L.P.H. van Belle
2018-Feb-15 08:41 UTC
[Samba] wbinfo -U id gives different users on same dc
Sure there is, Install debian, follow my howto and you will have success. Just, your using an .local domain, and thats a reserved name for apples mDNS (zeroconf) And should not be used. ( same for .lan ) https://wiki.samba.org/index.php/FAQ#Can_I_Use_the_.local_Top-level_Domain_for_My_AD_DNS_Zone.3F So the info is good, thats not the problem, finding it, is. Can you post your /etc/hosts and resolv.conf also to be sure these are ok. And whats the running OS, thats a nice to know. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Özkan Göksu via samba > Verzonden: donderdag 15 februari 2018 9:19 > Aan: Rowland Penny > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] wbinfo -U id gives different users on same dc > > Thanks for helping me out. It is really appreciated. It is > not easy to find > out good online information about samba :( > > My original idea was to keep my understanding of important > default options > written in smb.conf after full reading of https://www.samba.org/ > samba/docs/4.7/man-html/smb.conf.5.html. > > For the "winbind enum users/group" options I added them since > smb.conf(5) > states some programs behaves oddly if they are not enabled: > https://www.samba.org/samba/docs/4.7/man-html/smb.conf.5.html# > winbindenumgroups. However I am removing them as you say. > > For the "dns update command? setting I thought it would solve > my dns update > problem whenever I try to join Active Directory. My samba > version is 4.7.4. > > [root at AA-SM2 ]# net ads join -U administrator > Enter administrator's password: > Using short domain name -- AA > Joined 'AA-SM2' to dns domain 'aa.local' > No DNS domain configured for aa-sm2. Unable to perform DNS Update. > DNS update failed: NT_STATUS_INVALID_PARAMETER > > For the "socket options? setting I read it on the internet which is > somewhat considered to be a best practice for samba performance. I am > removing it also. > > BTW there is a long standing issue of mine which I haven?t > found an answer. > I always see limit warning at smbd service start up. It does > no help no > matter I set "max open files = 232040? in smb.conf nor > /etc/security/limits > settings. > > [2018/02/15 10:39:02.985913, 2] ../source3/param/loadparm.c: > 321(max_open_files) > rlimit_max: increasing rlimit_max (1024) to minimum Windows > limit (16384) > [2018/02/15 10:39:02.986630, 2] ../source3/param/loadparm.c: > 2791(lp_do_section) > Processing section "[yenitest]" > [2018/02/15 10:39:02.987321, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface vlan11 ip=192.168.11.3 bcast=192.168.11.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987391, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface vlan50 ip=10.0.50.4 bcast=10.0.50.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987439, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface enp2s0f0 ip=10.1.60.3 bcast=10.1.60.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987484, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface enp2s0f0 ip=10.1.60.5 bcast=10.1.60.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987611, 1] ../source3/profile/profile_ > dummy.c:30(set_profile_level) > INFO: Profiling support unavailable in this build. > [2018/02/15 10:39:02.989393, 2] ../source3/passdb/pdb_ > interface.c:161(make_pdb_method_name) > No builtin backend found, trying to load plugin > [2018/02/15 10:39:03.006312, 1] ../source3/smbd/files.c:218( > file_init_global) > file_init_global: Information only: requested 232040 open > files, 59392 > are available. > [2018/02/15 10:39:03.009324, 0] ../lib/util/become_daemon.c: > 124(daemon_ready) > STATUS=daemon 'smbd' finished starting up and ready to > serve connections > [2018/02/15 10:39:03.009569, 2] ../source3/smbd/server.c:1395( > smbd_parent_loop) > waiting for connections > > Here are my settings in /etc/security/limits. > > * soft nofile 99000 > * hard nofile 999000 > * - memlock unlimited > * - nofile 100000 > * - nproc 32768 > * - as unlimited > > @root soft nofile 99000 > @root hard nofile 999000 > @root - memlock unlimited > @root - nofile 100000 > @root - nproc 32768 > @root - as unlimited > > > Again thanks for you help, > > Ozkan > > > *Özkan GÖKSU* | *Tekn. Geli??tirme* | ozkan.goksu at usishi.com > <goktug.yildirim at usishi.com> > C : +90 555 449 88 71 | T : +90 (216) 442 7070 | > http://www.usishi.com > > > 2018-02-14 17:26 GMT+02:00 Rowland Penny via samba > <samba at lists.samba.org>: > > > On Wed, 14 Feb 2018 16:30:07 +0200 > > Özkan Göksu <ozkan.goksu at usishi.com> wrote: > > > > > RID solved my problem. But while reading docs I saw new > things and I > > > changed my smb.conf completely. > > > I have read almost every parameter but i'm still not %100 sure. > > > Can you do me a last favor? > > > Please can you tell me do I have any problem with new smb.conf? > > > > > > > No problems as such, but you don't need these because they > are default > > settings: > > > > winbind nested groups = yes > > encrypt passwords = yes > > strict locking = Auto > > oplocks = yes > > deadtime = 15 > > unix charset = UTF-8 > > case sensitive = auto > > guest account = nobody > > ntlm auth = no > > client ntlmv2 auth = yes > > kernel change notify = yes > > domain logons = no > > client use spnego = yes > > strict sync = no > > > > All the next two lines do is make 'getent passwd' & 'getent group' > > display a list of all users or groups AND slow things down, > you do not > > need them: > > > > winbind enum users = yes > > winbind enum groups = yes > > > > The next line is only any good on a Samba DC: > > > > dns update command = /usr/sbin/samba_dnsupdate > > > > You shouldn't really mess with the socket options, that's > the kernels > > job: > > > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Hi Louis, Thanks for information, find it sometimes is a real challenge. Would you please share your how to link? I wish to read it. For the .local domain I suppose I have nothing to do. This is a running windows Active Directory and it is not possible to change domain suffix. Here is my /etc/hosts 127.0.0.1 localhost.localdomain localhost 10.254.104.8 wdc04.aa.local wdc04 10.254.105.208 AA-SM2 and /etc/resolv.conf search aa.local nameserver 10.254.104.8 nameserver 10.254.104.13 My distribution is Archlinux. Greetings, Ozkan Sure there is,> Install debian, follow my howto and you will have success. > > Just, your using an .local domain, and thats a reserved name for apples > mDNS (zeroconf) > And should not be used. ( same for .lan ) > https://wiki.samba.org/index.php/FAQ#Can_I_Use_the_.local_ > Top-level_Domain_for_My_AD_DNS_Zone.3F > So the info is good, thats not the problem, finding it, is. > > Can you post your /etc/hosts and resolv.conf also to be sure these are ok. > And whats the running OS, thats a nice to know. > > Greetz, > > Louis > > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Özkan Göksu via samba > > Verzonden: donderdag 15 februari 2018 9:19 > > Aan: Rowland Penny > > CC: samba at lists.samba.org > > Onderwerp: Re: [Samba] wbinfo -U id gives different users on same dc > > > > Thanks for helping me out. It is really appreciated. It is > > not easy to find > > out good online information about samba :( > > > > My original idea was to keep my understanding of important > > default options > > written in smb.conf after full reading of https://www.samba.org/ > > samba/docs/4.7/man-html/smb.conf.5.html. > > > > For the "winbind enum users/group" options I added them since > > smb.conf(5) > > states some programs behaves oddly if they are not enabled: > > https://www.samba.org/samba/docs/4.7/man-html/smb.conf.5.html# > > winbindenumgroups. However I am removing them as you say. > > > > For the "dns update command? setting I thought it would solve > > my dns update > > problem whenever I try to join Active Directory. My samba > > version is 4.7.4. > > > > [root at AA-SM2 ]# net ads join -U administrator > > Enter administrator's password: > > Using short domain name -- AA > > Joined 'AA-SM2' to dns domain 'aa.local' > > No DNS domain configured for aa-sm2. Unable to perform DNS Update. > > DNS update failed: NT_STATUS_INVALID_PARAMETER > > > > For the "socket options? setting I read it on the internet which is > > somewhat considered to be a best practice for samba performance. I am > > removing it also. > > > > BTW there is a long standing issue of mine which I haven?t > > found an answer. > > I always see limit warning at smbd service start up. It does > > no help no > > matter I set "max open files = 232040? in smb.conf nor > > /etc/security/limits > > settings. > > > > [2018/02/15 10:39:02.985913, 2] ../source3/param/loadparm.c: > > 321(max_open_files) > > rlimit_max: increasing rlimit_max (1024) to minimum Windows > > limit (16384) > > [2018/02/15 10:39:02.986630, 2] ../source3/param/loadparm.c: > > 2791(lp_do_section) > > Processing section "[yenitest]" > > [2018/02/15 10:39:02.987321, 2] ../source3/lib/interface.c: > > 345(add_interface) > > added interface vlan11 ip=192.168.11.3 bcast=192.168.11.255 > > netmask=255.255.255.0 > > [2018/02/15 10:39:02.987391, 2] ../source3/lib/interface.c: > > 345(add_interface) > > added interface vlan50 ip=10.0.50.4 bcast=10.0.50.255 > > netmask=255.255.255.0 > > [2018/02/15 10:39:02.987439, 2] ../source3/lib/interface.c: > > 345(add_interface) > > added interface enp2s0f0 ip=10.1.60.3 bcast=10.1.60.255 > > netmask=255.255.255.0 > > [2018/02/15 10:39:02.987484, 2] ../source3/lib/interface.c: > > 345(add_interface) > > added interface enp2s0f0 ip=10.1.60.5 bcast=10.1.60.255 > > netmask=255.255.255.0 > > [2018/02/15 10:39:02.987611, 1] ../source3/profile/profile_ > > dummy.c:30(set_profile_level) > > INFO: Profiling support unavailable in this build. > > [2018/02/15 10:39:02.989393, 2] ../source3/passdb/pdb_ > > interface.c:161(make_pdb_method_name) > > No builtin backend found, trying to load plugin > > [2018/02/15 10:39:03.006312, 1] ../source3/smbd/files.c:218( > > file_init_global) > > file_init_global: Information only: requested 232040 open > > files, 59392 > > are available. > > [2018/02/15 10:39:03.009324, 0] ../lib/util/become_daemon.c: > > 124(daemon_ready) > > STATUS=daemon 'smbd' finished starting up and ready to > > serve connections > > [2018/02/15 10:39:03.009569, 2] ../source3/smbd/server.c:1395( > > smbd_parent_loop) > > waiting for connections > > > > Here are my settings in /etc/security/limits. > > > > * soft nofile 99000 > > * hard nofile 999000 > > * - memlock unlimited > > * - nofile 100000 > > * - nproc 32768 > > * - as unlimited > > > > @root soft nofile 99000 > > @root hard nofile 999000 > > @root - memlock unlimited > > @root - nofile 100000 > > @root - nproc 32768 > > @root - as unlimited > > > > > > Again thanks for you help, > > > > Ozkan > > > > > > *Özkan GÖKSU* | *Tekn. Geli??tirme* | ozkan.goksu at usishi.com > > <goktug.yildirim at usishi.com> > > C : +90 555 449 88 71 | T : +90 (216) 442 7070 | > > http://www.usishi.com > > > > > > 2018-02-14 17:26 GMT+02:00 Rowland Penny via samba > > <samba at lists.samba.org>: > > > > > On Wed, 14 Feb 2018 16:30:07 +0200 > > > Özkan Göksu <ozkan.goksu at usishi.com> wrote: > > > > > > > RID solved my problem. But while reading docs I saw new > > things and I > > > > changed my smb.conf completely. > > > > I have read almost every parameter but i'm still not %100 sure. > > > > Can you do me a last favor? > > > > Please can you tell me do I have any problem with new smb.conf? > > > > > > > > > > No problems as such, but you don't need these because they > > are default > > > settings: > > > > > > winbind nested groups = yes > > > encrypt passwords = yes > > > strict locking = Auto > > > oplocks = yes > > > deadtime = 15 > > > unix charset = UTF-8 > > > case sensitive = auto > > > guest account = nobody > > > ntlm auth = no > > > client ntlmv2 auth = yes > > > kernel change notify = yes > > > domain logons = no > > > client use spnego = yes > > > strict sync = no > > > > > > All the next two lines do is make 'getent passwd' & 'getent group' > > > display a list of all users or groups AND slow things down, > > you do not > > > need them: > > > > > > winbind enum users = yes > > > winbind enum groups = yes > > > > > > The next line is only any good on a Samba DC: > > > > > > dns update command = /usr/sbin/samba_dnsupdate > > > > > > You shouldn't really mess with the socket options, that's > > the kernels > > > job: > > > > > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE > > > > > > Rowland > > > > > > -- > > > To unsubscribe from this list go to the following URL and read the > > > instructions: https://lists.samba.org/mailman/options/samba > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Thu, 15 Feb 2018 13:31:33 +0200 Özkan Göksu via samba <samba at lists.samba.org> wrote:> Hi Louis, > > Thanks for information, find it sometimes is a real challenge. Would > you please share your how to link? I wish to read it. > > For the .local domain I suppose I have nothing to do. This is a > running windows Active Directory and it is not possible to change > domain suffix.If you have to use the '.local' TLD, then I would suggest you turn off Avahi (if it is running).> > Here is my /etc/hosts > > 127.0.0.1 localhost.localdomain localhost > 10.254.104.8 wdc04.aa.local wdc04 > 10.254.105.208 AA-SM2I would change it something like this: 127.0.0.1 localhost 10.254.104.X fileserver.aa.local fileserver Where '10.254.104.X is the fileservers ipaddress and 'fileserver' is the fileservers hostname> > and /etc/resolv.conf > > search aa.local > nameserver 10.254.104.8 > nameserver 10.254.104.13If the nameservers are both DCs, then okay, remove any that are not. As for your 'rlimit_max' problem, see here: https://serverfault.com/questions/509560/resolving-samba-testparm-message-rlimit-max-rlimit-max-8192-below-minimum-wi Rowland
L.P.H. van Belle
2018-Feb-15 12:25 UTC
[Samba] wbinfo -U id gives different users on same dc
sure, https://github.com/thctlo/samba4/tree/master/howtos now these are debian based, but if you read throught the howto. start with stretch-base-2.0-samba-minimal-ad.txt ok, that happens that .local cant be changed, but now its even more important that the resolving is correct. the hosts 127.0.0.1 localhost localhost.localdomain 10.254.104.8 wdc04.aa.local wdc04 < is this the samba DC? 10.254.105.208 AA-SM2 << missing .domain or this, i "guess" base on you join below its this one. setup host like this. IP HOST_FQDN(hostname -f) ALIAS_NAME(hostname -s) and /etc/resolv.conf search aa.local < this is your primary samba domain. nameserver 10.254.104.8 < this is your dc? nameserver 10.254.104.13 and this is? i also suggest, goto https://wiki.archlinux.org/index.php/Samba/Active_Directory_domain_controller some parts of my howto are also from arch examples. Greetz, Louis Van: Özkan Göksu [mailto:ozkan.goksu at usishi.com] Verzonden: donderdag 15 februari 2018 12:32 Aan: L.P.H. van Belle CC: samba at lists.samba.org Onderwerp: Re: [Samba] wbinfo -U id gives different users on same dc Hi Louis, Thanks for information, find it sometimes is a real challenge. Would you please share your how to link? I wish to read it. For the .local domain I suppose I have nothing to do. This is a running windows Active Directory and it is not possible to change domain suffix. Here is my /etc/hosts 127.0.0.1 localhost.localdomain localhost 10.254.104.8 wdc04.aa.local wdc04 10.254.105.208 AA-SM2 and /etc/resolv.conf search aa.local nameserver 10.254.104.8 nameserver 10.254.104.13 My distribution is Archlinux. Greetings, Ozkan Sure there is, Install debian, follow my howto and you will have success. Just, your using an .local domain, and thats a reserved name for apples mDNS (zeroconf) And should not be used. ( same for .lan ) https://wiki.samba.org/index.php/FAQ#Can_I_Use_the_.local_Top-level_Domain_for_My_AD_DNS_Zone.3F So the info is good, thats not the problem, finding it, is. Can you post your /etc/hosts and resolv.conf also to be sure these are ok. And whats the running OS, thats a nice to know. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Özkan Göksu via samba > Verzonden: donderdag 15 februari 2018 9:19 > Aan: Rowland Penny > CC: samba at lists.samba.org > Onderwerp: Re: [Samba] wbinfo -U id gives different users on same dc > > Thanks for helping me out. It is really appreciated. It is > not easy to find > out good online information about samba :( > > My original idea was to keep my understanding of important > default options > written in smb.conf after full reading of https://www.samba.org/ > samba/docs/4.7/man-html/smb.conf.5.html. > > For the "winbind enum users/group" options I added them since > smb.conf(5) > states some programs behaves oddly if they are not enabled: > https://www.samba.org/samba/docs/4.7/man-html/smb.conf.5.html# > winbindenumgroups. However I am removing them as you say. > > For the "dns update command? setting I thought it would solve > my dns update > problem whenever I try to join Active Directory. My samba > version is 4.7.4. > > [root at AA-SM2 ]# net ads join -U administrator > Enter administrator's password: > Using short domain name -- AA > Joined 'AA-SM2' to dns domain 'aa.local' > No DNS domain configured for aa-sm2. Unable to perform DNS Update. > DNS update failed: NT_STATUS_INVALID_PARAMETER > > For the "socket options? setting I read it on the internet which is > somewhat considered to be a best practice for samba performance. I am > removing it also. > > BTW there is a long standing issue of mine which I haven?t > found an answer. > I always see limit warning at smbd service start up. It does > no help no > matter I set "max open files = 232040? in smb.conf nor > /etc/security/limits > settings. > > [2018/02/15 10:39:02.985913, 2] ../source3/param/loadparm.c: > 321(max_open_files) > rlimit_max: increasing rlimit_max (1024) to minimum Windows > limit (16384) > [2018/02/15 10:39:02.986630, 2] ../source3/param/loadparm.c: > 2791(lp_do_section) > Processing section "[yenitest]" > [2018/02/15 10:39:02.987321, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface vlan11 ip=192.168.11.3 bcast=192.168.11.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987391, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface vlan50 ip=10.0.50.4 bcast=10.0.50.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987439, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface enp2s0f0 ip=10.1.60.3 bcast=10.1.60.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987484, 2] ../source3/lib/interface.c: > 345(add_interface) > added interface enp2s0f0 ip=10.1.60.5 bcast=10.1.60.255 > netmask=255.255.255.0 > [2018/02/15 10:39:02.987611, 1] ../source3/profile/profile_ > dummy.c:30(set_profile_level) > INFO: Profiling support unavailable in this build. > [2018/02/15 10:39:02.989393, 2] ../source3/passdb/pdb_ > interface.c:161(make_pdb_method_name) > No builtin backend found, trying to load plugin > [2018/02/15 10:39:03.006312, 1] ../source3/smbd/files.c:218( > file_init_global) > file_init_global: Information only: requested 232040 open > files, 59392 > are available. > [2018/02/15 10:39:03.009324, 0] ../lib/util/become_daemon.c: > 124(daemon_ready) > STATUS=daemon 'smbd' finished starting up and ready to > serve connections > [2018/02/15 10:39:03.009569, 2] ../source3/smbd/server.c:1395( > smbd_parent_loop) > waiting for connections > > Here are my settings in /etc/security/limits. > > * soft nofile 99000 > * hard nofile 999000 > * - memlock unlimited > * - nofile 100000 > * - nproc 32768 > * - as unlimited > > @root soft nofile 99000 > @root hard nofile 999000 > @root - memlock unlimited > @root - nofile 100000 > @root - nproc 32768 > @root - as unlimited > > > Again thanks for you help, > > Ozkan > >> *Özkan GÖKSU* | *Tekn. Geli??tirme* | ozkan.goksu at usishi.com > <goktug.yildirim at usishi.com> > C : +90 555 449 88 71 | T : +90 (216) 442 7070 | > http://www.usishi.com > > > 2018-02-14 17:26 GMT+02:00 Rowland Penny via samba > <samba at lists.samba.org>: > > > On Wed, 14 Feb 2018 16:30:07 +0200 > > Özkan Göksu <ozkan.goksu at usishi.com> wrote: > > > > > RID solved my problem. But while reading docs I saw new > things and I > > > changed my smb.conf completely. > > > I have read almost every parameter but i'm still not %100 sure. > > > Can you do me a last favor? > > > Please can you tell me do I have any problem with new smb.conf? > > > > > > > No problems as such, but you don't need these because they > are default > > settings: > > > > winbind nested groups = yes > > encrypt passwords = yes > > strict locking = Auto > > oplocks = yes > > deadtime = 15 > > unix charset = UTF-8 > > case sensitive = auto > > guest account = nobody > > ntlm auth = no > > client ntlmv2 auth = yes > > kernel change notify = yes > > domain logons = no > > client use spnego = yes > > strict sync = no > > > > All the next two lines do is make 'getent passwd' & 'getent group' > > display a list of all users or groups AND slow things down, > you do not > > need them: > > > > winbind enum users = yes > > winbind enum groups = yes > > > > The next line is only any good on a Samba DC: > > > > dns update command = /usr/sbin/samba_dnsupdate > > > > You shouldn't really mess with the socket options, that's > the kernels > > job: > > > > socket options = TCP_NODELAY IPTOS_LOWDELAY SO_KEEPALIVE > > > > Rowland > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions: https://lists.samba.org/mailman/options/samba > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >-- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba