samba - Jan 2026 - wbinfo only lists one DC and idmap troubles

On Sun, 11 Jan 2026 11:57:00 +0100
Andrea Venturoli via samba <samba at lists.samba.org> wrote:
> Hello.
> 
> Two questions...
> 
> 
> 
> 
> 
> I've got an AD domain with two Samba DCs.
> 
> > # host -t SRV _ldap._tcp.local.xxxxxxx.it
> > _ldap._tcp.local.xxxxxxx.it has SRV record 0 100 389
> > dc1.local.xxxxxxx.it. _ldap._tcp.local.xxxxxxx.it has SRV record 0
> > 100 389 dc2.local.xxxxxxx.it.
> 
> > # host local.xxxxxxx.it
> > local.xxxxxxx.it has address 192.168.0.3
> > local.xxxxxxx.it has address 192.168.0.4
> 
> Yet on a member:
> > # wbinfo --dc-info local.xxxxxxx.it
> > dc1.local.xxxxxxx.it (192.168.0.3)
> 
> Is this normal?
> 
> 
> 
> 
> 
> The reason I'm asking...
> 
> This morning DC2 was down for maintenance.
> UNIX clients should have worked without troubles (especially
> according to the above wbinfo output); however logins were
> impossible, because UNIX parameters (as shown e.g. by "wbinfo
-i")
> were wrong: home was "/home/XXX/user" instead of
"/home/user" and
> shell was "/bin/false" instead of "/bin/csh".
> As soon as DC2 was up again, everything started working again (in
> spite of wbinfo claiming to use only DC1)!
> Of course "/home/user" and "/bin/csh" is what I have in
both DCs' DBs.
> 
> A client (member) smb.conf:
> > [global]
> >         netbios name=XXXXXXX
> >         security=ADS
> >         workgroup=XXX
> >         realm=local.xxxxxxx.it
> >         winbind refresh tickets = yes
> >         winbind use default domain = yes
> > #        winbind enum users  = yes
> > #        winbind enum groups  = yes
> >         idmap config *:backend = tdb
> >         idmap config *:range = 100000-999999
> >         idmap config XXX:backend = ad
> >         idmap config XXX:range = 500-99999
> >         idmap config XXX:schema_mode = rfc2307
> >         idmap config XXX:unix_nss_info = yes
> 
> Replication seems fine (as per "samba-tool drs showrepl") and 
> "samba-tool dbcheck" finds no error.
> 
> Any test I can do in order to understand what's wrong?
> 
> 
>   bye & Thanks
> 	av.
> 
First thoughts, what is in the /etc/resolv.conf file on the clients ?

Rowland

On 1/11/26 22:14, Rowland Penny via samba wrote:
> First thoughts, what is in the /etc/resolv.conf file on the clients ?
> % cat /etc/resolv.conf 
> # Generated by resolvconf
> search xxx
> nameserver 192.168.0.5
> nameserver 192.168.0.6
These are not the DCs, but are two machines running BIND, which 
"forward" the local.xxxxxxx.it zone to Samba DC (one each).



BTW, today winbind chose the other DC:
> # wbinfo --dc-info local.xxxxxxx.it
> dc2.local.xxxxxxx.it (192.168.0.4) 
  bye & Thanks
	av.