Hello,
After update to 4.7.4 on my DC's I see some strange, non-critical (I think) though behaviour. I've noticed that: sometimes running command wbinfo -u doesn't list any of the users, in log i see this: *../source3/rpc_client/cli_pipe.c:568(cli_pipe_validate_current_pdu)* *../source3/rpc_client/cli_pipe.c:568: RPC fault code DCERPC_NCA_S_PROTO_ERROR received from host dc3!* *../source3/winbindd/winbindd_rpc.c:403(rpc_rids_to_names)* *rids_to_names: failed to lookup sids: NT_STATUS_RPC_PROTOCOL_ERROR* runnign wbinfo -g works fine samba-tool user list works fine converting via wbinfo sid to uid, or uid to sid, or sid to name works fine even when error as above occurs. after restarting samba, wbinfo -u works fine for random period of time. When error as above occurs AD DC works fine (i think), that is: users are able to authenticate, and I see in logs, that "sid-to-name" are resolved correctly. *[global]* * netbios name = DC3* * realm = MYDOMAIN.COM <http://MYDOMAIN.COM>* * server services = -nbt -dns* * workgroup = SAMDOM* * server role = active directory domain controller* * comment =* * allow dns updates = secure* * idmap_ldb:use rfc2307 = yes* * log level = 1 auth_audit:3 auth_json_audit:3 winbind:4 smb:3* * log file = /var/log/samba.log.%m* * logging = syslog@3* * max log size = 500* *#below is used because of freeradius which uses ntlm_auth* * lanman auth = no* * ntlm auth = yes* * raw NTLMv2 auth = yes* * template homedir = /home/%U@%D* * template shell = /bin/bash* * load printers = no* * printing = bsd* * printcap name = /dev/null* * disable spoolss = yes* * tls enabled = yes* * tls keyfile = /usr/local/samba/private/tls/dc3.key.pem* * tls certfile = /usr/local/samba/private/tls/dc3.cert.pem* * tls cafile = /usr/local/samba/private/tls/ca-chain.cert.pem* *[netlogon]* * path = /usr/local/samba/var/locks/sysvol/mydomain.com/scripts <http://mydomain.com/scripts>* * read only = No* *[sysvol]* * path = /usr/local/samba/var/locks/sysvol* * read only = No* One thing that slightly bothers me is that sometimes users take seemingly longer to authenticate and there are problems with GPO processing, for example when I run on windows client "gpudpate" i get random errors that policy XYZ couldn't be processed. When i run "getfacl" on said policy, and check ACL form windows perspective I see absolutely nothing out of order (no difference between other policies that are processed without issue) I have no idea if this is at all connected, or is it connected with my different question. Comments/help appreciated Regards, Kacper -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |
On Wed, 10 Jan 2018, Kacper Wirski via samba wrote:
> Hello, > > > After update to 4.7.4 on my DC's I see some strange, non-critical (I think) > though behavior. > > I've noticed that: > > sometimes running command > > wbinfo -u > > doesn't list any of the users, in log i see this: > > *../source3/rpc_client/cli_pipe.c:568(cli_pipe_validate_current_pdu)* > *../source3/rpc_client/cli_pipe.c:568: RPC fault code > DCERPC_NCA_S_PROTO_ERROR received from host dc3!* > *../source3/winbindd/winbindd_rpc.c:403(rpc_rids_to_names)* > *rids_to_names: failed to lookup sids: NT_STATUS_RPC_PROTOCOL_ERROR* > > running wbinfo -g works fine > > samba-tool user list works fine > > converting via wbinfo sid to uid, or uid to sid, or sid to name works > fine even when error as above occurs. > > after restarting samba, wbinfo -u works fine for random period of time. > > When error as above occurs AD DC works fine (i think), that is: users are > able to authenticate, and I see in logs, that "sid-to-name" are resolved > correctly. I too am seeing this behavior. The only way to get it working again is to restart samba. I need to do this about once a day. Like you, it appears that everything is working normally. The one difference in my setup is that the DC I am having the problem with is running 4.7.3. I just verified that I too am seeing the errors listed above in my logs. I posted to the list back in December about this problem and never received a response. At that time I did not see the errors in the log (I suspect had the log level too low) but they are definitely there now. The previous post contains my smb.conf and other details. It can be found @ https://lists.samba.org/archive/samba/2017-December/212884.html. Regards, -- Tom [hidden email] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |
Free forum by Nabble | Edit this page |