L.P.H. van Belle
2021-Feb-10 10:17 UTC
[Samba] Long time before user shows up on member server
Something in the DNS resolving is off. Can you run the following script on all the AD-DCs. and the problem Member server. If you anonymize it, keep the setup structure the same. Like netbios name = HOSTNAME_CAPS_OR_NOT or if realm = internal.domain.tld , use INT.REALM.TLD we need exact as it. https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Harald Hannelius > via samba > Verzonden: woensdag 10 februari 2021 9:30 > Aan: Rowland penny; samba at lists.samba.org > Onderwerp: Re: [Samba] Long time before user shows up on member server > > > On Tue, 9 Feb 2021, Harald Hannelius via samba wrote: > > > > On Mon, 8 Feb 2021, Rowland penny via samba wrote: > > > >> On 08/02/2021 12:31, Harald Hannelius via samba wrote: > >>> > >>> I have two Samba-servers acting as ROLE_ACTIVE_DIRECTORY_DC. When > creating > >>> a new user I found out that it takes over 220 seconds before the user > >>> shows up using 'getent' in a member-server. > >>> > >>> Is there a way to speed this up a bit? > >> > >> Just because 'getent' doesn't immediately show a user on a Unix domain > >> member doesn't mean it isn't available, but if you want to speed things > up, > >> run 'net cache flush' before running getent. > > > > Thanks, this helped a bit. The wait time for the user dropped to 116 > seconds. > > This might be just luck, I have to wait for some more samples to drop > in. > > > > No nscd running on the member-server. > > Nope, didn't help. I got one user who appeared without looping and another > that the script waited 299 seconds for it to appear. > > Should I maybe run 'net cache flush' withing the loop, what if I run it > once > a second? > > -- > > Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020 > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Harald Hannelius
2021-Feb-10 11:35 UTC
[Samba] Long time before user shows up on member server
On Wed, 10 Feb 2021, L.P.H. van Belle wrote:> Something in the DNS resolving is off.You seem to be correct. I seem to have the fqdn for the AD-DCs set in the top-level domain.> Can you run the following script on all the AD-DCs. > and the problem Member server. > If you anonymize it, keep the setup structure the same. > Like netbios name = HOSTNAME_CAPS_OR_NOT > or if realm = internal.domain.tld , use INT.REALM.TLD > we need exact as it. > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.shAD DC number1: Collected config --- 2021-02-10-13:27 ----------- Hostname: sad1 DNS Domain: arcada.fi FQDN: sad1.arcada.fi ipaddress: 193.167.33.91 2001:708:170:33::91 ----------- Kerberos SRV _kerberos._tcp.arcada.fi record verified ok, sample output: Server: 2001:708:170:33::91 Address: 2001:708:170:33::91#53 Non-authoritative answer: *** Can't find _kerberos._tcp.arcada.fi: No answer Authoritative answers can be found from: arcada.fi origin = inet-server.arcada.fi mail addr = hostmaster.arcada.fi serial = 2021020800 refresh = 7200 retry = 3600 expire = 2419200 minimum = 86400 Samba is running as an AD DC ----------- Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ----------- This computer is running Debian 10.7 x86_64 ----------- running command : ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 50:6b:8d:b9:dc:72 brd ff:ff:ff:ff:ff:ff inet 193.167.33.91/24 brd 193.167.33.255 scope global ens3 inet6 2001:708:170:33::91/64 scope global inet6 fe80::526b:8dff:feb9:dc72/64 scope link ----------- Checking file: /etc/hosts 127.0.0.1 localhost 193.167.33.91 sad1.arcada.fi sad1 sad1.sad.arcada.fi # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters ----------- Checking file: /etc/resolv.conf search sad.arcada.fi arcada.fi nameserver 2001:708:170:33::91 #nameserver 2001:708:170:33::246 #nameserver 193.167.33.232 #nameserver 193.167.33.246 ----------- Checking file: /etc/krb5.conf [libdefaults] default_realm = SAD.ARCADA.FI dns_lookup_realm = false dns_lookup_kdc = true ----------- Checking file: /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files systemd group: files systemd shadow: files gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ----------- Checking file: /etc/samba/smb.conf # Global parameters [global] #log level = 3 passdb:5 auth:10 winbind:3 #log level = 5 dns forwarder = 2001:708:170:33::232 netbios name = SAD1 realm = SAD.ARCADA.FI server role = active directory domain controller workgroup = SAD idmap_ldb:use rfc2307 = yes logging = syslog syslog = 1 log level = 1 auth_audit:3 auth_json_audit:3 #log level = 3 auth_audit:5 auth_json_audit:5 [netlogon] path = /var/lib/samba/sysvol/sad.arcada.fi/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No ----------- BIND_DLZ not detected in smb.conf ----------- Installed packages: ii acl 2.2.53-4 amd64 access control list - utilities ii attr 1:2.4.48-4 amd64 utilities for manipulating filesystem extended attributes ii krb5-config 2.6 all Configuration files for Kerberos Version 5 ii krb5-locales 1.17-3+deb10u1 all internationalization support for MIT Kerberos ii krb5-user 1.17-3+deb10u1 amd64 basic programs to authenticate using MIT Kerberos ii libacl1:amd64 2.2.53-4 amd64 access control list - shared library ii libattr1:amd64 1:2.4.48-4 amd64 extended attribute handling - shared library ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libkrb5-3:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries ii libkrb5support0:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries - Support library ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 shared library for communication with SMB/CIFS servers ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba winbind client library ii python-pylibacl 0.5.3-2 amd64 module for manipulating POSIX.1e ACLs ii python-pyxattr 0.6.1-1 amd64 module for manipulating filesystem extended attributes ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64 Python bindings for Samba ii samba 2:4.9.5+dfsg-5+deb10u1 amd64 SMB/CIFS file, print, and login server for Unix ii samba-common 2:4.9.5+dfsg-5+deb10u1 all common files used by both the Samba server and client ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64 Samba common files used by both the server and the client ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba Directory Services Database ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba core libraries ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba Virtual FileSystem plugins ii smbclient 2:4.9.5+dfsg-5+deb10u1 amd64 command-line SMB/CIFS clients for Unix ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64 service to resolve user and group information from Windows NT servers ----------- AD DC number2: Collected config --- 2021-02-10-13:31 ----------- Hostname: sad2 DNS Domain: sad.arcada.fi FQDN: sad2.sad.arcada.fi ipaddress: 193.167.33.92 2001:708:170:33::92 ----------- Kerberos SRV _kerberos._tcp.sad.arcada.fi record verified ok, sample output: Server: 2001:708:170:33::91 Address: 2001:708:170:33::91#53 _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad1.sad.arcada.fi. _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad2.sad.arcada.fi. Samba is running as an AD DC ----------- Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ----------- This computer is running Debian 10.7 x86_64 ----------- running command : ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 50:6b:8d:29:93:87 brd ff:ff:ff:ff:ff:ff inet 193.167.33.92/24 brd 193.167.33.255 scope global ens3 inet6 2001:708:170:33::92/64 scope global inet6 fe80::526b:8dff:fe29:9387/64 scope link ----------- Checking file: /etc/hosts 127.0.0.1 localhost 193.167.33.91 sad1.arcada.fi sad1 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters ----------- Checking file: /etc/resolv.conf search sad.arcada.fi arcada.fi nameserver 2001:708:170:33::91 #nameserver 2001:708:170:33::246 #nameserver 193.167.33.232 #nameserver 193.167.33.246 ----------- Checking file: /etc/krb5.conf [libdefaults] dns_lookup_realm = false dns_lookup_kdc = true default_realm = SAD.ARCADA.FI ----------- Checking file: /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files systemd group: files systemd shadow: files gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ----------- Checking file: /etc/samba/smb.conf # Global parameters [global] netbios name = SAD2 realm = SAD.ARCADA.FI server role = active directory domain controller workgroup = SAD logging = syslog syslog = 1 log level = 1 auth_audit:3 auth_json_audit:3 [netlogon] path = /var/lib/samba/sysvol/sad.arcada.fi/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No ----------- BIND_DLZ not detected in smb.conf ----------- Installed packages: ii acl 2.2.53-4 amd64 access control list - utilities ii attr 1:2.4.48-4 amd64 utilities for manipulating filesystem extended attributes ii krb5-config 2.6 all Configuration files for Kerberos Version 5 ii krb5-locales 1.17-3+deb10u1 all internationalization support for MIT Kerberos ii krb5-user 1.17-3+deb10u1 amd64 basic programs to authenticate using MIT Kerberos ii libacl1:amd64 2.2.53-4 amd64 access control list - shared library ii libattr1:amd64 1:2.4.48-4 amd64 extended attribute handling - shared library ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libkrb5-3:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries ii libkrb5support0:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries - Support library ii libnss-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba nameservice integration plugins ii libpam-krb5:amd64 4.8-2+deb10u1 amd64 PAM module for MIT Kerberos ii libpam-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Windows domain authentication integration plugin ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba winbind client library ii python-pylibacl 0.5.3-2 amd64 module for manipulating POSIX.1e ACLs ii python-pyxattr 0.6.1-1 amd64 module for manipulating filesystem extended attributes ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64 Python bindings for Samba ii samba 2:4.9.5+dfsg-5+deb10u1 amd64 SMB/CIFS file, print, and login server for Unix ii samba-common 2:4.9.5+dfsg-5+deb10u1 all common files used by both the Samba server and client ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64 Samba common files used by both the server and the client ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba Directory Services Database ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba core libraries ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba Virtual FileSystem plugins ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64 service to resolve user and group information from Windows NT servers ----------- Member server: Collected config --- 2021-02-10-13:32 ----------- Hostname: domus DNS Domain: sad.arcada.fi FQDN: domus.sad.arcada.fi ipaddress: 193.167.33.3 2001:708:170:33::3 ----------- Kerberos SRV _kerberos._tcp.sad.arcada.fi record verified ok, sample output: Server: 2001:708:170:33::232 Address: 2001:708:170:33::232#53 Non-authoritative answer: _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad2.sad.arcada.fi. _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad1.sad.arcada.fi. Authoritative answers can be found from: sad.arcada.fi nameserver = sad2.sad.arcada.fi. sad.arcada.fi nameserver = sad1.sad.arcada.fi. sad2.sad.arcada.fi has AAAA address 2001:708:170:33::92 sad1.sad.arcada.fi internet address = 193.167.33.91 sad2.sad.arcada.fi internet address = 193.167.33.92 Samba is running as a Unix domain member ----------- Checking file: /etc/os-release PRETTY_NAME="Debian GNU/Linux 10 (buster)" NAME="Debian GNU/Linux" VERSION_ID="10" VERSION="10 (buster)" VERSION_CODENAME=buster ID=debian HOME_URL="https://www.debian.org/" SUPPORT_URL="https://www.debian.org/support" BUG_REPORT_URL="https://bugs.debian.org/" ----------- This computer is running Debian 10.7 x86_64 ----------- running command : ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 50:6b:8d:c9:4f:64 brd ff:ff:ff:ff:ff:ff inet 193.167.33.3/24 brd 193.167.33.255 scope global ens3 inet6 2001:708:170:33::3/64 scope global inet6 fe80::526b:8dff:fec9:4f64/64 scope link ----------- Checking file: /etc/hosts 127.0.0.1 localhost 193.167.33.91 sad1.arcada.fi sad1 193.167.33.3 domus.sad.arcada.fi domus 2001:708:170:33:3 domus.sad.arcada.fi domus # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback ff02::1 ip6-allnodes ff02::2 ip6-allrouters ----------- Checking file: /etc/resolv.conf domain sad.arcada.fi search sad.arcada.fi arcada.fi nameserver 2001:708:170:33::232 nameserver 2001:708:170:33::246 nameserver 193.167.33.232 nameserver 193.167.33.246 ----------- Checking file: /etc/krb5.conf [libdefaults] default_realm = SAD.ARCADA.FI dns_lookup_realm = false dns_lookup_kdc = true ----------- Checking file: /etc/nsswitch.conf # /etc/nsswitch.conf # # Example configuration of GNU Name Service Switch functionality. # If you have the `glibc-doc-reference' and `info' packages installed, try: # `info libc "Name Service Switch"' for information about this file. passwd: files winbind group: files winbind shadow: files gshadow: files hosts: files dns networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis ----------- Checking file: /etc/samba/smb.conf [global] log level = 0 log file = /var/log/samba/log.%m utmp = yes workgroup = SAD security = ADS realm = SAD.ARCADA.FI winbind refresh tickets = Yes vfs objects = acl_xattr map acl inherit = Yes store dos attributes = Yes dedicated keytab file = /etc/krb5.keytab kerberos method = secrets and keytab winbind use default domain = yes # getent passwd, works without. Remove in prod winbind enum users = yes winbind enum groups = yes # To disable printers completely load printers = no printing = bsd printcap name = /dev/null disable spoolss = yes # Default ID mapping configuration for local BUILTIN accounts # and groups on a domain member. The default (*) domain: # - must not overlap with any domain ID mapping configuration! # - must use a read-write-enabled back end, such as tdb. idmap config * : backend = tdb #idmap config * : range = 3000-7999 idmap config * : range = 5000000-9000000 # - You must set a DOMAIN backend configuration # idmap config for the SAD domain idmap config SAD:backend = ad idmap config SAD:schema_mode = rfc2307 #idmap config SAD:range = 10000-999999 idmap config SAD:range = 500-4000000 idmap config SAD:unix_nss_info = yes # To use the primary group from getent passwd/ gidNumber on AD LDAP: idmap config SAD:unix_primary_group = yes username map = /etc/samba/user.map [homes] comment = Home Directories invalid users = root altiuser browseable = no read only = no create mode = 0604 directory mode = 0705 force directory mode = 0705 guest ok = no ----------- Running as Unix domain member and user.map detected. Contents of /etc/samba/user.map !root = SAD\Administrator Server Role is set to : auto ----------- Installed packages: ii acl 2.2.53-4 amd64 access control list - utilities ii attr 1:2.4.48-4 amd64 utilities for manipulating filesystem extended attributes ii krb5-config 2.6 all Configuration files for Kerberos Version 5 ii krb5-locales 1.17-3+deb10u1 all internationalization support for MIT Kerberos ii krb5-user 1.17-3+deb10u1 amd64 basic programs to authenticate using MIT Kerberos ii libacl1:amd64 2.2.53-4 amd64 access control list - shared library ii libattr1:amd64 1:2.4.48-4 amd64 extended attribute handling - shared library ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism ii libkrb5-3:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries ii libkrb5support0:amd64 1.17-3+deb10u1 amd64 MIT Kerberos runtime libraries - Support library ii libnss-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba nameservice integration plugins ii libpam-krb5:amd64 4.8-2+deb10u1 amd64 PAM module for MIT Kerberos ii libpam-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Windows domain authentication integration plugin ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba winbind client library ii python-pylibacl 0.5.3-2 amd64 module for manipulating POSIX.1e ACLs ii python-pyxattr 0.6.1-1 amd64 module for manipulating filesystem extended attributes ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64 Python bindings for Samba ii samba 2:4.9.5+dfsg-5+deb10u1 amd64 SMB/CIFS file, print, and login server for Unix ii samba-common 2:4.9.5+dfsg-5+deb10u1 all common files used by both the Samba server and client ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64 Samba common files used by both the server and the client ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba Directory Services Database ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba core libraries ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 Samba Virtual FileSystem plugins ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64 service to resolve user and group information from Windows NT servers -----------> > > Greetz, > > Louis > > >> -----Oorspronkelijk bericht----- >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Harald Hannelius >> via samba >> Verzonden: woensdag 10 februari 2021 9:30 >> Aan: Rowland penny; samba at lists.samba.org >> Onderwerp: Re: [Samba] Long time before user shows up on member server >> >> >> On Tue, 9 Feb 2021, Harald Hannelius via samba wrote: >>> >>> On Mon, 8 Feb 2021, Rowland penny via samba wrote: >>> >>>> On 08/02/2021 12:31, Harald Hannelius via samba wrote: >>>>> >>>>> I have two Samba-servers acting as ROLE_ACTIVE_DIRECTORY_DC. When >> creating >>>>> a new user I found out that it takes over 220 seconds before the user >>>>> shows up using 'getent' in a member-server. >>>>> >>>>> Is there a way to speed this up a bit? >>>> >>>> Just because 'getent' doesn't immediately show a user on a Unix domain >>>> member doesn't mean it isn't available, but if you want to speed things >> up, >>>> run 'net cache flush' before running getent. >>> >>> Thanks, this helped a bit. The wait time for the user dropped to 116 >> seconds. >>> This might be just luck, I have to wait for some more samples to drop >> in. >>> >>> No nscd running on the member-server. >> >> Nope, didn't help. I got one user who appeared without looping and another >> that the script waited 299 seconds for it to appear. >> >> Should I maybe run 'net cache flush' withing the loop, what if I run it >> once >> a second? >> >> -- >> >> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020 >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba > > > >-- Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020
L.P.H. van Belle
2021-Feb-10 13:32 UTC
[Samba] Long time before user shows up on member server
Follow these guidlines (for all servers basicly) Make sure the primary dns is used first, so the one you provisoned samba with. /etc/hosts (DC1) 193.167.33.91 sad1.sad.arcada.fi sad1.arcada.fi sad1 2001:708:170:33::91 sad1.sad.arcada.fi sad1.arcada.fi sad1 /etc/hosts (DC2) 193.167.33.91 sad2.sad.arcada.fi sad2.arcada.fi sad2 2001:708:170:33::92 sad2.sad.arcada.fi sad2.arcada.fi sad2 /etc/resolv.conf nameserver ip_AD-DC1_ITS_OWN_IP nameserver ip_AD-DC2 search primary.dnsdomain.tld dnsdomain.tld that should fix this.> Non-authoritative answer: > *** Can't find _kerberos._tcp.arcada.fi: No answerafter the sync in check of the AD, on DC2 add. /etc/resolv.conf nameserver ip_AD-DC2_ITS_OWN_IP nameserver ip_AD-DC1 search primary.dnsdomain.tld dnsdomain.tld this is a problem.> idmap config SAD:range = 500-4000000Debian system start with unix id from 1000 unless you adjusted the defaults it adviced to use/start, outside the system range (cat /etc/adduser.conf) start with this, after the changes, reboot the DC's. check that again and after it repeat for the member server. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: Harald Hannelius [mailto:harald+samba at arcada.fi] > Verzonden: woensdag 10 februari 2021 12:36 > Aan: L.P.H. van Belle > CC: Harald Hannelius; samba at lists.samba.org > Onderwerp: RE: [Samba] Long time before user shows up on member server > > > On Wed, 10 Feb 2021, L.P.H. van Belle wrote: > > > Something in the DNS resolving is off. > > You seem to be correct. I seem to have the fqdn for the AD-DCs set in the > top-level domain. > > > > > Can you run the following script on all the AD-DCs. > > and the problem Member server. > > If you anonymize it, keep the setup structure the same. > > Like netbios name = HOSTNAME_CAPS_OR_NOT > > or if realm = internal.domain.tld , use INT.REALM.TLD > > we need exact as it. > > > > https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect- > debug-info.sh > > AD DC number1: > > Collected config --- 2021-02-10-13:27 ----------- > > Hostname: sad1 > DNS Domain: arcada.fi > FQDN: sad1.arcada.fi > ipaddress: 193.167.33.91 2001:708:170:33::91 > > ----------- > > Kerberos SRV _kerberos._tcp.arcada.fi record verified ok, sample output: > Server: 2001:708:170:33::91 > Address: 2001:708:170:33::91#53 > > Non-authoritative answer: > *** Can't find _kerberos._tcp.arcada.fi: No answer > > Authoritative answers can be found from: > arcada.fi > origin = inet-server.arcada.fi > mail addr = hostmaster.arcada.fi > serial = 2021020800 > refresh = 7200 > retry = 3600 > expire = 2419200 > minimum = 86400 > Samba is running as an AD DC > > ----------- > Checking file: /etc/os-release > > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > NAME="Debian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=debian > HOME_URL="https://www.debian.org/" > SUPPORT_URL="https://www.debian.org/support" > BUG_REPORT_URL="https://bugs.debian.org/" > > ----------- > > > This computer is running Debian 10.7 x86_64 > > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP group default qlen 1000 > link/ether 50:6b:8d:b9:dc:72 brd ff:ff:ff:ff:ff:ff > inet 193.167.33.91/24 brd 193.167.33.255 scope global ens3 > inet6 2001:708:170:33::91/64 scope global > inet6 fe80::526b:8dff:feb9:dc72/64 scope link > > ----------- > Checking file: /etc/hosts > > 127.0.0.1 localhost > 193.167.33.91 sad1.arcada.fi sad1 sad1.sad.arcada.fi > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > ----------- > > Checking file: /etc/resolv.conf > > search sad.arcada.fi arcada.fi > nameserver 2001:708:170:33::91 > #nameserver 2001:708:170:33::246 > #nameserver 193.167.33.232 > #nameserver 193.167.33.246 > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > default_realm = SAD.ARCADA.FI > dns_lookup_realm = false > dns_lookup_kdc = true > > ----------- > > Checking file: /etc/nsswitch.conf > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, > try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files systemd > group: files systemd > shadow: files > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ----------- > > Checking file: /etc/samba/smb.conf > > # Global parameters > [global] > > #log level = 3 passdb:5 auth:10 winbind:3 > #log level = 5 > dns forwarder = 2001:708:170:33::232 > netbios name = SAD1 > realm = SAD.ARCADA.FI > server role = active directory domain controller > workgroup = SAD > idmap_ldb:use rfc2307 = yes > > logging = syslog > syslog = 1 > log level = 1 auth_audit:3 auth_json_audit:3 > #log level = 3 auth_audit:5 auth_json_audit:5 > > [netlogon] > path = /var/lib/samba/sysvol/sad.arcada.fi/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ----------- > > BIND_DLZ not detected in smb.conf > > ----------- > > Installed packages: > ii acl 2.2.53-4 amd64 > access control list - utilities > ii attr 1:2.4.48-4 amd64 > utilities for manipulating filesystem extended attributes > ii krb5-config 2.6 all > Configuration files for Kerberos Version 5 > ii krb5-locales 1.17-3+deb10u1 all > internationalization support for MIT Kerberos > ii krb5-user 1.17-3+deb10u1 amd64 > basic programs to authenticate using MIT Kerberos > ii libacl1:amd64 2.2.53-4 amd64 > access control list - shared library > ii libattr1:amd64 1:2.4.48-4 amd64 > extended attribute handling - shared library > ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries - krb5 GSS-API Mechanism > ii libkrb5-3:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries > ii libkrb5support0:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries - Support library > ii libsmbclient:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > shared library for communication with SMB/CIFS servers > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba winbind client library > ii python-pylibacl 0.5.3-2 amd64 > module for manipulating POSIX.1e ACLs > ii python-pyxattr 0.6.1-1 amd64 > module for manipulating filesystem extended attributes > ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64 > Python bindings for Samba > ii samba 2:4.9.5+dfsg-5+deb10u1 amd64 > SMB/CIFS file, print, and login server for Unix > ii samba-common 2:4.9.5+dfsg-5+deb10u1 all > common files used by both the Samba server and client > ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba common files used by both the server and the client > ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba Directory Services Database > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba core libraries > ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba Virtual FileSystem plugins > ii smbclient 2:4.9.5+dfsg-5+deb10u1 amd64 > command-line SMB/CIFS clients for Unix > ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64 > service to resolve user and group information from Windows NT servers > > ----------- > > > AD DC number2: > > Collected config --- 2021-02-10-13:31 ----------- > > Hostname: sad2 > DNS Domain: sad.arcada.fi > FQDN: sad2.sad.arcada.fi > ipaddress: 193.167.33.92 2001:708:170:33::92 > > ----------- > > Kerberos SRV _kerberos._tcp.sad.arcada.fi record verified ok, sample > output: > Server: 2001:708:170:33::91 > Address: 2001:708:170:33::91#53 > > _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad1.sad.arcada.fi. > _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad2.sad.arcada.fi. > Samba is running as an AD DC > > ----------- > Checking file: /etc/os-release > > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > NAME="Debian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=debian > HOME_URL="https://www.debian.org/" > SUPPORT_URL="https://www.debian.org/support" > BUG_REPORT_URL="https://bugs.debian.org/" > > ----------- > > > This computer is running Debian 10.7 x86_64 > > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP group default qlen 1000 > link/ether 50:6b:8d:29:93:87 brd ff:ff:ff:ff:ff:ff > inet 193.167.33.92/24 brd 193.167.33.255 scope global ens3 > inet6 2001:708:170:33::92/64 scope global > inet6 fe80::526b:8dff:fe29:9387/64 scope link > > ----------- > Checking file: /etc/hosts > > 127.0.0.1 localhost > 193.167.33.91 sad1.arcada.fi sad1 > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > ----------- > > Checking file: /etc/resolv.conf > > search sad.arcada.fi arcada.fi > nameserver 2001:708:170:33::91 > #nameserver 2001:708:170:33::246 > #nameserver 193.167.33.232 > #nameserver 193.167.33.246 > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > dns_lookup_realm = false > dns_lookup_kdc = true > default_realm = SAD.ARCADA.FI > > ----------- > > Checking file: /etc/nsswitch.conf > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, > try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files systemd > group: files systemd > shadow: files > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ----------- > > Checking file: /etc/samba/smb.conf > > # Global parameters > [global] > netbios name = SAD2 > realm = SAD.ARCADA.FI > server role = active directory domain controller > workgroup = SAD > > logging = syslog > syslog = 1 > log level = 1 auth_audit:3 auth_json_audit:3 > > [netlogon] > path = /var/lib/samba/sysvol/sad.arcada.fi/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ----------- > > BIND_DLZ not detected in smb.conf > > ----------- > > Installed packages: > ii acl 2.2.53-4 amd64 > access control list - utilities > ii attr 1:2.4.48-4 amd64 > utilities for manipulating filesystem extended attributes > ii krb5-config 2.6 all > Configuration files for Kerberos Version 5 > ii krb5-locales 1.17-3+deb10u1 all > internationalization support for MIT Kerberos > ii krb5-user 1.17-3+deb10u1 amd64 > basic programs to authenticate using MIT Kerberos > ii libacl1:amd64 2.2.53-4 amd64 > access control list - shared library > ii libattr1:amd64 1:2.4.48-4 amd64 > extended attribute handling - shared library > ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries - krb5 GSS-API Mechanism > ii libkrb5-3:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries > ii libkrb5support0:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries - Support library > ii libnss-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba nameservice integration plugins > ii libpam-krb5:amd64 4.8-2+deb10u1 amd64 > PAM module for MIT Kerberos > ii libpam-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Windows domain authentication integration plugin > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba winbind client library > ii python-pylibacl 0.5.3-2 amd64 > module for manipulating POSIX.1e ACLs > ii python-pyxattr 0.6.1-1 amd64 > module for manipulating filesystem extended attributes > ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64 > Python bindings for Samba > ii samba 2:4.9.5+dfsg-5+deb10u1 amd64 > SMB/CIFS file, print, and login server for Unix > ii samba-common 2:4.9.5+dfsg-5+deb10u1 all > common files used by both the Samba server and client > ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba common files used by both the server and the client > ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba Directory Services Database > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba core libraries > ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba Virtual FileSystem plugins > ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64 > service to resolve user and group information from Windows NT servers > > ----------- > > > Member server: > > Collected config --- 2021-02-10-13:32 ----------- > > Hostname: domus > DNS Domain: sad.arcada.fi > FQDN: domus.sad.arcada.fi > ipaddress: 193.167.33.3 2001:708:170:33::3 > > ----------- > > Kerberos SRV _kerberos._tcp.sad.arcada.fi record verified ok, sample > output: > Server: 2001:708:170:33::232 > Address: 2001:708:170:33::232#53 > > Non-authoritative answer: > _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad2.sad.arcada.fi. > _kerberos._tcp.sad.arcada.fi service = 0 100 88 sad1.sad.arcada.fi. > > Authoritative answers can be found from: > sad.arcada.fi nameserver = sad2.sad.arcada.fi. > sad.arcada.fi nameserver = sad1.sad.arcada.fi. > sad2.sad.arcada.fi has AAAA address 2001:708:170:33::92 > sad1.sad.arcada.fi internet address = 193.167.33.91 > sad2.sad.arcada.fi internet address = 193.167.33.92 > Samba is running as a Unix domain member > > ----------- > Checking file: /etc/os-release > > PRETTY_NAME="Debian GNU/Linux 10 (buster)" > NAME="Debian GNU/Linux" > VERSION_ID="10" > VERSION="10 (buster)" > VERSION_CODENAME=buster > ID=debian > HOME_URL="https://www.debian.org/" > SUPPORT_URL="https://www.debian.org/support" > BUG_REPORT_URL="https://bugs.debian.org/" > > ----------- > > > This computer is running Debian 10.7 x86_64 > > ----------- > running command : ip a > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > inet6 ::1/128 scope host > 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > UP group default qlen 1000 > link/ether 50:6b:8d:c9:4f:64 brd ff:ff:ff:ff:ff:ff > inet 193.167.33.3/24 brd 193.167.33.255 scope global ens3 > inet6 2001:708:170:33::3/64 scope global > inet6 fe80::526b:8dff:fec9:4f64/64 scope link > > ----------- > Checking file: /etc/hosts > > 127.0.0.1 localhost > 193.167.33.91 sad1.arcada.fi sad1 > 193.167.33.3 domus.sad.arcada.fi domus > 2001:708:170:33:3 domus.sad.arcada.fi domus > > # The following lines are desirable for IPv6 capable hosts > ::1 localhost ip6-localhost ip6-loopback > ff02::1 ip6-allnodes > ff02::2 ip6-allrouters > > ----------- > > Checking file: /etc/resolv.conf > > domain sad.arcada.fi > search sad.arcada.fi arcada.fi > nameserver 2001:708:170:33::232 > nameserver 2001:708:170:33::246 > nameserver 193.167.33.232 > nameserver 193.167.33.246 > > ----------- > > Checking file: /etc/krb5.conf > > [libdefaults] > default_realm = SAD.ARCADA.FI > dns_lookup_realm = false > dns_lookup_kdc = true > > ----------- > > Checking file: /etc/nsswitch.conf > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, > try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files winbind > group: files winbind > shadow: files > gshadow: files > > hosts: files dns > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ----------- > > Checking file: /etc/samba/smb.conf > > [global] > > log level = 0 > log file = /var/log/samba/log.%m > > utmp = yes > > workgroup = SAD > security = ADS > realm = SAD.ARCADA.FI > > winbind refresh tickets = Yes > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > > > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > winbind use default domain = yes > # getent passwd, works without. Remove in prod > winbind enum users = yes > winbind enum groups = yes > # To disable printers completely > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > # Default ID mapping configuration for local BUILTIN accounts > # and groups on a domain member. The default (*) domain: > # - must not overlap with any domain ID mapping configuration! > # - must use a read-write-enabled back end, such as tdb. > idmap config * : backend = tdb > #idmap config * : range = 3000-7999 > idmap config * : range = 5000000-9000000 > # - You must set a DOMAIN backend configuration > # idmap config for the SAD domain > idmap config SAD:backend = ad > idmap config SAD:schema_mode = rfc2307 > #idmap config SAD:range = 10000-999999 > idmap config SAD:range = 500-4000000 > idmap config SAD:unix_nss_info = yes > > # To use the primary group from getent passwd/ gidNumber on AD LDAP: > idmap config SAD:unix_primary_group = yes > > username map = /etc/samba/user.map > > [homes] > comment = Home Directories > invalid users = root altiuser > browseable = no > read only = no > create mode = 0604 > directory mode = 0705 > force directory mode = 0705 > guest ok = no > > ----------- > > Running as Unix domain member and user.map detected. > > Contents of /etc/samba/user.map > > !root = SAD\Administrator > > Server Role is set to : auto > > ----------- > > Installed packages: > ii acl 2.2.53-4 amd64 > access control list - utilities > ii attr 1:2.4.48-4 amd64 > utilities for manipulating filesystem extended attributes > ii krb5-config 2.6 all > Configuration files for Kerberos Version 5 > ii krb5-locales 1.17-3+deb10u1 all > internationalization support for MIT Kerberos > ii krb5-user 1.17-3+deb10u1 amd64 > basic programs to authenticate using MIT Kerberos > ii libacl1:amd64 2.2.53-4 amd64 > access control list - shared library > ii libattr1:amd64 1:2.4.48-4 amd64 > extended attribute handling - shared library > ii libgssapi-krb5-2:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries - krb5 GSS-API Mechanism > ii libkrb5-3:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries > ii libkrb5support0:amd64 1.17-3+deb10u1 amd64 > MIT Kerberos runtime libraries - Support library > ii libnss-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba nameservice integration plugins > ii libpam-krb5:amd64 4.8-2+deb10u1 amd64 > PAM module for MIT Kerberos > ii libpam-winbind:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Windows domain authentication integration plugin > ii libwbclient0:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba winbind client library > ii python-pylibacl 0.5.3-2 amd64 > module for manipulating POSIX.1e ACLs > ii python-pyxattr 0.6.1-1 amd64 > module for manipulating filesystem extended attributes > ii python-samba 2:4.9.5+dfsg-5+deb10u1 amd64 > Python bindings for Samba > ii samba 2:4.9.5+dfsg-5+deb10u1 amd64 > SMB/CIFS file, print, and login server for Unix > ii samba-common 2:4.9.5+dfsg-5+deb10u1 all > common files used by both the Samba server and client > ii samba-common-bin 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba common files used by both the server and the client > ii samba-dsdb-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba Directory Services Database > ii samba-libs:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba core libraries > ii samba-vfs-modules:amd64 2:4.9.5+dfsg-5+deb10u1 amd64 > Samba Virtual FileSystem plugins > ii winbind 2:4.9.5+dfsg-5+deb10u1 amd64 > service to resolve user and group information from Windows NT servers > > ----------- > > > > > > > Greetz, > > > > Louis > > > > > >> -----Oorspronkelijk bericht----- > >> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Harald > Hannelius > >> via samba > >> Verzonden: woensdag 10 februari 2021 9:30 > >> Aan: Rowland penny; samba at lists.samba.org > >> Onderwerp: Re: [Samba] Long time before user shows up on member server > >> > >> > >> On Tue, 9 Feb 2021, Harald Hannelius via samba wrote: > >>> > >>> On Mon, 8 Feb 2021, Rowland penny via samba wrote: > >>> > >>>> On 08/02/2021 12:31, Harald Hannelius via samba wrote: > >>>>> > >>>>> I have two Samba-servers acting as ROLE_ACTIVE_DIRECTORY_DC. When > >> creating > >>>>> a new user I found out that it takes over 220 seconds before the > user > >>>>> shows up using 'getent' in a member-server. > >>>>> > >>>>> Is there a way to speed this up a bit? > >>>> > >>>> Just because 'getent' doesn't immediately show a user on a Unix > domain > >>>> member doesn't mean it isn't available, but if you want to speed > things > >> up, > >>>> run 'net cache flush' before running getent. > >>> > >>> Thanks, this helped a bit. The wait time for the user dropped to 116 > >> seconds. > >>> This might be just luck, I have to wait for some more samples to drop > >> in. > >>> > >>> No nscd running on the member-server. > >> > >> Nope, didn't help. I got one user who appeared without looping and > another > >> that the script waited 299 seconds for it to appear. > >> > >> Should I maybe run 'net cache flush' withing the loop, what if I run it > >> once > >> a second? > >> > >> -- > >> > >> Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020 > >> > >> -- > >> To unsubscribe from this list go to the following URL and read the > >> instructions: https://lists.samba.org/mailman/options/samba > > > > > > > > > > -- > > Harald Hannelius | harald.hannelius/a\arcada.fi | +358 50 594 1020