On 28/12/2020 13:43, mj via samba wrote:> Hi Rowland,
>
> On 12/28/20 12:49 PM, Rowland penny via samba wrote:
>>> (I run a script on the member server that verifies the existance of
>>> our AD groups using "getent group")
>> But then again 'getent group' (without a specific group)
shouldn't
>> work because you shouldn't have the 'winbind enum' lines in
a
>> production Unix domain member smb.conf
>
> We have set:
> winbind enum users? = yes
> winbind enum groups = yes
>
> I could turn it off, but I don't think it's related the this issue,
do
> you..?
Probably not, but you do not need them and they can slow things down,
didn't Sernet tell you this ?>
>>> Curious if everybody here can actually reboot their DCs (or stop
>>> samba on them) without any consequence on their domain member
servers?
>> Yes, I can.
> Interesting.
I can turn a DC off and my Unix domain members do not notice. I should
also mention that I never reboot my DC's or restart Samba unless I have
to.>
>>> We have three DCs, no problems between them, they have recently
been
>>> examined by sernet with basically no remarks. The DCs run 4.12.8
>>> sernet, and the domain member server is still on 4.10.18. (yes, we
>>> will upgrade that soon)
>>
>> Well if Sernet cannot find anything wrong (unless they only gave them
>> a cursory glance), then there shouldn't be anything wrong, quite a
>> few of the Samba team work there ?
> Yes, I think they took a good look, to solve replication isues we were
> having for two specific DNs, a month or two ago. (other than that,
> these DCs have been running rock-solid for a couple of years)
>
> MJ
>
The problem is, whilst I understand that some users have the problem you
are having, I cannot recreate it in my domain and as I cannot recreate
the problem, I cannot attempt to find the cause ?
Rowland