Web lists-archives.com

[Samba] wbinfo -r 'username' displays inconsistent results across DC's




Hello,

    Looking up a users group membership I'm showing different results on each DC. UID and GID mapping appears consistent but not all group membership is displayed. I've verified idmap.ldb is backup up and copied over to the other DC's. I do notice when taking a hot backup of idmap.ldb, the file size is dramatically smaller than the original. Using Microsoft RSAT to view group membership displays consistent results. This behavior is not consistent for all users. Many show consistent results while others do not. DC1 which is the first provisioned DC appears to display all group membership accurately with wbinfo -r.

Ubuntu 14.04LTS

Samba 4.7.5

smb.conf (Consistent across all DC's)

# Global parameters
[global]
        workgroup = DOMAIN
        realm = DOMAIN.LOCAL
        netbios name = DC1
        server role = active directory domain controller
        dns forwarder = 75.75.75.75 208.67.222.222
        idmap_ldb:use rfc2307 = Yes
        server services = -dns

        log file = /usr/local/samba/var/log.samba
        max log size = 5000
        log level = 0 auth_audit:3
        debug timestamp = Yes
        debug uid = Yes
        debug pid = Yes

        load printers = No
        printcap name = /dev/null
        disable spoolss = Yes

        tls enabled  = yes
        tls keyfile  = tls/myKey.pem
        tls certfile = tls/myCert.pem
        tls cafile   =

        ldap server require strong auth = no

[netlogon]
        path = /usr/local/samba/var/locks/sysvol/domain.local/scripts
        read only = No

[sysvol]
        path = /usr/local/samba/var/locks/sysvol
        read only = No


@DC2:~# wbinfo -r james
10000
3000141
3000223
3000224
10031
10004
3000363
3000030
3000004
3000005
3000008
10009
10053
10010
10011
10012
10013
10015
3000031
10034
10032
10033
3000440
10017
3000566
10019
10007
10022
10023
10024
3000009
3000034
3000000

@DC1:~# wbinfo -r james
10000
3000141
3000223
3000224
10031
3000368
3000030
3000004
3000005
3000008
10043
10009
10053
10010
10011
10012
10013
10015
3000031
10034
10032
10033
3000451
10017
10019
10007
10022
10023
10024
10025
10026
10030
10036
10037
10038
10039
10040
3000007
10041
10042
10044
3000515
10045
3000584
3000009
3000034
3000000

--
--
James


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba