Web lists-archives.com

Re: [Samba] wbinfo -U id gives different users on same dc




Hi Louis,

Thanks for information, find it sometimes is a real challenge. Would you
please share your how to link? I wish to read it.

For the .local domain I suppose I have nothing to do. This is a running
windows Active Directory and it is not possible to change domain suffix.

Here is my /etc/hosts

127.0.0.1 localhost.localdomain localhost
10.254.104.8 wdc04.aa.local wdc04
10.254.105.208 AA-SM2

and /etc/resolv.conf

search aa.local
nameserver 10.254.104.8
nameserver 10.254.104.13

My distribution is Archlinux.

Greetings,
Ozkan


Sure there is,
> Install debian, follow my howto and you will have success.
>
> Just, your using an .local domain, and thats a reserved name for apples
> mDNS (zeroconf)
> And should not be used. ( same for .lan )
> https://wiki.samba.org/index.php/FAQ#Can_I_Use_the_.local_
> Top-level_Domain_for_My_AD_DNS_Zone.3F
> So the info is good, thats not the problem, finding it, is.
>
> Can you post your /etc/hosts and resolv.conf also to be sure these are ok.
> And whats the running OS, thats a nice to know.
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens
> > Özkan Göksu via samba
> > Verzonden: donderdag 15 februari 2018 9:19
> > Aan: Rowland Penny
> > CC: samba@xxxxxxxxxxxxxxx
> > Onderwerp: Re: [Samba] wbinfo -U id gives different users on same dc
> >
> > Thanks for helping me out. It is really appreciated. It is
> > not easy to find
> > out good online information about samba :(
> >
> > My original idea was to keep my understanding of important
> > default options
> > written in smb.conf after full reading of https://www.samba.org/
> > samba/docs/4.7/man-html/smb.conf.5.html.
> >
> > For the "winbind enum users/group" options I added them since
> > smb.conf(5)
> > states some programs behaves oddly if they are not enabled:
> > https://www.samba.org/samba/docs/4.7/man-html/smb.conf.5.html#
> > winbindenumgroups. However I am removing them as you say.
> >
> > For the "dns update command? setting I thought it would solve
> > my dns update
> > problem whenever I try to join Active Directory. My samba
> > version is 4.7.4.
> >
> > [root@AA-SM2 ]# net ads join -U administrator
> > Enter administrator's password:
> > Using short domain name -- AA
> > Joined 'AA-SM2' to dns domain 'aa.local'
> > No DNS domain configured for aa-sm2. Unable to perform DNS Update.
> > DNS update failed: NT_STATUS_INVALID_PARAMETER
> >
> > For the "socket options? setting I read it on the internet which is
> > somewhat considered to be a best practice for samba performance. I am
> > removing it also.
> >
> > BTW there is a long standing issue of mine which I haven?t
> > found an answer.
> > I always see limit warning at smbd service start up. It does
> > no help no
> > matter I set "max open files = 232040? in smb.conf nor
> > /etc/security/limits
> > settings.
> >
> > [2018/02/15 10:39:02.985913,  2] ../source3/param/loadparm.c:
> > 321(max_open_files)
> >   rlimit_max: increasing rlimit_max (1024) to minimum Windows
> > limit (16384)
> > [2018/02/15 10:39:02.986630,  2] ../source3/param/loadparm.c:
> > 2791(lp_do_section)
> >   Processing section "[yenitest]"
> > [2018/02/15 10:39:02.987321,  2] ../source3/lib/interface.c:
> > 345(add_interface)
> >   added interface vlan11 ip=192.168.11.3 bcast=192.168.11.255
> > netmask=255.255.255.0
> > [2018/02/15 10:39:02.987391,  2] ../source3/lib/interface.c:
> > 345(add_interface)
> >   added interface vlan50 ip=10.0.50.4 bcast=10.0.50.255
> > netmask=255.255.255.0
> > [2018/02/15 10:39:02.987439,  2] ../source3/lib/interface.c:
> > 345(add_interface)
> >   added interface enp2s0f0 ip=10.1.60.3 bcast=10.1.60.255
> > netmask=255.255.255.0
> > [2018/02/15 10:39:02.987484,  2] ../source3/lib/interface.c:
> > 345(add_interface)
> >   added interface enp2s0f0 ip=10.1.60.5 bcast=10.1.60.255
> > netmask=255.255.255.0
> > [2018/02/15 10:39:02.987611,  1] ../source3/profile/profile_
> > dummy.c:30(set_profile_level)
> >   INFO: Profiling support unavailable in this build.
> > [2018/02/15 10:39:02.989393,  2] ../source3/passdb/pdb_
> > interface.c:161(make_pdb_method_name)
> >   No builtin backend found, trying to load plugin
> > [2018/02/15 10:39:03.006312,  1] ../source3/smbd/files.c:218(
> > file_init_global)
> >   file_init_global: Information only: requested 232040 open
> > files, 59392
> > are available.
> > [2018/02/15 10:39:03.009324,  0] ../lib/util/become_daemon.c:
> > 124(daemon_ready)
> >   STATUS=daemon 'smbd' finished starting up and ready to
> > serve connections
> > [2018/02/15 10:39:03.009569,  2] ../source3/smbd/server.c:1395(
> > smbd_parent_loop)
> >   waiting for connections
> >
> > Here are my settings in /etc/security/limits.
> >
> > * soft nofile  99000
> > * hard nofile 999000
> > * - memlock unlimited
> > * - nofile 100000
> > * - nproc 32768
> > * - as unlimited
> >
> > @root soft nofile 99000
> > @root hard nofile 999000
> > @root - memlock unlimited
> > @root - nofile 100000
> > @root - nproc 32768
> > @root - as unlimited
> >
> >
> > Again thanks for you help,
> >
> > Ozkan
> >
> >
> > *Özkan GÖKSU* | *Tekn. Geli??tirme* | ozkan.goksu@xxxxxxxxxx
> > <goktug.yildirim@xxxxxxxxxx>
> > C : +90 555 449 88 71 | T : +90 (216) 442 7070 |
> > http://www.usishi.com
> >
> >
> > 2018-02-14 17:26 GMT+02:00 Rowland Penny via samba
> > <samba@xxxxxxxxxxxxxxx>:
> >
> > > On Wed, 14 Feb 2018 16:30:07 +0200
> > > Özkan Göksu <ozkan.goksu@xxxxxxxxxx> wrote:
> > >
> > > > RID solved my problem. But while reading docs I saw new
> > things and I
> > > > changed my smb.conf completely.
> > > > I have read almost every parameter but i'm still not %100 sure.
> > > > Can you do me a last favor?
> > > > Please can you tell me do I have any problem with new smb.conf?
> > > >
> > >
> > > No problems as such, but you don't need these because they
> > are default
> > > settings:
> > >
> > >     winbind nested groups = yes
> > >     encrypt passwords = yes
> > >     strict locking = Auto
> > >     oplocks = yes
> > >     deadtime = 15
> > >     unix charset = UTF-8
> > >     case sensitive = auto
> > >     guest account = nobody
> > >     ntlm auth = no
> > >     client ntlmv2 auth = yes
> > >     kernel change notify = yes
> > >     domain logons = no
> > >     client use spnego = yes
> > >     strict sync = no
> > >
> > > All the next two lines do is make 'getent passwd' & 'getent group'
> > > display a list of all users or groups AND slow things down,
> > you do not
> > > need them:
> > >
> > >     winbind enum users = yes
> > >     winbind enum groups = yes
> > >
> > > The next line is only any good on a Samba DC:
> > >
> > >     dns update command = /usr/sbin/samba_dnsupdate
> > >
> > > You shouldn't really mess with the socket options, that's
> > the kernels
> > > job:
> > >
> > >     socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE
> > >
> > > Rowland
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  https://lists.samba.org/mailman/options/samba
> > >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba