Tim Holmes
2005-Jul-21 17:29 UTC
[Samba] Samba / AD authentication - one machine only !!!!
Hi Folks:
I am continuing to work on the samba problems. This is a weird one!!!
I have 3 servers with samba running:
2 of them work perfectly and the third one refuses to authenticated
I am seeing a lot of the following error
[2005/07/21 12:58:21, 0] lib/util_sock.c:get_peer_addr(1000)
getpeername failed. Error was Transport endpoint is not connected
Googleing around has found that it seems to be related to DNS issues,
but that makes no sense, since the two other servers running identical
[global] sections (only differences are machine names etc) and krb5
configurations are working fine
The web server works cool
The testbed server works kool
When I try to access the file server, it asks for authentication
Kinit shows no errors, so I assume that's working right
Here is the smb.conf
[global]
log file = /var/log/samba/%m.log
idmap gid = 10000-40000
socket options = SO_RCVBUF=8192
wins server = 192.168.0.2
domain master = No
realm = MCASCHOOL.NET
netbios name = srvfs-01
server string = MCA File Server (test conf)
password server = srvdc01.mcaschool.net
idmap uid = 10000-40000
winbind enum users = yes
winbind nested groups = Yes
local master = No
workgroup = MCASCHOOL
os level = 20
winbind enum groups = yes
security = ads
preferred master = no
[users]
path = /home
read only = No
here is the nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be #
sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an # entry
should stop if the search in the previous entry turned # up nothing.
Note that if the search failed due to some other reason # (like no NIS
server responding) then the search continues with the # next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries
you want to be
# looked up first in the databases # # Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files compat winbind
shadow: compat
group: files compat winbind
#hosts: db files nisplus nis dns
hosts: files dns winbind
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files winbind
rpc: files
services: files winbind
netgroup: files winbind
publickey: nisplus
automount: files winbind
aliases: files nisplus
And the /etc/krb5.conf
[libdefaults]
default_realm = MCASCHOOL.NET
[realms]
MCASCHOOL.NET = {
kdc = srvdc01.mcaschool.net
}
[domain_realm]
.mcaschool.net = MCASCHOOL.NET
mcaschool.net = MCASCHOOL.NET
here is the /etc/hosts
# Do not remove the following line, or various programs # that require
network functionality will fail.
127.0.0.1 srvfs-01 localhost.localdomain localhost
192.168.0.5 srvfs-01 srvfs-01.mcaschool.net srvfs-01
And last but not least the /etc/resolv.conf
domain mcaschool.net
nameserver 192.168.0.2
This one has me totally stumped, because one of the servers that is
running is running an exactly identical hardware set
Any suggestions would be most helpful
Timothy A. Holmes
IT Manager / Webmaster / Science Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
Timothy A. Holmes
IT Manager / Webmaster / Science Teacher
Medina Christian Academy
A Higher Standard...
Jeremiah 33:3
Jeremiah 29:11
Esther 4:14
Tim Holmes
2005-Jul-22 18:01 UTC
[Samba] Samba / AD authentication - one machine only !!!!
