Dear all,
I have a problem with our samba installation and really need your input
since I'm running out of ideas.
Short story:
UidNumbers on a DC have a strange behaviour
Longer Story:
1) Self compiled samba ad-dc now on V4.8.5 (recently and painlessly
upgraded from 4.6.14) +bind9 +dhcp on debian stretch mostly managed through
RSAT
2) 2 DC's + 3 linux (debian/ubuntu) +20ish win10 clients configured
according to (a hopefully correct) extensive reading of the wiki
3) One of the DC's is a file server (yeah... I know...; working on solving
this soon and actually this is why I noticed this issue)
4) The issue:
4a) On DC1: wbinfo --user-info=cmachado
EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
4b) on DC2: wbinfo --user-info=cmachado
EUROHIDRA\cmachado:*:10014:10001::/home/EUROHIDRA/cmachado:/bin/false
4c) On DC1: wbinfo --uid-info=10014
EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
4d) On DC1: wbinfo --uid-info=3000154
EUROHIDRA\cmachado:*:3000154:10001::/home/EUROHIDRA/cmachado:/bin/false
4e) on RSAT Uidnumber: 10014
5) Now, if I do a net cache flush on DC1, I get: wbinfo
--user-info=cmachado
EUROHIDRA\cmachado:*:10014:10001::/home/EUROHIDRA/cmachado:/bin/false
5a) After a samba restart, the "odd" Uidnumbers" return
6) This happens only for 3 (out of 20ish) users
7)On DC1: ldbsearch -H /usr/local/samba/private/sam.ldb
'(&(objectclass=user)(samaccountname=cmachado))'
# record 1
dn: CN=Cristina Machado,CN=Users,DC=eurohidra,DC=local
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: Cristina Machado
sn: Machado
givenName: Cristina
instanceType: 4
whenCreated: 20180112122221.0Z
displayName: Cristina Machado
uSNCreated: 498356
name: Cristina Machado
objectGUID: a5082771-0b7e-4f54-9083-1db1d731bb5f
userAccountControl: 66048
codePage: 0
countryCode: 0
pwdLastSet: 131602333415267730
primaryGroupID: 513
objectSid: S-1-5-21-2578023650-2965493730-3822412211-1605
accountExpires: 9223372036854775807
sAMAccountName: Cmachado
sAMAccountType: 805306368
userPrincipalName: Cmachado at eurohidra.local
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=eurohidra,DC=local
memberOf: CN=geral,CN=Users,DC=eurohidra,DC=local
memberOf: CN=tecnico,CN=Users,DC=eurohidra,DC=local
uidNumber: 10014
lastLogonTimestamp: 131822529122437820
whenChanged: 20180927144131.0Z
uSNChanged: 886823
msDS-SupportedEncryptionTypes: 0
lastLogon: 131830228531838880
logonCount: 804
distinguishedName: CN=Cristina Machado,CN=Users,DC=eurohidra,DC=local
# Referral
ref: ldap://eurohidra.local/CN=Configuration,DC=eurohidra,DC=local
# Referral
ref: ldap://eurohidra.local/DC=DomainDnsZones,DC=eurohidra,DC=local
# Referral
ref: ldap://eurohidra.local/DC=ForestDnsZones,DC=eurohidra,DC=local
# returned 4 records
# 1 entries
# 3 referrals
9) relevant smb.conf on DC1
[global]
realm = EUROHIDRA.LOCAL
workgroup = EUROHIDRA
netbios name = EHSERVER
interfaces = lo br0
bind interfaces only = Yes
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
log level = 2
log file = /var/log/samba/samba.log
username map = /usr/local/samba/etc/user.map
services -dns
use sendfile =yes
server signing = No
write cache size = 2097152
min receivefile size = 16384
getwd cache = yes
read raw = Yes
write raw = Yes
strict locking = No
server min protocol = SMB2
passwd program = /usr/bin/passwd %u
time server =yes
unix password sync = yes
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = Yes
winbind use default domain = yes
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
10) and on DC2
[global]
realm = EUROHIDRA.LOCAL
workgroup = EUROHIDRA
netbios name = EHSECONDARY
server role = active directory domain controller
interfaces = lo br0
bind interfaces only = Yes
idmap_ldb:use rfc2307 = yes
log level = 2
log file = /var/log/samba/samba.log
server services = -dns
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
11) Any clues/advices that don't envolve "delete users and
recreate"?. I
can't find anything relevant in the logs but feel free to ask for them or
any other configuration files of course
12) Thanks in advance for any help
Best Regards,
Carlos Jesus