Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] AD Group lost from Winbind
613 views
Skip to first unread message
Oliver Werner
Feb 12, 2016, 3:00:04 AM2/12/16
to
Hello,
the last two days i have problems with my AD group which is defined in share setting valid users
Winbind looks to lost mapping of this group and so no user can connect to this share anymore.
When restart winbind service mapping works again until mapping lost again.
ls -lsa shows me in issue this:
2 4 drwxr-x--- 63 root 12001 4096 Feb 4 23:42 Share
After restarting winbind:
2 4 drwxr-x--- 63 root group_intern 4096 Feb 4 23:42 Share
My smb.conf looks like
[global]
netbios name = MEMBER1
security = ADS
workgroup = HQ
realm = hq.internal
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 300
idmap config *:backend = tdb
idmap config *:range = 500-9999
# idmap config for domain HQ
idmap config HQ:backend = ad
idmap config HQ:schema_mode = rfc2307
idmap config HQ:range = 10000-99999
# Use settings from AD for login shell and home directory
winbind nss info = rfc2307
[Share]
path = /data/share
browseable = yes
writeable = yes
force group = Group_Intern
valid users = @Group_Intern
create mask = 0660
directory mask = 0770
#oplocks = 0
vfs objects = full_audit recycle
full_audit:prefix = %u
full_audit:success = mkdir rename rmdir unlink pwrite
full_audit:failure = none
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
recycle:versions = yes
recycle:exclude = .*, ~*
Anyone has an idea for this problem?
Regards
Oliver
the last two days i have problems with my AD group which is defined in share setting valid users
Winbind looks to lost mapping of this group and so no user can connect to this share anymore.
When restart winbind service mapping works again until mapping lost again.
ls -lsa shows me in issue this:
2 4 drwxr-x--- 63 root 12001 4096 Feb 4 23:42 Share
After restarting winbind:
2 4 drwxr-x--- 63 root group_intern 4096 Feb 4 23:42 Share
My smb.conf looks like
[global]
netbios name = MEMBER1
security = ADS
workgroup = HQ
realm = hq.internal
log file = /var/log/samba/%m.log
log level = 1
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind cache time = 300
idmap config *:backend = tdb
idmap config *:range = 500-9999
# idmap config for domain HQ
idmap config HQ:backend = ad
idmap config HQ:schema_mode = rfc2307
idmap config HQ:range = 10000-99999
# Use settings from AD for login shell and home directory
winbind nss info = rfc2307
[Share]
path = /data/share
browseable = yes
writeable = yes
force group = Group_Intern
valid users = @Group_Intern
create mask = 0660
directory mask = 0770
#oplocks = 0
vfs objects = full_audit recycle
full_audit:prefix = %u
full_audit:success = mkdir rename rmdir unlink pwrite
full_audit:failure = none
full_audit:facility = LOCAL5
full_audit:priority = NOTICE
recycle:versions = yes
recycle:exclude = .*, ~*
Anyone has an idea for this problem?
Regards
Oliver
Oliver Werner
Feb 12, 2016, 3:10:03 AM2/12/16
to
my os is debian 8.3
win bind and samba are in version 4.1.17
> Am 12.02.2016 um 08:58 schrieb L.P.H. van Belle <be...@bazuin.nl>:
>
> Ok, same problem as im having..
>
> What is your os running?
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-...@lists.samba.org] Namens Oliver Werner
>> Verzonden: vrijdag 12 februari 2016 8:56
>> Aan: sa...@lists.samba.org
>> Onderwerp: [Samba] AD Group lost from Winbind
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
win bind and samba are in version 4.1.17
> Am 12.02.2016 um 08:58 schrieb L.P.H. van Belle <be...@bazuin.nl>:
>
> Ok, same problem as im having..
>
> What is your os running?
>
>
>> -----Oorspronkelijk bericht-----
>> Van: samba [mailto:samba-...@lists.samba.org] Namens Oliver Werner
>> Verzonden: vrijdag 12 februari 2016 8:56
>> Aan: sa...@lists.samba.org
>> Onderwerp: [Samba] AD Group lost from Winbind
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
Feb 12, 2016, 3:10:03 AM2/12/16
to
Ok, same problem as im having..
What is your os running?
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Oliver Werner
> Verzonden: vrijdag 12 februari 2016 8:56
> Aan: sa...@lists.samba.org
> Onderwerp: [Samba] AD Group lost from Winbind
>
What is your os running?
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Oliver Werner
> Verzonden: vrijdag 12 februari 2016 8:56
> Aan: sa...@lists.samba.org
> Onderwerp: [Samba] AD Group lost from Winbind
>
L.P.H. van Belle
Feb 12, 2016, 3:30:04 AM2/12/16
to
Ok, im having this :
DC's
Debian Wheezy 7.9, sernet samba 4.2.8
Member servers.
Debian Jessie samba 4.1.17 ( fileserver )
Debian Jessie samba 4.2.7 ( print server )
This one isnt updated yet with latest updates.
The following packages have been kept back:
samba sernet-samba sernet-samba-client sernet-samba-common sernet-samba-libs sernet-samba-libsmbclient0 sernet-samba-winbind
The following packages will be upgraded:
krb5-locales krb5-user libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libkrb5-3 libkrb5support0 libtiff5
on this one all id's are still correct.
Thanks, Daniel Müller, for your addition..
This is really a big problem.. what happend her in the samba code?
I've looked at the change log, but cant seen any related to this.
So if anyone DEVS ? know what happend here in the samba code.
As far as i now know i have to.
Re-assign all my uid / gids on all users / groups, with other id's, omg wat a hell...
And fix all idmaps on all servers.. pff. ... really no other fix ?
There goes my weekend...
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
> Verzonden: vrijdag 12 februari 2016 9:06
> Aan: L.P.H. van Belle
> CC: sa...@lists.samba.org
> Onderwerp: Re: [Samba] AD Group lost from Winbind
DC's
Debian Wheezy 7.9, sernet samba 4.2.8
Member servers.
Debian Jessie samba 4.1.17 ( fileserver )
Debian Jessie samba 4.2.7 ( print server )
This one isnt updated yet with latest updates.
The following packages have been kept back:
samba sernet-samba sernet-samba-client sernet-samba-common sernet-samba-libs sernet-samba-libsmbclient0 sernet-samba-winbind
The following packages will be upgraded:
krb5-locales krb5-user libgssapi-krb5-2 libgssrpc4 libk5crypto3 libkadm5clnt-mit9 libkadm5srv-mit9 libkdb5-7 libkrb5-3 libkrb5support0 libtiff5
on this one all id's are still correct.
Thanks, Daniel Müller, for your addition..
This is really a big problem.. what happend her in the samba code?
I've looked at the change log, but cant seen any related to this.
So if anyone DEVS ? know what happend here in the samba code.
As far as i now know i have to.
Re-assign all my uid / gids on all users / groups, with other id's, omg wat a hell...
And fix all idmaps on all servers.. pff. ... really no other fix ?
There goes my weekend...
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
> Verzonden: vrijdag 12 februari 2016 9:06
> Aan: L.P.H. van Belle
> CC: sa...@lists.samba.org
> Onderwerp: Re: [Samba] AD Group lost from Winbind
L.P.H. van Belle
Feb 12, 2016, 3:40:04 AM2/12/16
to
Ok, possible solution.
TEST DC1. Wrong
id admin
uid=10000(admin) gid=10000(domain users) groups=10000(domain users), 3000008(domain admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
TEST DC2. Correct.
id admin
uid=10000(DOMAIN\admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users),10001(DOMAIN \Domain Admins)
and , after config change DC1.
id admin
uid=10000(DOMAIN \admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users), 10001(DOMAIN \Domain Admins)
Pfeww.. my weekend is saved.. :-)
The fix for me :
I only changed this on the DC's
# server services = -dns
server services = -dns -winbindd +winbind
so its something in the winbindd code.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens L.P.H. van Belle
> Verzonden: vrijdag 12 februari 2016 9:21
> Aan: sa...@lists.samba.org
TEST DC1. Wrong
id admin
uid=10000(admin) gid=10000(domain users) groups=10000(domain users), 3000008(domain admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
TEST DC2. Correct.
id admin
uid=10000(DOMAIN\admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users),10001(DOMAIN \Domain Admins)
and , after config change DC1.
id admin
uid=10000(DOMAIN \admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users), 10001(DOMAIN \Domain Admins)
Pfeww.. my weekend is saved.. :-)
The fix for me :
I only changed this on the DC's
# server services = -dns
server services = -dns -winbindd +winbind
so its something in the winbindd code.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens L.P.H. van Belle
> Verzonden: vrijdag 12 februari 2016 9:21
> Aan: sa...@lists.samba.org
> Onderwerp: Re: [Samba] AD Group lost from Winbind
>
>
L.P.H. van Belle
Feb 12, 2016, 3:50:03 AM2/12/16
to
In addition to the previous message
We lose this setting. ( on the DC ) !!!
winbind use default domain = yes
This was working on the DC with winbindd but now its not working anymore with winbind.
( DC )
getent passwd user1
DOMAIN\user1:*:10001:10000:Test user:/home/users/user1:/bin/bash
( Member )
getent passwd user1
user1:*:10001:10000: Test user:/home/users/user1:/bin/bash
so we are not complete back.. at least it better now..
If you running on 1 server only, you do need to recheck all rights.
If you setup with separated DCs and file servers,
Then you have less problems, this still works as before.
Last test :
getent group "domain users"
and this confirms for me again problems in the winbindd code.
Greetz,
Louis
We lose this setting. ( on the DC ) !!!
winbind use default domain = yes
( DC )
getent passwd user1
DOMAIN\user1:*:10001:10000:Test user:/home/users/user1:/bin/bash
( Member )
getent passwd user1
user1:*:10001:10000: Test user:/home/users/user1:/bin/bash
so we are not complete back.. at least it better now..
If you running on 1 server only, you do need to recheck all rights.
If you setup with separated DCs and file servers,
Then you have less problems, this still works as before.
Last test :
getent group "domain users"
and this confirms for me again problems in the winbindd code.
Greetz,
Louis
Rowland penny
Feb 12, 2016, 4:00:04 AM2/12/16
to
a DC to work :-)
Lets see if I understand the situation correctly.
Users & groups have been given a uidNumber or gidNumber attribute.
You are now getting different results on different DCs.
You used to get the same results and all that has changed is the version
of Samba.
If the above is correct, I think you need to log a bug report, it might
help if you can supply a level 10 log from asking for 'getent group
Domain\ Users' on both DCs
Rowland
Rowland penny
Feb 12, 2016, 4:10:03 AM2/12/16
to
On 12/02/16 08:36, L.P.H. van Belle wrote:
> Ok, possible solution.
>
> TEST DC1. Wrong
> id admin
> uid=10000(admin) gid=10000(domain users) groups=10000(domain users), 3000008(domain admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
>
>
> TEST DC2. Correct.
> id admin
> uid=10000(DOMAIN\admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users),10001(DOMAIN \Domain Admins)
>
>
> and , after config change DC1.
>
> id admin
> uid=10000(DOMAIN \admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users), 10001(DOMAIN \Domain Admins)
>
> Pfeww.. my weekend is saved.. :-)
>
> The fix for me :
>
> I only changed this on the DC's
>
> # server services = -dns
> server services = -dns -winbindd +winbind
>
> so its something in the winbindd code.
Possibly, but then again it could be something in the code that links
> Ok, possible solution.
>
> TEST DC1. Wrong
> id admin
> uid=10000(admin) gid=10000(domain users) groups=10000(domain users), 3000008(domain admins),3000005(denied rodc password replication group),3000009(BUILTIN\users),3000000(BUILTIN\administrators)
>
>
> TEST DC2. Correct.
> id admin
> uid=10000(DOMAIN\admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users),10001(DOMAIN \Domain Admins)
>
>
> and , after config change DC1.
>
> id admin
> uid=10000(DOMAIN \admin) gid=10000(DOMAIN \Domain Users) groups=10000(DOMAIN \Domain Users), 10001(DOMAIN \Domain Admins)
>
> Pfeww.. my weekend is saved.. :-)
>
> The fix for me :
>
> I only changed this on the DC's
>
> # server services = -dns
> server services = -dns -winbindd +winbind
>
> so its something in the winbindd code.
winbindd to samba :-)
I wouldn't rely on 'winbind', it could (and probably will) be removed at
any time.
What is supposed to work with 'winbindd' is that uidNumbers & gidNumbers
will be used instead of xidNumbers, anything else you had working was a
bonus (and something that never worked for me). If, with 4.3.x, only
xidNumbers are being used, then this is very probably a bug.
Rowland
>
>
>
> Greetz,
>
> Louis
L.P.H. van Belle
Feb 12, 2016, 4:30:04 AM2/12/16
to
Thats strange, my members dont show this the problem, only my DC's
Can you post your smb.conf of the DC and one of your member servers.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
> Verzonden: vrijdag 12 februari 2016 10:16
Can you post your smb.conf of the DC and one of your member servers.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
> Aan: L.P.H. van Belle
> CC: sa...@lists.samba.org
> Onderwerp: Re: [Samba] AD Group lost from Winbind
>
> In my Situation i don?t use DCs for Shares (only for sysvol)
> CC: sa...@lists.samba.org
> Onderwerp: Re: [Samba] AD Group lost from Winbind
>
L.P.H. van Belle
Feb 12, 2016, 4:30:04 AM2/12/16
to
Yeah.. but why this sudden change in winbindd code..
