samba - Apr 2022 - AD Member setup broken after samba upgrade

On Tue, 2022-04-05 at 15:06 +0200, Thibault Roulet via samba
wrote:
> Hi,
> 
> It's not working either.
You have a few lines in your smb.conf that I would remove:

     password server = AD1.DOMAIN.MYDOMAIN.ORG

You should let Samba find the best DC to use.

     server min protocol = SMB2

That is the default.

     username map script = /bin/echo

No idea why you have that.

     wins server = 123.123.1.2

AD does not use wins.

     idmap config DOMAIN:unix_primary_group = no
     idmap config DOMAIN:unix_nss_info = no

They are the defaults.

Finally, is this a typo ?:

     idmap config INTRANET:schema_mode = rfc2307

Did you restart Samba or reload the config after adding the line Louis
suggested. If the latter did you run 'net cache flush' ?

Rowland

Hi,

Okay this is pretty weird, it looks fine with the changes you proposed 
in your last mail. Even if I'm pretty sure I tried all possible 
combinations!
The joy of trying 1000 conf and never falling on the good one \o/

Just to answer your propositions:
>       password server = AD1.DOMAIN.MYDOMAIN.ORG
>
> You should let Samba find the best DC to use.
Tried to force it after reading it in a (bad?) doc where they said it 
could be a problem
>       username map script = /bin/echo
>
> No idea why you have that.
That was a weird fix I found after an issue a few years
ago.
> Finally, is this a typo ?:
>
>       idmap config INTRANET:schema_mode = rfc2307
yep sorry, had many anonymizing procedures on my conf files before 
posting it.
> Did you restart Samba or reload the config after adding the line Louis
> suggested. If the latter did you run 'net cache flush' ?
I finally made a script which
- stop {smbd,winbind,nscd}
- net cache flush
- nscd -i {hosts,passwd}
- delete *.tdb files in /var/lib/samba and re-insert machine in AD
- start {smbd,winbind,nscd}
- smbcontrol all reload-config

Many thanks for your help !

Thibault