Mark Nienberg
2017-Dec-31 00:18 UTC
[Samba] inconsistent winbind on upgraded member server
I upgraded a domain member server from 4.5.5 to 4.6.2. After some initial tests, where everything seemed to be working fine, I upgraded the OS from CentOS 7.3 to 7.4. Now I have intermittent problems with domain users trying to log in to the member server over ssh. After a bunch of troubleshooting I determined that winbind sometimes returns the user home directory and shell incorrectly and sometimes returns it correctly. I think the problem is best illustrated like this: [mark at nikola ~]$ wbinfo -i mark mark:*:500:513:Mark Nienberg:/home/STA/mark:/bin/false <--- wrong [mark at nikola ~]$ finger mark Login: mark Name: Mark Nienberg Directory: /home/mark Shell: /bin/bash <-- correct [mark at nikola ~]$ wbinfo -i mark mark:*:500:513:Mark Nienberg:/home/mark:/bin/bash <-- now correct! Results seem to continue to be correct for an hour or so, then they revert to incorrect. Here is part of smb.conf [global] workgroup = STA security = ADS realm = TIPPING.LAN idmap config *:backend = tdb idmap config *:range = 70001-80000 idmap config STA:backend = ad idmap config STA:schema_mode = rfc2307 idmap config STA:range = 500-70000 # after upgrade to 4.6 series, comment out the following #winbind nss info = rfc2307 # after upgrade to 4.6 series, uncomment the following idmap config STA:unix_nss_info = yes vfs objects = acl_xattr map acl inherit = Yes interfaces = ens192 lo bind interfaces only = yes store dos attributes = Yes winbind use default domain = yes winbind enum users = yes winbind enum groups = yes Any ideas appreciated. Mark