Web lists-archives.com

Re: [Samba] Samba 4.6.2 member server errors




On Fri, 20 Oct 2017, Rowland Penny via samba wrote:

On Fri, 20 Oct 2017 17:00:01 -0400 (EDT)
me@xxxxxxxxxx wrote:

On Mon, 16 Oct 2017, Rowland Penny via samba wrote:
It seems to be treating computers as users (I could be barking up
the wrong tree here), can you post the contents
of /etc/hosts, /etc/hostname, /etc/resolv.conf
and /etc/nsswitch.conf from the domain member

Here you go:

# cat /etc/resolv.conf
search kmg.mydomain.com mydomain.com
nameserver 172.30.0.7
nameserver 10.224.135.7


I would remove 'mydomain.com' from the search line.

Done

I also take it that '10.224.135.7' is a DC in the 'kmg.mydomain.com',
if it isn't, remove this nameserver.

Yes, 10.224.135.7 is a DC.



The 2 name server ip addresses are the 2 dc's.

# cat /etc/hosts

127.0.0.1    localhost localhost.localdomain
172.30.0.8    vfs1.kmg.mydomain.com vfs1

I would remove 'localhost.localdomain', there is no such thing as
'localdomain'

Done




# cat /etc/hostname
vfs1.kmg.mydomain.com

The hostname should just be 'vfs1', it shouldn't be the FQDN.


# cat /etc/nsswitch.conf
passwd:     files winbind
shadow:     files
group:      files winbind

hosts:      files dns myhostname

I would remove 'myhostname'

Done



bootparams: nisplus [NOTFOUND=return] files
ethers:     files
netmasks:   files
networks:   files
protocols:  files
rpc:        files
services:   files sss

netgroup:   files sss

publickey:  nisplus

automount:  files
aliases:    files nisplus


I would remove the two 'sss' instances

Done

I did net cache flush and rebooted. No change. Still getting the kerberos
errors and winbind not going to sleep when no one is in the office.

I am wondering if I were to remove the member server from the domain, delete
the tdb and ldb databases and then rejoin the domain if that would help.

Is there a db that tracks the kerberos information that I could reset?

Besides the added work and the downtime, is there a down side to doing this?
If I understand correctly all of the important information is stored in
the DC's. Is this correct?

I have the following in the smb.conf on the member servers:

idmap config * : backend = tdb idmap config * : range = 3000-7999

idmap config KMG:backend = ad idmap config KMG:schema_mode = rfc2307 idmap config KMG:unix_nss_info = yes idmap config KMG:range = 10000-999999

Any other suggestions?

Regards,

--
Tom			me@xxxxxxxxxx

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba