El 2/9/18 a les 01:03, Luca Olivetti via samba ha escrit:> El 1/9/18 a les 03:03, Jamie Jackson via samba ha escrit: >> Hi folks, >> >> Every couple days any one of my project's 10 or so RHEL VMs can't be >> logged >> into with a domain account (active directory integration). Our admin goes >> in with a local account and restarts winbind to fix it. >> >> I'd like to be more proactive and, say, create a cron job to detect a >> problem and then restart winbind. >> >> Does anybody have a recipe for this? If not, do you have any >> suggestions as >> to how I can begin to figure out how to detect the problem? > > I run this cron job every minute. Winbind usually crashes once or twice > a day > > #!/bin/bash > getent group | grep -q 513 && exit 0 > echo "restarting winbind" > systemctl restart winbindI forgot to say that for this script to work you need winbind enum users = yes winbind enum groups = yes in smb.conf and (I think) the backend must be ad with rfc2307 attributes in the schema. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007
On Sun, 2 Sep 2018 10:10:53 +0200 Luca Olivetti via samba <samba at lists.samba.org> wrote:> El 2/9/18 a les 01:03, Luca Olivetti via samba ha escrit: > > El 1/9/18 a les 03:03, Jamie Jackson via samba ha escrit: > >> Hi folks, > >> > >> Every couple days any one of my project's 10 or so RHEL VMs can't > >> be logged > >> into with a domain account (active directory integration). Our > >> admin goes in with a local account and restarts winbind to fix it. > >> > >> I'd like to be more proactive and, say, create a cron job to > >> detect a problem and then restart winbind. > >> > >> Does anybody have a recipe for this? If not, do you have any > >> suggestions as > >> to how I can begin to figure out how to detect the problem? > > > > I run this cron job every minute. Winbind usually crashes once or > > twice a day > > > > #!/bin/bash > > getent group | grep -q 513 && exit 0 > > echo "restarting winbind" > > systemctl restart winbind > > I forgot to say that for this script to work you need > > winbind enum users = yes > winbind enum groups = yes > > > in smb.conf and (I think) the backend must be ad with rfc2307 > attributes in the schema. > > ByeYes, you would have to be using the 'ad' backend to get '513' for Domain Users. Why not just grep for 'Domain Users' ? All of this is just a sticking plaster on the problem, if winbind is crashing on a regular basis, we need to know this and will need level 10 logs, debug info etc. Without this info, it will never get fixed. However, it may have already been fixed in a later version, so if you can upgrade and use a version that isn't experimental (This means, do not try to run a DC on red-hat using MIT) Rowland
El 2/9/18 a les 10:39, Rowland Penny via samba ha escrit:> All of this is just a sticking plaster on the problem, if winbind is > crashing on a regular basis, we need to know this and will need > level 10 logs, debug info etc. Without this info, it will never get > fixed.Meanwhile, I need my server to keep running, so the plaster looks fine. Besides, winbind isn't crashing, just stops resolving some groups/users. I have several domain members and this is the only one that does it, but that's probably because it's our mail server and it is constantly authenticating users and resolving groups.> > However, it may have already been fixed in a later version, so if you > can upgrade and use a version that isn't experimental (This means, do > not try to run a DC on red-hat using MIT)This is a different distro (mageia 6), a different version of samba (4.6.12), not a dc but a domain member and I will stick to what the distro provides. Bye -- Luca Olivetti Wetron Automation Technology http://www.wetron.es/ Tel. +34 93 5883004 (Ext.3010) Fax +34 93 5883007