Web lists-archives.com

Re: [Samba] winbind service panics "randomly"




On Tue, 13 Nov 2018 18:44:47 +0000
Carlos Jesus via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi all,
> on a recently installed samba file server, the winbind service crashes
> apparently randomly. Every few hours it's necessary to  restart the
> winbind service and then it works for a few more hours. Any ideas are
> welcome. 1) the environment: 2 debian stretch DC's with round-robind
> bind+dhcp with dns-update. 1 fileserver also (AD backend) on debian
> stretch. All on self compiled samba 4.8.5 with, a hopefully thorough,
> reading of the wiki. Several windows 10 and ubuntu clients. About 30
> user accounts. 2) DC smb.conf (for the other DC is basically the
> same) : [global]

>         username map = /usr/local/samba/etc/user.map

You should remove the above line, it has no place in a DC smb.conf, a
DC has idmap.ldb instead.

>         passwd program = /usr/bin/passwd %u

Again the above shouldn't in a DC smb.conf

>         unix password sync = yes

The above definitely shouldn't be in a DC smb.conf, you cannot have
users in /etc/passwd and AD with the same name.

>         dedicated keytab file = /etc/krb5.keytab
>         kerberos method = secrets and keytab
>         winbind refresh tickets = Yes

You only need the above lines if you need access to keytabs for a
mail server, nfs, etc.

>         winbind use default domain = yes

The above line doesn't work on a DC
 
> 3) FileServer smb.conf (stripped of the shares section)
> [global]
>         security = ADS
>         workgroup = EUROHIDRA
>         realm = EUROHIDRA.LOCAL
>         netbios name = EHFS
>         interfaces = lo br0
>         bind interfaces only = yes
>         log file = /var/log/samba/%U.log
>         log level = 2
>         username map = /usr/local/samba/etc/user.map
> 
>         idmap config EUROHIDRA : backend = ad
>         idmap config EUROHIDRA : range = 10000-999999
>         idmap config EUROHIDRA : schema_mode = rfc2307
>         idmap config EUROHIDRA : unix_nss_info = yes
>         idmap config * : backend = tdb
>         idmap config * : range = 3000-7999

I take it that the Domain Users group has a gidNumber inside the
'10000-999999' range and that your users have a uidNumber inside the
same range.

Try changing the log level to '10' and see if anything pops out.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba