Re: [Samba] Debugging Samba is a total PITA and this needs to improve
- Date: Tue, 21 May 2019 17:04:36 +0200
- From: "L.P.H. van Belle via samba" <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Debugging Samba is a total PITA and this needs to improve
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens Sven
> Schwedas via samba
> Verzonden: dinsdag 21 mei 2019 16:44
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: Re: [Samba] Debugging Samba is a total PITA and
> this needs to improve
> On 21.05.19 16:15, L.P.H. van Belle via samba wrote:
> >> Since Cyrus IMAPD cannot query LDAP for group memberships, we
> >> need this to make shared folders work with groups on our
> mail servers.
> >> Useless on this machine, yes, but w/e, we're not seeing
> any performance issues.
> > Huh... Doesn't this work something like : you can put this
> in idmap.conf
> It should work that way, but the current release has a few
> bugs related
> to it, and we still need to have working group ACLs until
> that's working.
Ok, that i dont know. So a good reason to use it.
> >>> You see this note from the script:
> >>> Running as Unix domain member and no user.map detected.
> >>> Where is you user mapping? You dont use SePrivileges?
> >>> Now its not wrong and possible to run it without, but it is
> >> much more work to setup correctly for this.
> >> Where's this documented?
> > https://wiki.samba.org/index.php/Samba_Member_Server_Troubleshooting
> No, I mean SePrivileges in general. What would I want them for?
Old but shows enough: https://www.samba.org/samba/docs/old/Samba3-HOWTO/rights.html
And : https://docs.microsoft.com/en-us/windows/desktop/secauthz/privileges
> >>> Windows and it updates are moving fast
> >> Sure, but not really relevant here, since the member server broke
> >> authentication for all client OSes, not just Windows clients.
> >> `smbclient
> >> -L //localhost` and `wbinfo -a` are just as broken on that
> >> member server.
> > smbclient -L //localhost ???? Come on...
> It has the same results as Windows Explorer and wbinfo -a.
Yes, same in what you "see" but not same in how thing go in the background what you dont see..
> > I'm always amazed how a "localhost" test is compaired with
> a client (remote) test.
> > Again , localhost =! Hostname
> > smbclient -L //hostname.fdqn
> > smbclient -L //hostname
> Same results: Some users work, some don't. Same users affected.
Same users are still only windows clients?
And how are these logging in with : DOM\user or user@REALM ?
> >> Given that DRS replication and DNS are so broken, what'd
> be the best
> >> approach for that? Nuke all DCs except the FSMO role holder,
> >> update that
> >> one, then add new DCs? Or just export all LDAP data and start
> >> over from a clean 4.10 setup?
> > I dont think its broken, i think its functioning wrong due
> to wrong settings.
> Yes, you always think that. ;)
And you dont know how often im right here..
> > Yes, clean setup is nice but not needed really.
> > Make sure you review and have smb.conf adjusted to the
> version of samba your willing to run.
> > Review: https://wiki.samba.org/index.php/Updating_Samba
> Sure, that says:
> > Verify that the directory replication between all DCs
> is working correctly:
> That's already broken before the update:
> https://up.tao.at/u/samba/graz-dc-sem.txt (FSMO role holder)
> Similarly, if I do "samba-tool dbcheck --cross-ncs" without yet
> upgrading, to see in what state the DBs are:
> Doesn't look particularly healthy to me.
No, but its not that bad as far i can see.
Argg. I have to to thing here now, move workspaces..
Sync graz-dc-sem to VILLACH-DC-BIS ( full sync )
Wait 5 min, check again.
Verify this GUID: e70407fd-019e-42f8-a60d-4504d2df230c
In zone _msdc. Check it compleet.
Not fixing old string component << old ... ( keyword )
I expect that your problem for the sinc is in that area..
I have to go.
I nobody help you out today, i'll help you tomorrow while i'll build new samba packages..
Ps. You should have updated/cleanup you config a bit more since nov 2017. i hardly changed..
To unsubscribe from this list go to the following URL and read the