El 19/05/2021 a las 12:20, Rowland penny via samba
escribi?:> On 19/05/2021 16:11, Marcos Ariel Negrini via samba wrote:
>> Hello:
>> I have installed a Samba4 AD in version 4.13.07,
>
>
> Yes but on which OS ?
samba is installed on centos 8 from the samba.tar.gz and the group
policy management from a windows 10.>
> and what is inyour smb.conf ?
# Global parameters
[global]
??????? bind interfaces only = Yes
??????? dns forwarder = 192.168.10.10
??????? interfaces = lo ens192
??????? netbios name = server01
??????? realm = dominio.prueba
??????? server role = active directory domain controller
??????? workgroup = dominio
??????? idmap_ldb:use rfc2307 = yes
??????? [sysvol]
??????? path = /usr/local/samba/var/locks/sysvol
??????? read only = No
[netlogon]
??????? path = /usr/local/samba/var/locks/sysvol/samba.afip.gob.ar/scripts
??????? read only = No>
>> I have a main controller and two replicas.
>
>
> No, you have three DC's and one of them holds all the FSMO roles.
correct>
>> In general the performance is very good(authentication for example),
>> but I started to detect that sometimes some administration
>> operations(Rsat or Group Policy Management) become very slow. For
>> example opening a gpo from the Group Policy Management interface
>> takes more than a minute. I have been following the samba logs, but I
>> can't find any error. Could you guide me on what to look at or
>> configure to solve this?
>> As information every night I run a dbcheck in two ways (I am not sure
>> if one includes the other, just in case I leave both), "samba-tool
>> dbcheck --reindex --yes --fix" and "samba-tool dbcheck --yes
>> --cross-ncs --fix".
>
>
> This sounds like a possible dns problem, are you using the internal
> dns server or Bind9 ?
internal dns>
>
> if bind9, please post your named.conf files.
We are using the network dns (bind) publishing the srv records that we
understood that it needed to do the AD operations, it copies the records
that we are publishing in that dns, the pc's do not use the Samba AD dns:
$ORIGIN dominio.prueba.
server01??????????????? IN A??? 192.168.12.1
server02 ?????????????? IN A??? 192.168.12.2
server03 ?????????????? IN A??? 192.168.12.3
_ldap._tcp????????????? SRV 0 100 389?? server01
_ldap._tcp????????????? SRV 0 100 389?? server02
_ldap._tcp????????????? SRV 0 100 389?? server03
_gc._tcp??????????????? SRV 0 100 3268? server01
_gc._tcp??????????????? SRV 0 100 3268? server02
_gc._tcp??????????????? SRV 0 100 3268? server03
_kerberos._tcp????????? SRV 0 100 88??? server01
_kerberos._tcp????????? SRV 0 100 88??? server02
_kerberos._tcp????????? SRV 0 100 88??? server03
_kpasswd._tcp?????????? SRV 0 100 464?? server01
_kpasswd._tcp?????????? SRV 0 100 464?? server02
_kpasswd._tcp?????????? SRV 0 100 464?? server03
_kerberos._udp????????? SRV 0 100 88??? server01
_kerberos._udp????????? SRV 0 100 88??? server02
_kerberos._udp????????? SRV 0 100 88??? server03
_kpasswd._udp?????????? SRV 0 100 464?? server01
_kpasswd._udp?????????? SRV 0 100 464?? server02
_kpasswd._udp?????????? SRV 0 100 464?? server03
_ldap._tcp.dc._msdcs??? SRV 0 100 389?? server01
_ldap._tcp.dc._msdcs??? SRV 0 100 389?? server02
_ldap._tcp.dc._msdcs??? SRV 0 100 389?? server03
maybe we are missing some srv records
regards
--
Marcos Ariel Negrini
AFIP - Divisi?n Seguridad de Activos
Direcci?n de Seguridad de la Informaci?n
Paseo Colon 635 PB - CP 1063 - CABA