Folks -- thanks for all your help -- I have gotten the SAMBA AUTHENTICATION problem resolved -- I rebuilt the machine -- That machine has had as many as 5 different samba configs on it over the last 3 months as I have tried to get things figured out to make it work right. So now that I had a known working configuration, I just needed to clean all the other junk up Thanks so much for all your help I still have a few questions about how to configure permissions which I posted earlier, if anyone can help out, I would appreciate it TIM Timothy A. Holmes IT Manager / Webmaster / Science Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14 Timothy A. Holmes IT Manager / Webmaster / Science Teacher Medina Christian Academy A Higher Standard... Jeremiah 33:3 Jeremiah 29:11 Esther 4:14> -----Original Message----- > From: samba-bounces+tholmes=mcaschool.net@lists.samba.org[mailto:samba-> bounces+tholmes=mcaschool.net@lists.samba.org] On Behalf Of Tim Holmes > Sent: Thursday, July 21, 2005 1:29 PM > To: samba@lists.samba.org > Subject: [Samba] Samba / AD authentication - one machine only !!!! > > Hi Folks: > > I am continuing to work on the samba problems. This is a weird one!!! > > I have 3 servers with samba running: > > 2 of them work perfectly and the third one refuses to authenticated > > I am seeing a lot of the following error > > [2005/07/21 12:58:21, 0] lib/util_sock.c:get_peer_addr(1000) > getpeername failed. Error was Transport endpoint is not connected > > > Googleing around has found that it seems to be related to DNS issues, > but that makes no sense, since the two other servers running identical > [global] sections (only differences are machine names etc) and krb5 > configurations are working fine > > The web server works cool > The testbed server works kool > > When I try to access the file server, it asks for authentication > > Kinit shows no errors, so I assume that's working right > > > Here is the smb.conf > [global] > log file = /var/log/samba/%m.log > idmap gid = 10000-40000 > socket options = SO_RCVBUF=8192 > wins server = 192.168.0.2 > domain master = No > realm = MCASCHOOL.NET > netbios name = srvfs-01 > server string = MCA File Server (test conf) > password server = srvdc01.mcaschool.net > idmap uid = 10000-40000 > winbind enum users = yes > winbind nested groups = Yes > local master = No > workgroup = MCASCHOOL > os level = 20 > winbind enum groups = yes > security = ads > preferred master = no > > [users] > path = /home > read only = No > > > here is the nsswitch.conf > > # > # /etc/nsswitch.conf > # > # An example Name Service Switch config file. This file should be # > sorted with the most-used services at the beginning. > # > # The entry '[NOTFOUND=return]' means that the search for an # entry > should stop if the search in the previous entry turned # up nothing. > Note that if the search failed due to some other reason # (like no NIS > server responding) then the search continues with the # next entry. > # > # Legal entries are: > # > # nisplus or nis+ Use NIS+ (NIS version 3) > # nis or yp Use NIS (NIS version 2), also calledYP> # dns Use DNS (Domain Name Service) > # files Use the local files > # db Use the local database (.db) files > # compat Use NIS on compat mode > # hesiod Use Hesiod for user lookups > # [NOTFOUND=return] Stop searching if not found so far > # > > # To use db, put the "db" in front of "files" for entries you want tobe> # looked up first in the databases # # Example: > #passwd: db files nisplus nis > #shadow: db files nisplus nis > #group: db files nisplus nis > > passwd: files compat winbind > shadow: compat > group: files compat winbind > > #hosts: db files nisplus nis dns > hosts: files dns winbind > > # Example - obey only what nisplus tells us... > #services: nisplus [NOTFOUND=return] files > #networks: nisplus [NOTFOUND=return] files > #protocols: nisplus [NOTFOUND=return] files > #rpc: nisplus [NOTFOUND=return] files > #ethers: nisplus [NOTFOUND=return] files > #netmasks: nisplus [NOTFOUND=return] files > > bootparams: nisplus [NOTFOUND=return] files > > ethers: files > netmasks: files > networks: files > protocols: files winbind > rpc: files > services: files winbind > > netgroup: files winbind > > publickey: nisplus > > automount: files winbind > aliases: files nisplus > > > > > > And the /etc/krb5.conf > > > [libdefaults] > default_realm = MCASCHOOL.NET > > [realms] > MCASCHOOL.NET = { > kdc = srvdc01.mcaschool.net > } > > [domain_realm] > .mcaschool.net = MCASCHOOL.NET > mcaschool.net = MCASCHOOL.NET > > > > here is the /etc/hosts > > # Do not remove the following line, or various programs # that require > network functionality will fail. > 127.0.0.1 srvfs-01 localhost.localdomain localhost > 192.168.0.5 srvfs-01 srvfs-01.mcaschool.net srvfs-01 > > > > And last but not least the /etc/resolv.conf > > domain mcaschool.net > nameserver 192.168.0.2 > > > > This one has me totally stumped, because one of the servers that is > running is running an exactly identical hardware set > > Any suggestions would be most helpful > > > > Timothy A. Holmes > > IT Manager / Webmaster / Science Teacher > > Medina Christian Academy > A Higher Standard... > > Jeremiah 33:3 > Jeremiah 29:11 > Esther 4:14 > > Timothy A. Holmes > > IT Manager / Webmaster / Science Teacher > > Medina Christian Academy > A Higher Standard... > > Jeremiah 33:3 > Jeremiah 29:11 > Esther 4:14 > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/listinfo/samba