Its not in the change logs, or did i miss something.
> Well, I did say that I could never get the lines you add to smb.conf on
> a DC to work :-)
>
> Lets see if I understand the situation correctly.
>
> Users & groups have been given a uidNumber or gidNumber attribute.
>
> You are now getting different results on different DCs.
> You used to get the same results and all that has changed is the version
> of Samba.
>
> If the above is correct, I think you need to log a bug report, it might
> help if you can supply a level 10 log from asking for 'getent group
> Domain\ Users' on both DCs
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Oliver Werner
Feb 12, 2016, 5:00:04 AM2/12/16
to
This is DC:
# Global parameters
[global]
workgroup = HQ
realm = HQ.INTERNAL
netbios name = DC1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
interfaces=eth0
bind interfaces only=yes
tls enabled = yes
tls keyfile = /var/lib/samba/private/tls/key.pem
tls certfile = /var/lib/samba/private/tls/cert.pem
tls cafile = /var/lib/samba/private/tls/ca.pem
[netlogon]
path = /var/lib/samba/sysvol/hq.kontrast/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
member config was shown in my first e-mail
# Global parameters
[global]
workgroup = HQ
realm = HQ.INTERNAL
netbios name = DC1
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
interfaces=eth0
bind interfaces only=yes
tls enabled = yes
tls keyfile = /var/lib/samba/private/tls/key.pem
tls certfile = /var/lib/samba/private/tls/cert.pem
tls cafile = /var/lib/samba/private/tls/ca.pem
[netlogon]
path = /var/lib/samba/sysvol/hq.kontrast/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
member config was shown in my first e-mail
L.P.H. van Belle
Feb 12, 2016, 5:10:03 AM2/12/16
to
This looks all good to me but the problem lays in the DC winbind code, not the member.
You can try to witch back ( temperarly ) to winbind ( on the DC )
As i did, al least you get the correct id's back. ( for now )
For you this the change you need on the DC.
server services = -winbindd +winbind
Im recompiling the samba 4.3.3 from sid now atm, so ill test them out what happpens.
I'll report back here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
> Verzonden: vrijdag 12 februari 2016 10:54
You can try to witch back ( temperarly ) to winbind ( on the DC )
As i did, al least you get the correct id's back. ( for now )
For you this the change you need on the DC.
server services = -winbindd +winbind
Im recompiling the samba 4.3.3 from sid now atm, so ill test them out what happpens.
I'll report back here.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
L.P.H. van Belle
Feb 12, 2016, 5:40:03 AM2/12/16
to
Hai,
Yes, only the DCs
Change one, test and if all ok with you, change the others.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
> Verzonden: vrijdag 12 februari 2016 11:24
Yes, only the DCs
Change one, test and if all ok with you, change the others.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Oliver Werner [mailto:oliver...@kontrast.de]
Oliver Werner
Feb 22, 2016, 3:40:05 AM2/22/16
to
hi,
we have tested last week our problem with change parameter
server services = -winbindd +winbind
but our member server get also the issue that the winbind lost user and group mapping for valid users.
so for the test i have changed on our three DCs the parameter above.
May i need to set this parameter on member server also?
Oliver
we have tested last week our problem with change parameter
server services = -winbindd +winbind
so for the test i have changed on our three DCs the parameter above.
May i need to set this parameter on member server also?
Oliver
Rowland penny
Feb 22, 2016, 4:30:03 AM2/22/16
to
On 22/02/16 08:32, Oliver Werner wrote:
> hi,
>
> we have tested last week our problem with change parameter
>
> server services = -winbindd +winbind
>
> but our member server get also the issue that the winbind lost user and group mapping for valid users.
>
> so for the test i have changed on our three DCs the parameter above.
>
> May i need to set this parameter on member server also?
>
>
> Oliver
>
>
>
OK, I have been rereading this thread and I think Louis may have been
> hi,
>
> we have tested last week our problem with change parameter
>
> server services = -winbindd +winbind
>
> but our member server get also the issue that the winbind lost user and group mapping for valid users.
>
> so for the test i have changed on our three DCs the parameter above.
>
> May i need to set this parameter on member server also?
>
>
> Oliver
>
>
>
sending you off on a wild goose chase here, if the problem occurs on a
domain member, it very probably has nothing to do with how smb.conf is
setup on the DC.
What I did notice (and it is probably a typo) is this:
In domain member smb.conf: realm = hq.internal
In DC smb.conf:
[netlogon]
path = /var/lib/samba/sysvol/hq.kontrast/scripts
Which is it ? 'hq.internal' or 'hq.kontrast'
You should also add these lines to the smb.conf on the domain member:
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
Have you given a uidNumber attribute to users in AD and if you have,
does this include Administrator ?
Have you given a gidNumber attribute to groups in AD and if you have,
does this include groups such as Administrators ?
To be honest it sounds like the kerberos ticket could be expiring and
not getting renewed.
Rowland
Oliver Werner
Feb 22, 2016, 6:00:03 AM2/22/16
to
yeah
> /var/lib/samba/sysvol/hq.kontrast/scripts
was i typo
hq.internal was correct.
uidNumber and gidNumber is set for our own users and group, but not Administrator or Administrators.
Today it was an issue again on a member so i test command
wbinfo --group-info=group_intern
and got the error
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group group_intern
After restart windbag on domain member all looks ok again.
> /var/lib/samba/sysvol/hq.kontrast/scripts
was i typo
hq.internal was correct.
uidNumber and gidNumber is set for our own users and group, but not Administrator or Administrators.
Today it was an issue again on a member so i test command
wbinfo --group-info=group_intern
and got the error
failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for group group_intern
After restart windbag on domain member all looks ok again.
Rowland penny
Feb 22, 2016, 8:10:04 AM2/22/16
to
On 22/02/16 10:53, Oliver Werner wrote:
> yeah
>
>> /var/lib/samba/sysvol/hq.kontrast/scripts
> was i typo
>
> hq.internal was correct.
>
>
> uidNumber and gidNumber is set for our own users and group, but not Administrator or Administrators.
>
> Today it was an issue again on a member so i test command
>
> wbinfo --group-info=group_intern
>
> and got the error
>
> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for group group_intern
>
>
> After restart windbag on domain member all looks ok again.
>
>
>
This is sounding more and more like the kerberos ticket expiring and not
> yeah
>
>> /var/lib/samba/sysvol/hq.kontrast/scripts
> was i typo
>
> hq.internal was correct.
>
>
> uidNumber and gidNumber is set for our own users and group, but not Administrator or Administrators.
>
> Today it was an issue again on a member so i test command
>
> wbinfo --group-info=group_intern
>
> and got the error
>
> failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for group group_intern
>
>
> After restart windbag on domain member all looks ok again.
>
>
>
getting renewed, try turning Samba logging up and see if anything pops
up. You could also try leaving and rejoining the domain.
Oliver Werner
Feb 22, 2016, 9:10:05 AM2/22/16
to
Hm,
so i think i have another problem with my DCs…
also my users sometimes can’t login to windows clients and need a restart. So this can be the same thing.
i will try to set logging up and will check found out more details.
> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
so i think i have another problem with my DCs…
also my users sometimes can’t login to windows clients and need a restart. So this can be the same thing.
i will try to set logging up and will check found out more details.
Oliver Werner
Mar 1, 2016, 2:50:05 AM3/1/16
to
hi again,
i have test now with high log level.
On Member i found:
[2016/02/29 17:49:34.478685, 1] ../source3/rpc_client/cli_pipe.c:482(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:482: RPC fault code WERR_BADFUNC received from host dc1.hq.internal!
[2016/02/29 17:49:34.478817, 1] ../source3/winbindd/winbindd_ads.c:1297(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_RPC_CALL_FAILED - retrying...
[2016/02/29 17:49:34.482185, 1] ../source3/rpc_client/cli_pipe.c:482(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:482: RPC fault code WERR_BADFUNC received from host dc1.hq.internal!
Also on member i have tested the parameter:
winbind refresh tickets = yes
but has no effect.
i have also the problem on windows machines there are running all days without restart.
> instructions: https://lists.samba.org/mailman/options/samba <https://lists.samba.org/mailman/options/samba>
i have test now with high log level.
On Member i found:
[2016/02/29 17:49:34.478685, 1] ../source3/rpc_client/cli_pipe.c:482(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:482: RPC fault code WERR_BADFUNC received from host dc1.hq.internal!
[2016/02/29 17:49:34.478817, 1] ../source3/winbindd/winbindd_ads.c:1297(lookup_groupmem)
lsa_lookupsids call failed with NT_STATUS_RPC_CALL_FAILED - retrying...
[2016/02/29 17:49:34.482185, 1] ../source3/rpc_client/cli_pipe.c:482(cli_pipe_validate_current_pdu)
../source3/rpc_client/cli_pipe.c:482: RPC fault code WERR_BADFUNC received from host dc1.hq.internal!
Also on member i have tested the parameter:
winbind refresh tickets = yes
i have also the problem on windows machines there are running all days without restart.
0 new messages