Web lists-archives.com

Re: [Samba] Samba AD - Issue with winbindd: Could not write result




Il 22/06/2017 15:30, Rowland Penny via samba ha scritto:
On Thu, 22 Jun 2017 14:47:36 +0200
Marco Coli via samba <samba@xxxxxxxxxxxxxxx> wrote:

Hello,

I have the same problems outlined in this old thread...
Only difference the original poster was on RHEL6.X, I am on RHEL7, he
compiled samba on its own, I used Sernet Samba (latest)...

Unfortunately there is no solution on this thread. Suggestions?

Thank you

Yikes, that was from nearly two years ago.

Can you post:
/etc/resolv.conf
/etc/hostname
/etc/hosts
If using Bind9, its conf files
/etc/samba/smb.conf
/etc/krb5.conf

Rowland


Yes very old, but it is the only similar problem (quite identical) I did find.

Thank you for your interest, here we are:
cat /etc/resolv.conf
# Generated by NetworkManager
search niccolai.local
nameserver 10.0.0.253
----
[root@nic-mail ~]# cat /etc/hostname
nic-mail
----
[root@nic-mail ~]# cat /etc/hosts
10.0.0.253 nic-mail mail.niccolaitrafile.it nic-server-mail nic-mail.niccolai.local nic-server-mail.niccolai.local sogo.niccolaitrafile.it 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
____

[root@nic-mail ~]# cat /etc/named.conf
include "/etc/rndc.key";
# include "/var/lib/samba/private/named.conf";
include "/etc/named.conf.samba";

//
// named.conf for Red Hat caching-nameserver
//

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
        tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
         // query-source address * port 53;
//        forward first;
//        forwarders {
//              8.8.8.8;
//              8.8.4.4;
#                151.99.125.2;
#               151.99.250.2;
#                213.92.5.54;
#                194.185.88.5;
#                151.99.125.3;
 //               };

};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost; } keys { rndc-key; };
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "localhost" IN {
        type master;
        file "localhost.zone";
        allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
        type master;
        file "named.local";
        allow-update { none; };
};

zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
        type master;
        file "named.ip6.local";
        allow-update { none; };
};

//zone "255.in-addr.arpa" IN {
//      type master;
//      file "named.broadcast";
//      allow-update { none; };
// };

//zone "0.in-addr.arpa" IN {
//      type master;
//      file "named.zero";
//      allow-update { none; };
//};

#zone "niccolai" IN {
#        type master;
#        file "niccolai";
#        allow-update { key "rndckey" ; };
##        allow-transfer { 10.0.0.19; };
##        notify yes;
#};
#zone "10.in-addr.arpa" IN {
#        type master;
#        file "10.in-addr.arpa";
#        allow-update { key "rndckey" ; };
##        allow-transfer { 10.0.0.19; };
##        notify yes;
#};

zone "niccolai.homelinux.org" IN {
       type master;
        file "homelinux";
        allow-update { none; };
#        allow-transfer { 10.0.0.19; };
        notify yes;
};

zone "niccolaitrafile.it" IN {
       type master;
        file "niccolaitrafile.it";
        allow-update { none; };
#        allow-transfer { 10.0.0.19; };
#        notify yes;
};
--------
[root@nic-mail ~]# cat /etc/named.conf.
named.conf.DISTRIB  named.conf.rpmnew   named.conf.samba
[root@nic-mail ~]# cat /etc/named.conf.samba
# This DNS configuration is for BIND 9.8.0 or later with dlz_dlopen support.
#
# This file should be included in your main BIND configuration file
#
# For example with
# include "/var/lib/samba4/private/named.conf";

#
# This configures dynamically loadable zones (DLZ) from AD schema
# Uncomment only single database line, depending on your BIND version
#
dlz "AD DNS Zone" {
#dlz "niccolai.local" {
    # For BIND 9.8.0
    # database "dlopen /usr/lib64/samba/bind9/dlz_bind9.so";

    # For BIND 9.9.0
     database "dlopen /usr/lib64/samba/bind9/dlz_bind9_9.so";
};

----

[root@nic-mail ~]# cat /etc/samba/smb.conf
# Global parameters
[global]
        workgroup = NICCOLAI
        realm = niccolai.local
        netbios name = NIC-MAIL
        server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate
#       idmap_ldb:use rfc2307 = yes
        interfaces = 127.0.0.1 10.0.0.253
        bind interfaces only = yes
        unix extensions = yes
        allow insecure wide links = Yes
        # Inseriti per evitare blocco per troppi files aperti
#       deadtime = 20
#       max open files = 490000
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=120 TCP_KEEPINTVL=10 TCP_KEEPCNT=5
        ldap server require strong auth = no
# Aggiunto da TT 13/6
##        client use spnego = no
##       client ntlmv2 auth = no
##        client ipc max protocol = NT1
# Aggiunto da TT 19/6
##      client ldap sasl wrapping = plain

[netlogon]
        path = /var/lib/samba/sysvol/niccolai.local/scripts
        read only = No

[sysvol]
        path = /var/lib/samba/sysvol
        read only = No

[profiles]
        path = /archivi/samba/profiles
        read only = no

[dati]
        comment = Directory di lavoro
        path = /archivi/samba/dati
        read only = no
        wide links = yes

[Com]
        comment= Commesse
        path = /archivi/samba/dbcommesse
        read only = No
        public = yes
        wide links = yes

[Scambio]
        comment= Scambio
        path = /archivi/samba/scambio
        read only = No
        writeable = yes

[Acquisti]
        path = /archivi/samba/acquisti
        read only = No
        wide links = yes

[Commerciale]
        path = /archivi/samba/commerciale
        read only = no
        wide links = yes

[Contabilita]
        path = /archivi/samba/contabilita
        read only = no

[Tecnico]
        path = /archivi/samba/tecnico
        read only = no

[Amministrazione]
        path = /archivi/samba/amministrazione
        read only = no

[Info$]
        path = /archivi/samba/informatica
        read only = no
        wide links = yes

[manuali]
        path = /archivi/samba/manuali
        read only = no
        wide links = yes

[officina]
        path = /archivi/samba/officina
        read only = no

[magazzino_inserti]
        path = /archivi/samba/MAGAZZINO_INSERTI
        read only = no

[Foto]
        path = /archivi/samba/foto
        read only = no
        wide links = yes

[Contenit]
        path = /archivi/samba/contenitori
        read only = no
        wide links = yes

#[Backup]
#        path = /BACKUP
#        browseable = yes
#       read only = no
#        read only = yes
#       vfs objects = acl_xattr

[Collaudo]
        path = /archivi/samba/collaudo
        read only = no
#       vfs objects = acl_xattr

[Certificati_conformita]
        path = /archivi/samba/certificati_conformita
        read only = no

[Manuali_Macchine]
        path = /archivi/samba/MANUALI_MACCHINE
        read only = no
        wide links = yes

[Deployment]
        path = /archivi/samba/DEPLOYMENT
        read only = no
        guest ok = yes

-----
[root@nic-mail ~]# cat /etc/krb5.conf
[libdefaults]
        default_realm = NICCOLAI.LOCAL
        dns_lookup_realm = false
        dns_lookup_kdc = true


After some hours the services are down, the output of wbinfo -u becomes empty, and some weird login/share problems begin.
If I restart the services (systemctl restart sernet-samba-ad ) all is ok.

It worked flawlessy for years, until 15 days ago... The server is updated with latest kernel and latest samba:
[root@nic-mail ~]# uname -a
Linux nic-mail 3.10.0-514.21.2.el7.x86_64 #1 SMP Sun May 28 17:08:21 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@nic-mail ~]# rpm -qa |grep samba
sernet-samba-libsmbclient0-4.6.5-8.el7.x86_64
sernet-samba-4.6.5-8.el7.x86_64
sernet-samba-libs-4.6.5-8.el7.x86_64
sernet-samba-common-4.6.5-8.el7.x86_64
sernet-samba-client-4.6.5-8.el7.x86_64
sernet-samba-ad-4.6.5-8.el7.x86_64
sernet-samba-winbind-4.6.5-8.el7.x86_64

Thank you!





--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba