samba - Jul 2018 - Winbind Craziness

about 3 weeks ago there was a power outage where our main file server was not
connected to any dc for some time. (don't know if that's related)
since then winbind will randomly not resolve rfc_2307 users or groups whenever
it feels like it.

have tried
shutting down nmbd,smbd.winbind and running net cache flush (and starting them
up again)have tried turning off winbind group and user enumhave tried leaving
and joining the domainhave tried

service winbind stop
service stop samba
rm –rf /var/lib/samba
mkdir -p /var/lib/samba/private​
rm –rf /var/cache/samba 
net join ads –S "yourADserver" –U username
service winbind start
service samba start from a stack exchange page.

Don't know where to go next.

Debian Stretch install

Version 4.5.12-Debian
Help.

so I had some time to follow this bunny trailand found that even though all the
other servers had no problems this one continued to.Every so often a new
computer couldn't connect and then it would be all better after a net
leave/net join.
Net join would not work without -S <MyDC> in the command lineWhat I found
out was that most net rpc commands such as net rpc testjoin would also fail
without -S <MyDC> in the command linewhereas they would work find for any
other box.
I also noticed that a tdbtool dump of secrets.tdb was pretty nearly empty
whereas other servers had lots of info.The difference was in the smb.conf line
"name resolve order"

earlier I had taken the advice (the more fool me, I guess) of the man page with
recommends

"name resolve order = wins bcast" in a AD environment.
when I changed it back to 

"name resolve order = lmhosts wins host bcast"

as the other servers had it, suddenly all net rpc functions worked again.
I ran 
net ads changetrustpw -UAdminUserandnet rpc changetrustpw 

and now secrets.tdb is populated 

I think I probably had corrupt winbind files at the outset and those where
cleared up by the above activity, but the results continued to be skewed because
it wasn't using "host" (dns) to look up some of the services. At
least hopefully.



    On Friday, 20 July 2018, 17:01:54 GMT-7, ray klassen via samba <samba at
lists.samba.org> wrote:
 
 about 3 weeks ago there was a power outage where our main file server was not
connected to any dc for some time. (don't know if that's related)
since then winbind will randomly not resolve rfc_2307 users or groups whenever
it feels like it.

have tried
shutting down nmbd,smbd.winbind and running net cache flush (and starting them
up again)have tried turning off winbind group and user enumhave tried leaving
and joining the domainhave tried

service winbind stop
service stop samba
rm –rf /var/lib/samba
mkdir -p /var/lib/samba/private​
rm –rf /var/cache/samba 
net join ads –S "yourADserver" –U username
service winbind start
service samba start from a stack exchange page.

Don't know where to go next.

Debian Stretch install

Version 4.5.12-Debian
Help.
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

On Fri, 27 Jul 2018 21:25:04 +0000 (UTC)
ray klassen via samba <samba at lists.samba.org> wrote:
>  so I had some time to follow this bunny trailand found that even
> though all the other servers had no problems this one continued
> to.Every so often a new computer couldn't connect and then it would
> be all better after a net leave/net join. Net join would not work
> without -S <MyDC> in the command lineWhat I found out was that most
> net rpc commands such as net rpc testjoin would also fail without -S
> <MyDC> in the command linewhereas they would work find for any other
> box. I also noticed that a tdbtool dump of secrets.tdb was pretty
> nearly empty whereas other servers had lots of info.The difference
> was in the smb.conf line "name resolve order" 
> 
> earlier I had taken the advice (the more fool me, I guess) of the man
> page with recommends 
> 
> "name resolve order = wins bcast" in a AD environment.
> when I changed it back to 
> 
> "name resolve order = lmhosts wins host bcast"
> 
I think you should look at your dns ;-)

I doubt whether you have a lmhosts file on the Samba server, so if you
remove that, the line becomes 'wins host bcast' and the only
difference between that and what you had, is 'host'.

Rowland