Re: [Samba] Samba 4.6.2 member server errors
- Date: Mon, 23 Oct 2017 13:56:27 -0400 (EDT)
- From: Tom Diehl via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Samba 4.6.2 member server errors
On Fri, 20 Oct 2017, Rowland Penny via samba wrote:
On Fri, 20 Oct 2017 17:00:01 -0400 (EDT)
On Mon, 16 Oct 2017, Rowland Penny via samba wrote:
It seems to be treating computers as users (I could be barking up
the wrong tree here), can you post the contents
of /etc/hosts, /etc/hostname, /etc/resolv.conf
and /etc/nsswitch.conf from the domain member
Here you go:
# cat /etc/resolv.conf
search kmg.mydomain.com mydomain.com
I would remove 'mydomain.com' from the search line.
I also take it that '10.224.135.7' is a DC in the 'kmg.mydomain.com',
if it isn't, remove this nameserver.
Yes, 10.224.135.7 is a DC.
The 2 name server ip addresses are the 2 dc's.
# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
172.30.0.8 vfs1.kmg.mydomain.com vfs1
I would remove 'localhost.localdomain', there is no such thing as
# cat /etc/hostname
The hostname should just be 'vfs1', it shouldn't be the FQDN.
# cat /etc/nsswitch.conf
passwd: files winbind
group: files winbind
hosts: files dns myhostname
I would remove 'myhostname'
bootparams: nisplus [NOTFOUND=return] files
services: files sss
netgroup: files sss
aliases: files nisplus
I would remove the two 'sss' instances
I did net cache flush and rebooted. No change. Still getting the kerberos
errors and winbind not going to sleep when no one is in the office.
I am wondering if I were to remove the member server from the domain, delete
the tdb and ldb databases and then rejoin the domain if that would help.
Is there a db that tracks the kerberos information that I could reset?
Besides the added work and the downtime, is there a down side to doing this?
If I understand correctly all of the important information is stored in
the DC's. Is this correct?
I have the following in the smb.conf on the member servers:
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config KMG:backend = ad
idmap config KMG:schema_mode = rfc2307
idmap config KMG:unix_nss_info = yes
idmap config KMG:range = 10000-999999
Any other suggestions?
To unsubscribe from this list go to the following URL and read the