Web lists-archives.com

Re: [Samba] Debugging Samba is a total PITA and this needs to improve

On 21.05.19 15:12, Rowland penny via samba wrote:

> Try reading 'man smb.conf' where you will find this under 'winbind expand groups':
> Be aware that a high value for this parameter can result in system slowdown as the main parent winbindd daemon must perform the group unrolling and will be unable to answer incoming NSS or authentication requests during this time.
> This is possibly why you are having your problem. 

I did read it, and seeing that we weren't running into timeouts, asked
why it would be relevant.

Unsurprisingly, it's not relevant, changing the setting makes no

> We are nowhere near your computers, so can only ask questions and offer
> advice, if you do not like this, have a read here:

If the advice was anywhere *remotely* related to the actual problem
symptoms I'm describing, that'd be *very* nice.

To reiterate:

• Authentication on one member server is broken for some users, no
matter the source (Windows Explorer, wbinfo -a, smbclient)
• DRS replication to one DC seems to be broken for whatever reason
• A *different* DC doesn't show up in some DNS queries

Ignoring all the "but your smb.conf could have problems that you don't
have" chattering, that one member server seems to always use the same DC
for wbinfo -P pings, and apparently also all other requests (why does
Winbind only use *one* DC anyway, to the point of breaking when that
single DC is offline?). That happens to be the DC that's having
replication issues.

Looking further, this is the only member server that uses that DC for
winbind. The authentication problem can also be reproduced on the DC in
question (and only that one). Seems like that's broken, hard.

So, could somebody maybe help with the NT_STATUS_INTERNAL_DB_CORRUPTION
/ DRS replication issue? Or will it be easier to just demote the DC and
provision a new one?

Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas, Systemadministrator
✉ sven.schwedas@xxxxxx | ☎ +43 680 301 7167
TAO Digital   | Teil der TAO Beratungs- & Management GmbH
Lendplatz 45  | FN 213999f/Klagenfurt, FB-Gericht Villach
A8020 Graz    | https://www.tao-digital.at

Attachment: signature.asc
Description: OpenPGP digital signature

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba