Hi guys!!
I'm facing problem with Samba 4 + winbind that I spent some days to solve
that without success and I'll appreciate any help.
I self compile samba 4 and apparently everything is working fine. I installed
samba on six distributed servers at remote branch offices and all users, groups,
dns and other components are replicating with success.
But last week I saw that windind cache was not been updated and when I try to
get users and groups with getent command, new members is not shown.
I tried some tricks and tips that I found in several websites and forums, but
nothing is working. Yesterday I tried to flush winbind cache with command:
net cache flush
All winbind cache has been erased, but is not updated and now I don't have
any users and groups when I try to get with getent command.
I read in the winbind manual that when I restart the daemon, all cache is erased
and updated, but this not happens. I'm not found where winbind saves its
cache!
My wbinfo listing correctly:
# wbinfo -u
LOVATO\rafael
LOVATO\xl.teste
LOVATO\dns-movd-gcp-007
LOVATO\dns-movd-mgf-001
LOVATO\dns-movd-gcp-006
LOVATO\administrator
LOVATO\xl.teste1
LOVATO\squid
LOVATO\krbtgt
LOVATO\guest
LOVATO\roger
wbinfo -g
LOVATO\cert publishers
LOVATO\ras and ias servers
LOVATO\allowed rodc password replication group
LOVATO\denied rodc password replication group
LOVATO\dnsadmins
LOVATO\enterprise read-only domain controllers
LOVATO\domain admins
LOVATO\domain users
LOVATO\domain guests
LOVATO\domain computers
LOVATO\domain controllers
LOVATO\schema admins
LOVATO\enterprise admins
LOVATO\group policy creator owners
LOVATO\read-only domain controllers
LOVATO\dnsupdateproxy
LOVATO\teste
LOVATO\proxynivel1
LOVATO\proxynivel2
LOVATO\proxynivel3
My smb.conf
[global]
workgroup = LOVATO
realm = LOVATO.INTRANET
netbios name = LVT-006
server role = active directory domain controller
passdb backend = samba_dsdb
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind,
ntp_signd, kcc, dnsupdate
rpc_server:tcpip = no
rpc_daemon:spoolssd = embedded
rpc_server:spoolss = embedded
rpc_server:winreg = embedded
rpc_server:ntsvcs = embedded
rpc_server:eventlog = embedded
rpc_server:srvsvc = embedded
rpc_server:svcctl = embedded
rpc_server:default = external
#IDMAP
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
idmap config *:range = 70001-80000
idmap config LOVATO:backend = ad
idmap config LOVATO:schema_mode = rfc2307
idmap config LOVATO:range = 500-40000
#WINBIND
winbind nss info = rfc2307
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 10
winbind refresh tickets = yes
map archive = No
map readonly = no
store dos attributes = Yes
vfs objects = dfs_samba4, acl_xattr
template shell = /bin/bash
#DESABILITANDO AS IMPRESSORAS
printcap name = /dev/null
printcap name = /dev/null
load printers = no
disable spoolss = yes
disable spoolss = yes
printing = bsd
### LOGS
log file = /var/log/samba/smbd.log
max log size = 50
log level = 10
vfs objects = recycle full_audit
### LIXEIRA
recycle:repository = Lixeira
recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~*
recycle:keeptree = yes
full_audit:success = rmdir mkdir open write rename unlink
full_audit:failure = rmdir mkdir open write rename unlink
full_audit:prefix = %U|%I|%m|%S
full_audit:failure = none
full_audit:facility = local5
full_audit:priority = notice
veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif
delete veto files = yes
dos filemode = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
My krb5.conf
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = LOVATO.INTRANET
dns_lookup_realm = true
dns_lookup_kdc = true
ticket_lifetime = 24h
forwardable = yes
[realm]
LOVATO.INTRANET = {
kdc = lvt-006.lovato.intranet:88
default_domain = lovato.intranet
}
[domain_realm]
.lovato.intranet = LOVATO.INTRANET
lovato.intranet = LOVATO.INTRANET
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
My nsswitch.conf
passwd: files sss winbind
shadow: files sss
group: files sss winbind
Processes:
named 847 0.0 1.8 558900 68924 ? Ssl Feb02 0:15 /usr/sbin/named
-u named -4
root 1543 0.0 1.1 585920 45312 ? Ss Feb02 0:00
/usr/local/samba/sbin/samba -D
root 1544 0.0 0.8 585920 32304 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1557 0.0 1.2 637780 48844 ? Ss Feb02 0:00 | \_
/usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
root 1561 0.0 0.8 632284 32224 ? S Feb02 0:00 | \_
/usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
root 1562 0.0 0.8 632308 32204 ? S Feb02 0:00 | \_
/usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes
--foreground
root 1545 0.3 1.0 592616 38832 ? S Feb02 2:41 \_
/usr/local/samba/sbin/samba -D
root 1546 0.0 0.8 585920 33624 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1547 0.0 0.8 585920 32184 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1548 0.0 0.9 585920 34680 ? S Feb02 0:01 \_
/usr/local/samba/sbin/samba -D
root 1549 0.0 0.8 585920 33852 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1550 0.0 0.9 592208 37212 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1551 0.1 0.9 594688 37676 ? S Feb02 1:01 \_
/usr/local/samba/sbin/samba -D
root 1552 0.0 0.8 585920 32304 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1553 0.0 1.2 609256 47364 ? Ss Feb02 0:02 | \_
/usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes
--foreground
root 1560 0.0 0.9 616864 35820 ? S Feb02 0:32 | \_
/usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes
--foreground
root 1564 0.0 0.9 610668 35372 ? S Feb02 0:00 | \_
/usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes
--foreground
root 1569 0.0 0.9 616996 35576 ? S Feb02 0:00 | \_
/usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes
--foreground
root 1554 0.0 0.8 585920 32340 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1555 0.0 1.1 585920 42976 ? S Feb02 0:00 \_
/usr/local/samba/sbin/samba -D
root 1556 0.0 0.8 585920 33328 ? S Feb02 0:01 \_
/usr/local/samba/sbin/samba -D
Version:
# samba -V
Version 4.5.3
There is anyway to force winbind update?
Try changing your nsswitch.conf to passwd: files winbind sss shadow: files sss group: files winbind sss now do. net cache flush restart winbind wbinfo -u wbinfo -g getent passwd username getent passwd groupname Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roger Lovato via > samba > Verzonden: vrijdag 3 februari 2017 14:21 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Problems with winbind cache > > Hi guys!! > > > I'm facing problem with Samba 4 + winbind that I spent some days to solve > that without success and I'll appreciate any help. > > > I self compile samba 4 and apparently everything is working fine. I > installed samba on six distributed servers at remote branch offices and > all users, groups, dns and other components are replicating with success. > > > But last week I saw that windind cache was not been updated and when I try > to get users and groups with getent command, new members is not shown. > > > I tried some tricks and tips that I found in several websites and forums, > but nothing is working. Yesterday I tried to flush winbind cache with > command: > > > net cache flush > > > All winbind cache has been erased, but is not updated and now I don't have > any users and groups when I try to get with getent command. > > > I read in the winbind manual that when I restart the daemon, all cache is > erased and updated, but this not happens. I'm not found where winbind > saves its cache! > > > My wbinfo listing correctly: > > > # wbinfo -u > LOVATO\rafael > LOVATO\xl.teste > LOVATO\dns-movd-gcp-007 > LOVATO\dns-movd-mgf-001 > LOVATO\dns-movd-gcp-006 > LOVATO\administrator > LOVATO\xl.teste1 > LOVATO\squid > LOVATO\krbtgt > LOVATO\guest > LOVATO\roger > > > wbinfo -g > LOVATO\cert publishers > LOVATO\ras and ias servers > LOVATO\allowed rodc password replication group > LOVATO\denied rodc password replication group > LOVATO\dnsadmins > LOVATO\enterprise read-only domain controllers > LOVATO\domain admins > LOVATO\domain users > LOVATO\domain guests > LOVATO\domain computers > LOVATO\domain controllers > LOVATO\schema admins > LOVATO\enterprise admins > LOVATO\group policy creator owners > LOVATO\read-only domain controllers > LOVATO\dnsupdateproxy > LOVATO\teste > LOVATO\proxynivel1 > LOVATO\proxynivel2 > LOVATO\proxynivel3 > > > My smb.conf > > > [global] > workgroup = LOVATO > realm = LOVATO.INTRANET > netbios name = LVT-006 > server role = active directory domain controller > passdb backend = samba_dsdb > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > #IDMAP > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > idmap config *:range = 70001-80000 > idmap config LOVATO:backend = ad > idmap config LOVATO:schema_mode = rfc2307 > idmap config LOVATO:range = 500-40000 > #WINBIND > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind cache time = 10 > winbind refresh tickets = yes > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4, acl_xattr > template shell = /bin/bash > #DESABILITANDO AS IMPRESSORAS > printcap name = /dev/null > printcap name = /dev/null > load printers = no > disable spoolss = yes > disable spoolss = yes > printing = bsd > ### LOGS > log file = /var/log/samba/smbd.log > max log size = 50 > log level = 10 > vfs objects = recycle full_audit > ### LIXEIRA > recycle:repository = Lixeira > recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~* > recycle:keeptree = yes > full_audit:success = rmdir mkdir open write rename unlink > full_audit:failure = rmdir mkdir open write rename unlink > full_audit:prefix = %U|%I|%m|%S > full_audit:failure = none > full_audit:facility = local5 > full_audit:priority = notice > veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif > delete veto files = yes > dos filemode = yes > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > > My krb5.conf > > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = LOVATO.INTRANET > dns_lookup_realm = true > dns_lookup_kdc = true > ticket_lifetime = 24h > forwardable = yes > > [realm] > LOVATO.INTRANET = { > kdc = lvt-006.lovato.intranet:88 > default_domain = lovato.intranet > } > > [domain_realm] > .lovato.intranet = LOVATO.INTRANET > lovato.intranet = LOVATO.INTRANET > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > > My nsswitch.conf > > > passwd: files sss winbind > shadow: files sss > group: files sss winbind > > > Processes: > > > named 847 0.0 1.8 558900 68924 ? Ssl Feb02 0:15 > /usr/sbin/named -u named -4 > root 1543 0.0 1.1 585920 45312 ? Ss Feb02 0:00 > /usr/local/samba/sbin/samba -D > root 1544 0.0 0.8 585920 32304 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1557 0.0 1.2 637780 48844 ? Ss Feb02 0:00 | \_ > /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes -- > foreground > root 1561 0.0 0.8 632284 32224 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes -- > foreground > root 1562 0.0 0.8 632308 32204 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes -- > foreground > root 1545 0.3 1.0 592616 38832 ? S Feb02 2:41 \_ > /usr/local/samba/sbin/samba -D > root 1546 0.0 0.8 585920 33624 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1547 0.0 0.8 585920 32184 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1548 0.0 0.9 585920 34680 ? S Feb02 0:01 \_ > /usr/local/samba/sbin/samba -D > root 1549 0.0 0.8 585920 33852 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1550 0.0 0.9 592208 37212 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1551 0.1 0.9 594688 37676 ? S Feb02 1:01 \_ > /usr/local/samba/sbin/samba -D > root 1552 0.0 0.8 585920 32304 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1553 0.0 1.2 609256 47364 ? Ss Feb02 0:02 | \_ > /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes - > -foreground > root 1560 0.0 0.9 616864 35820 ? S Feb02 0:32 | > \_ /usr/local/samba/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > root 1564 0.0 0.9 610668 35372 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > root 1569 0.0 0.9 616996 35576 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > root 1554 0.0 0.8 585920 32340 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1555 0.0 1.1 585920 42976 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1556 0.0 0.8 585920 33328 ? S Feb02 0:01 \_ > /usr/local/samba/sbin/samba -D > > > Version: > > # samba -V > Version 4.5.3 > > > There is anyway to force winbind update? > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On Fri, 3 Feb 2017 13:20:55 +0000 Roger Lovato via samba <samba at lists.samba.org> wrote:> Hi guys!! > > > I'm facing problem with Samba 4 + winbind that I spent some days to > solve that without success and I'll appreciate any help. > > > I self compile samba 4 and apparently everything is working fine. I > installed samba on six distributed servers at remote branch offices > and all users, groups, dns and other components are replicating with > success. > > > But last week I saw that windind cache was not been updated and when > I try to get users and groups with getent command, new members is not > shown. > > > I tried some tricks and tips that I found in several websites and > forums, but nothing is working. Yesterday I tried to flush winbind > cache with command: > > > net cache flush > > > All winbind cache has been erased, but is not updated and now I don't > have any users and groups when I try to get with getent command. > > > I read in the winbind manual that when I restart the daemon, all > cache is erased and updated, but this not happens. I'm not found > where winbind saves its cache! > > > My wbinfo listing correctly: > > > # wbinfo -u > LOVATO\rafael > LOVATO\xl.teste > LOVATO\dns-movd-gcp-007 > LOVATO\dns-movd-mgf-001 > LOVATO\dns-movd-gcp-006 > LOVATO\administrator > LOVATO\xl.teste1 > LOVATO\squid > LOVATO\krbtgt > LOVATO\guest > LOVATO\roger > > > wbinfo -g > LOVATO\cert publishers > LOVATO\ras and ias servers > LOVATO\allowed rodc password replication group > LOVATO\denied rodc password replication group > LOVATO\dnsadmins > LOVATO\enterprise read-only domain controllers > LOVATO\domain admins > LOVATO\domain users > LOVATO\domain guests > LOVATO\domain computers > LOVATO\domain controllers > LOVATO\schema admins > LOVATO\enterprise admins > LOVATO\group policy creator owners > LOVATO\read-only domain controllers > LOVATO\dnsupdateproxy > LOVATO\teste > LOVATO\proxynivel1 > LOVATO\proxynivel2 > LOVATO\proxynivel3 > > > My smb.conf > > > [global] > workgroup = LOVATO > realm = LOVATO.INTRANET > netbios name = LVT-006 > server role = active directory domain controller > passdb backend = samba_dsdb > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > #IDMAP > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > idmap config *:range = 70001-80000 > idmap config LOVATO:backend = ad > idmap config LOVATO:schema_mode = rfc2307 > idmap config LOVATO:range = 500-40000 > #WINBIND > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind cache time = 10 > winbind refresh tickets = yes > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4, acl_xattr > template shell = /bin/bash > #DESABILITANDO AS IMPRESSORAS > printcap name = /dev/null > printcap name = /dev/null > load printers = no > disable spoolss = yes > disable spoolss = yes > printing = bsd > ### LOGS > log file = /var/log/samba/smbd.log > max log size = 50 > log level = 10 > vfs objects = recycle full_audit > ### LIXEIRA > recycle:repository = Lixeira > recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~* > recycle:keeptree = yes > full_audit:success = rmdir mkdir open write rename unlink > full_audit:failure = rmdir mkdir open write rename unlink > full_audit:prefix = %U|%I|%m|%S > full_audit:failure = none > full_audit:facility = local5 > full_audit:priority = notice > veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif > delete veto files = yes > dos filemode = yes > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > > My krb5.conf > > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = LOVATO.INTRANET > dns_lookup_realm = true > dns_lookup_kdc = true > ticket_lifetime = 24h > forwardable = yes > > [realm] > LOVATO.INTRANET = { > kdc = lvt-006.lovato.intranet:88 > default_domain = lovato.intranet > } > > [domain_realm] > .lovato.intranet = LOVATO.INTRANET > lovato.intranet = LOVATO.INTRANET > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > > My nsswitch.conf > > > passwd: files sss winbind > shadow: files sss > group: files sss winbind > >First, remove ALL these lines from the DC smb.conf, they either shouldn't be there, or are default settings: passdb backend = samba_dsdb idmap config * : backend = tdb idmap config *:range = 70001-80000 idmap config LOVATO:backend = ad idmap config LOVATO:schema_mode = rfc2307 idmap config LOVATO:range = 500-40000 vfs objects = dfs_samba4, acl_xattr winbind use default domain = yes winbind nss info = rfc2307 winbind trusted domains only = no winbind cache time = 10 winbind refresh tickets = yes map archive = No map readonly = no store dos attributes = Yes dos filemode = yes Change /etc/krb5.conf to: [libdefaults] default_realm = LOVATO.INTRANET dns_lookup_realm = false dns_lookup_kdc = true Finally, you are NOT using winbind!! Change /etc/nsswitch to: passwd: files winbind shadow: files group: files winbind You will then be using winbind. Just a note, running 'wbinfo -u' or 'wbinfo -g' is pretty meaningless on a Unix machine, it just shows the users are in AD, you need to run 'getent passwd USERNAME' and receive an output to know it is working. Rowland
Try cleaning up your smb.conf also.> vfs objects = dfs_samba4, acl_xattrBit lower.> vfs objects = recycle full_auditSet this as : vfs objects = dfs_samba4, acl_xattr, recycle full_audit Your using : > winbind nss info = rfc2307 So remove these lines> idmap config * : backend = tdb > idmap config *:range = 70001-80000 > idmap config LOVATO:backend = ad > idmap config LOVATO:schema_mode = rfc2307 > idmap config LOVATO:range = 500-400002 x :> disable spoolss = yes > disable spoolss = yesEtc, so backup your smb.conf and cleanup first. As example, this is all i have. [global] workgroup = NTDOM realm = REALM # netbios name is not needed, the computer it hostname wil be use, i think its handy to have it here. netbios name = DC1 server role = active directory domain controller # if you run bind_dlz and not samba dns, this is sufficent. server services = -dns # Dont forget to set the idmap_ldb on ALL DC's if you use it idmap_ldb:use rfc2307 = yes winbind nss info = rfc2307 winbind expand groups = 4 # with rfc2307 this is only needed on the DC. template shell = /bin/bash template homedir = /home/users/%U # disable printing completely, when set empty no error log messages. load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # disable usershares creating, when set empty no error log messages. usershare path # Add and Update TLS Key tls enabled = yes tls keyfile = /........key.pem tls certfile = /........cert.pem tls cafile = /....... ca.pem [sysvol] ...... Van: Roger Lovato [mailto:rogerlovato at outlook.com] Verzonden: vrijdag 3 februari 2017 14:40 Aan: L.P.H. van Belle Onderwerp: Re: [Samba] Problems with winbind cache Hi, Thanks for your help, but still not updating.. passwd: files winbind sss shadow: files sss group: files winbind sss getent don't get any user or group. Regards, De: samba <samba-bounces at lists.samba.org> em nome de L.P.H. van Belle via samba <samba at lists.samba.org> Enviado: sexta-feira, 3 de fevereiro de 2017 11:28:48 Para: samba at lists.samba.org Assunto: Re: [Samba] Problems with winbind cache Try changing your nsswitch.conf to passwd: files winbind sss shadow: files sss group: files winbind sss now do. net cache flush restart winbind wbinfo -u wbinfo -g getent passwd username getent passwd groupname Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Roger Lovato via > samba > Verzonden: vrijdag 3 februari 2017 14:21 > Aan: samba at lists.samba.org > Onderwerp: [Samba] Problems with winbind cache > > Hi guys!! > > > I'm facing problem with Samba 4 + winbind that I spent some days to solve > that without success and I'll appreciate any help. > > > I self compile samba 4 and apparently everything is working fine. I > installed samba on six distributed servers at remote branch offices and > all users, groups, dns and other components are replicating with success. > > > But last week I saw that windind cache was not been updated and when I try > to get users and groups with getent command, new members is not shown. > > > I tried some tricks and tips that I found in several websites and forums, > but nothing is working. Yesterday I tried to flush winbind cache with > command: > > > net cache flush > > > All winbind cache has been erased, but is not updated and now I don't have > any users and groups when I try to get with getent command. > > > I read in the winbind manual that when I restart the daemon, all cache is > erased and updated, but this not happens. I'm not found where winbind > saves its cache! > > > My wbinfo listing correctly: > > > # wbinfo -u > LOVATO\rafael > LOVATO\xl.teste > LOVATO\dns-movd-gcp-007 > LOVATO\dns-movd-mgf-001 > LOVATO\dns-movd-gcp-006 > LOVATO\administrator > LOVATO\xl.teste1 > LOVATO\squid > LOVATO\krbtgt > LOVATO\guest > LOVATO\roger > > > wbinfo -g > LOVATO\cert publishers > LOVATO\ras and ias servers > LOVATO\allowed rodc password replication group > LOVATO\denied rodc password replication group > LOVATO\dnsadmins > LOVATO\enterprise read-only domain controllers > LOVATO\domain admins > LOVATO\domain users > LOVATO\domain guests > LOVATO\domain computers > LOVATO\domain controllers > LOVATO\schema admins > LOVATO\enterprise admins > LOVATO\group policy creator owners > LOVATO\read-only domain controllers > LOVATO\dnsupdateproxy > LOVATO\teste > LOVATO\proxynivel1 > LOVATO\proxynivel2 > LOVATO\proxynivel3 > > > My smb.conf > > > [global] > workgroup = LOVATO > realm = LOVATO.INTRANET > netbios name = LVT-006 > server role = active directory domain controller > passdb backend = samba_dsdb > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > rpc_server:tcpip = no > rpc_daemon:spoolssd = embedded > rpc_server:spoolss = embedded > rpc_server:winreg = embedded > rpc_server:ntsvcs = embedded > rpc_server:eventlog = embedded > rpc_server:srvsvc = embedded > rpc_server:svcctl = embedded > rpc_server:default = external > #IDMAP > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > idmap config *:range = 70001-80000 > idmap config LOVATO:backend = ad > idmap config LOVATO:schema_mode = rfc2307 > idmap config LOVATO:range = 500-40000 > #WINBIND > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind cache time = 10 > winbind refresh tickets = yes > map archive = No > map readonly = no > store dos attributes = Yes > vfs objects = dfs_samba4, acl_xattr > template shell = /bin/bash > #DESABILITANDO AS IMPRESSORAS > printcap name = /dev/null > printcap name = /dev/null > load printers = no > disable spoolss = yes > disable spoolss = yes > printing = bsd > ### LOGS > log file = /var/log/samba/smbd.log > max log size = 50 > log level = 10 > vfs objects = recycle full_audit > ### LIXEIRA > recycle:repository = Lixeira > recycle:exclude = *.tmp *.TMP *.temp *.TEMP ~* > recycle:keeptree = yes > full_audit:success = rmdir mkdir open write rename unlink > full_audit:failure = rmdir mkdir open write rename unlink > full_audit:prefix = %U|%I|%m|%S > full_audit:failure = none > full_audit:facility = local5 > full_audit:priority = notice > veto files = /*.mp3/*.wav/*.exe/*.cmd/*.adm/*.inf/*.ini/*.pif > delete veto files = yes > dos filemode = yes > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/lovato.intranet/scripts > read only = No > > [sysvol] > path = /usr/local/samba/var/locks/sysvol > read only = No > > > My krb5.conf > > > [logging] > default = FILE:/var/log/krb5libs.log > kdc = FILE:/var/log/krb5kdc.log > admin_server = FILE:/var/log/kadmind.log > > [libdefaults] > default_realm = LOVATO.INTRANET > dns_lookup_realm = true > dns_lookup_kdc = true > ticket_lifetime = 24h > forwardable = yes > > [realm] > LOVATO.INTRANET = { > kdc = lvt-006.lovato.intranet:88 > default_domain = lovato.intranet > } > > [domain_realm] > .lovato.intranet = LOVATO.INTRANET > lovato.intranet = LOVATO.INTRANET > > [appdefaults] > pam = { > debug = false > ticket_lifetime = 36000 > renew_lifetime = 36000 > forwardable = true > krb4_convert = false > } > > > My nsswitch.conf > > > passwd: files sss winbind > shadow: files sss > group: files sss winbind > > > Processes: > > > named 847 0.0 1.8 558900 68924 ? Ssl Feb02 0:15 > /usr/sbin/named -u named -4 > root 1543 0.0 1.1 585920 45312 ? Ss Feb02 0:00 > /usr/local/samba/sbin/samba -D > root 1544 0.0 0.8 585920 32304 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1557 0.0 1.2 637780 48844 ? Ss Feb02 0:00 | \_ > /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes -- > foreground > root 1561 0.0 0.8 632284 32224 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes -- > foreground > root 1562 0.0 0.8 632308 32204 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes -- > foreground > root 1545 0.3 1.0 592616 38832 ? S Feb02 2:41 \_ > /usr/local/samba/sbin/samba -D > root 1546 0.0 0.8 585920 33624 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1547 0.0 0.8 585920 32184 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1548 0.0 0.9 585920 34680 ? S Feb02 0:01 \_ > /usr/local/samba/sbin/samba -D > root 1549 0.0 0.8 585920 33852 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1550 0.0 0.9 592208 37212 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1551 0.1 0.9 594688 37676 ? S Feb02 1:01 \_ > /usr/local/samba/sbin/samba -D > root 1552 0.0 0.8 585920 32304 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1553 0.0 1.2 609256 47364 ? Ss Feb02 0:02 | \_ > /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes - > -foreground > root 1560 0.0 0.9 616864 35820 ? S Feb02 0:32 | > \_ /usr/local/samba/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > root 1564 0.0 0.9 610668 35372 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > root 1569 0.0 0.9 616996 35576 ? S Feb02 0:00 | > \_ /usr/local/samba/sbin/winbindd -D --option=server role > check:inhibit=yes --foreground > root 1554 0.0 0.8 585920 32340 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1555 0.0 1.1 585920 42976 ? S Feb02 0:00 \_ > /usr/local/samba/sbin/samba -D > root 1556 0.0 0.8 585920 33328 ? S Feb02 0:01 \_ > /usr/local/samba/sbin/samba -D > > > Version: > > # samba -V > Version 4.5.3 > > > There is anyway to force winbind update? > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba