Web lists-archives.com

Re: [Samba] Developed an issue with Samba File Server integrated with Samba-AD




On Sat, 30 Jun 2018 14:51:48 +0530
Anantha Raghava via samba <samba@xxxxxxxxxxxxxxx> wrote:

> Hi,
> 
> We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04
> LTS) for quite sometime now. We recently installed Samba-AD (Samba AD
> Version 4.7.6) and made the file server a member of the Domain.
> Everything was fine till around 11:15 am yesterday. We just added one
> more share folder and gave access to three users and restarted Samba
> File Server services 
> - smbd, nmbd and winbindd - services and we lost the file server.
> None of the domain user is able to login to file server and access
> their shares. If we access the shares from a non-domain member PC,
> shares are accessible.
> 
> File server when accessed asks for user name & password. Once the
> user feeds his credentials, the login fails and again the file server
> will ask for user credentials. This is really surprising.
> 
> We enabled log level 3 on both samba servers (File & AD Server) and
> we see nothing with respect to this error.
> 
> Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are
> attached.
> 
> I am aware that Samba file server is very old and it's time to
> upgrade. However, getting it back live is now critical for us.
> 
> Look forward for any guidance.
> 
> 
> Thanks & Regards,
> 
> 
> Anantha Raghava
> 
> 
> Do not print this e-mail unless required. Save Paper & trees.
> 

There doesn't seen to be anything really wrong with the Unix domain
member smb.conf, apart from it having a netlogon share (this in my
opinion should only be on a PDC or DC). I would leave the domain,
remove the netlogon share, remove all Samba .ldb and .tdb files
(usually in /var/lib/samba), then rejoin the domain and restart the
samba deamons (nmbd, smbd and winbindd), this will recreate all the
Samba databases.

If this doesn't work, add 'log level = 10' to smb.conf on the Unix
domain member and see if anything pops out.

I have however noticed this:

DC smb.conf:

 	realm = XXXX.COM
	workgroup = XXXX

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/exza.com/scripts

Unix domain member smb.conf:

    workgroup = CSAEROTHERM
    realm = CSAEROTHERM.COM

On the DC, the realm appears to actually be 'exza.com' but on the Unix
domain member it is set to 'CSAEROTHERM.COM', these must match, yours
don't.

Rowland

-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba