Hello all, Samba Version 4.1.21 on 8 servers as member servers configured with idmap_ad. I have all the RFC2307 attributes configured for every user, and group. I wrote a script to ensure that. I have scripts in place to make sure I don't have duplicates, show users without attributes, etc. I also filter out the users I don't want to see by placing them outside of the range set aside for idmap_ad, and outside of the range used by samba. In the last few weeks users belong to domain users group quit working. Only users who have been previously added to domain admins show up with getent passwd. All groups show up. I know this had to be a change at the active directory level because it was working. Suddenly each server just stopped working like a domino effect at different days all within the same week. If I temporarily add a user to domain admins, and then remove that access it fixes the problem. Even if I reboot the server the user remains fixed so it's not just a temporary issue. Has anyone ever seen anything like this? I am willing to upgrade to a newer samba version. I am just trying for my own sanity to figure out what may have caused the issue when things have been working for months without issue. Joe Maloney
On 26/01/16 18:48, Joe Maloney wrote:> Hello all, > Samba Version 4.1.21 on 8 servers as member servers configured with > idmap_ad. I have all the RFC2307 attributes configured for every user, and > group. I wrote a script to ensure that. I have scripts in place to make > sure I don't have duplicates, show users without attributes, etc. I also > filter out the users I don't want to see by placing them outside of the > range set aside for idmap_ad, and outside of the range used by samba. > > In the last few weeks users belong to domain users group quit working. > Only users who have been previously added to domain admins show up with > getent passwd. All groups show up. I know this had to be a change at the > active directory level because it was working. Suddenly each server just > stopped working like a domino effect at different days all within the same > week. > > If I temporarily add a user to domain admins, and then remove that access > it fixes the problem. Even if I reboot the server the user remains fixed > so it's not just a temporary issue. Has anyone ever seen anything like > this? I am willing to upgrade to a newer samba version. I am just trying > for my own sanity to figure out what may have caused the issue when things > have been working for months without issue. > > Joe MaloneyI think you need to give us some more info, what are the DCs running ? can we see a smb.conf from the member servers, this type of thing. Rowland
The DC's are running Windows Server 2012R2. The directory itself has RFC2307 attributes. The file servers are running FreeBSD with Samba 4.1. These are just member servers not joined as domain controllers. I have tried to upgrade to samba 4.2, and samba 4.3 as a test with no difference. Here is a peak at the smb4.conf via pastebin. http://pastebin.com/Ai14LREW Joe Maloney On Tue, Jan 26, 2016 at 1:35 PM, Rowland penny <rpenny at samba.org> wrote:> On 26/01/16 18:48, Joe Maloney wrote: > >> Hello all, >> Samba Version 4.1.21 on 8 servers as member servers configured with >> idmap_ad. I have all the RFC2307 attributes configured for every user, >> and >> group. I wrote a script to ensure that. I have scripts in place to make >> sure I don't have duplicates, show users without attributes, etc. I also >> filter out the users I don't want to see by placing them outside of the >> range set aside for idmap_ad, and outside of the range used by samba. >> >> In the last few weeks users belong to domain users group quit working. >> Only users who have been previously added to domain admins show up with >> getent passwd. All groups show up. I know this had to be a change at the >> active directory level because it was working. Suddenly each server just >> stopped working like a domino effect at different days all within the same >> week. >> >> If I temporarily add a user to domain admins, and then remove that access >> it fixes the problem. Even if I reboot the server the user remains fixed >> so it's not just a temporary issue. Has anyone ever seen anything like >> this? I am willing to upgrade to a newer samba version. I am just trying >> for my own sanity to figure out what may have caused the issue when things >> have been working for months without issue. >> >> Joe Maloney >> > > I think you need to give us some more info, what are the DCs running ? can > we see a smb.conf from the member servers, this type of thing. > > Rowland > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >