DC (as you should), you do not need the line that starts

Can you ping the DC from 'nickel', both by IP and name ?

Is winbind actually running ?


To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba