Hello Team Samba I have a Debian Samba AD DC 4.13.13 and a Debian Domain member Everything was working fine then one day my Linux ID?s changed from UID 10000 GID 11001 to UID 3000017 and GID 100. After a little fiddling with the AD DC and Domain Memeber everything returned to normal so I tidy up the configs and reboot both machines. After the restart nothing was working and my smb.conf on the AD DC was missing a section. I rebuilt what I thought was correct I now have the AD DC responding normally locally but my Debian Domain member reports DC1 offline but lists users correctly with wbinfo -u but without the domain wbinfo -g responds with nothing [global] bind interfaces only = Yes dns forwarder = 210.55.111.1 interfaces = lo enp63s0 127.0.0.1 192.168.50.0/24 dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool netbios name = DC1 realm = SAND.PEGASUSNZ.COM server role = active directory domain controller #wins support = yes workgroup = SAND apply group policies = yes template shell = /bin/bash #idmap_ldb:use rfc2307 = yes winbind enum users = yes winbind enum groups = yes #vfs objects = dfs_samba4 acl_xattr recycle log level = 1 That is my rebuilt from memory smb.conf It is a very small forest as it is my testing server So I have manually checked SIDs and queried most details I can login using Pam credentials SAND\username to AD DC in Linux shell Callum MacEwan https://callum.pegasusnz.com
On 28/11/2022 21:07, Callum MacEwan via samba wrote:> Hello Team Samba > > I have a Debian Samba AD DC 4.13.13 and a Debian Domain member > Everything was working fine then one day my Linux ID?s changed from UID 10000 GID 11001 to UID 3000017 and GID 100.Are we talking about the DC here ? Have you added uidNumber & gidNumber attributes to AD ? If you have, uncomment (remove the '#') from '#idmap_ldb:use rfc2307 = yes', restart Samba and run 'net cache flush'> After a little fiddling with the AD DC and Domain Memeber everything returned to normal so I tidy up the configs and reboot both machines. > > After the restart nothing was working and my smb.conf on the AD DC was missing a section. I rebuilt what I thought was correct > > I now have the AD DC responding normally locally but my Debian Domain member reports DC1 offline but lists users correctly with wbinfo -u but without the domain wbinfo -g responds with nothing >Do you have only one DC ? It is better if you have at least two and backup the domain with samba-tool. Have you run 'net ads testjoin' on the Unix domain member ? Rowland