Yesterday I was "tailing" a log file (nmbd, I think) and noticed
complaints by my member server that there was another "domain master"
at
the ipaddress on my DC1.
This morning Windows clients are being denied updates to
"116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.)
I think I have an error in my smb.conf file for this server as I have
had an issue in the past with domian master when I switched from an
older member server to this newer one.
My smb.conf (slightly sanitized.):
adminlinux at dtmbr02:~$ cat /etc/samba/smb.conf
[global]
workgroup = DTDOM
server string = Samba Server Version %v
security = ads
realm = DTSHRM.DT
use sendfile = true
log level = 4
preferred master = yes
domain master = yes
dns proxy = yes
host msdfs = no
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
idmap config * : range = 50001-80000 <<default was
10000-299999
## map ids from the domain the range may not overlap !
idmap config DTDOM : backend = ad
idmap config DTDOM : schema_mode = rfc2307
idmap config DTDOM : range = 10000-40000 << default was
10000-99999
winbind separator = +
winbind nss info = rfc2307
winbind trusted domains only = no
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
winbind offline logon = yes
## wins server = 192.168.16.49 192.168.16.50
template shell = /bin/bash
template homedir = /home/samba/DTDOM/users/%U
# user Administrator workaround, without it you are unable to set
privileges
username map = /etc/samba/samba_usermapping
# For ACL support on member file server
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
# Share Setting Globally
usershare allow guests = no
unix extensions = no
reset on zero vc = yes
veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
hide unreadable = yes
# disable printing completely
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
#============================ Share Definitions
===========================
[testshare]
comment = Test share
path = /samba/testshare
read only = no
force group = "domain users"
directory mask = 0770
force directory mode = 0770
create mask = 0660
force create mode = 0660
follow symlinks = yes
wide links = yes
I tried commenting out the "preferred master" and "domain
master"
entries but no change.
What do I need to clean up here?
Please help! It is a busy day here and I cannot work without this!
--
_______________________________
Bob Wooden of Donelson Trophy
On 2016-12-01 09:20, Bob of Donelson Trophy via samba wrote:> Yesterday I was "tailing" a log file (nmbd, I think) and noticed > complaints by my member server that there was another "domain master" at > the ipaddress on my DC1. > > This morning Windows clients are being denied updates to > "116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.) > > I think I have an error in my smb.conf file for this server as I have > had an issue in the past with domian master when I switched from an > older member server to this newer one. > > My smb.conf (slightly sanitized.): > > adminlinux at dtmbr02:~$ cat /etc/samba/smb.conf > [global] > workgroup = DTDOM > server string = Samba Server Version %v > security = ads > realm = DTSHRM.DT > use sendfile = true > > log level = 4 > > preferred master = yes > domain master = yes > dns proxy = yes > > host msdfs = no > > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > idmap config * : range = 50001-80000 <<default was > 10000-299999 > ## map ids from the domain the range may not overlap ! > idmap config DTDOM : backend = ad > idmap config DTDOM : schema_mode = rfc2307 > idmap config DTDOM : range = 10000-40000 << default was > 10000-99999 > winbind separator = + > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind refresh tickets = yes > winbind offline logon = yes > > ## wins server = 192.168.16.49 192.168.16.50 > > template shell = /bin/bash > template homedir = /home/samba/DTDOM/users/%U > > # user Administrator workaround, without it you are unable to set > privileges > username map = /etc/samba/samba_usermapping > > # For ACL support on member file server > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > > # Share Setting Globally > usershare allow guests = no > unix extensions = no > reset on zero vc = yes > veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ > hide unreadable = yes > > # disable printing completely > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > restrict anonymous = 2 > log file = /var/log/samba/log.%m > max log size = 50 > > #============================ Share Definitions > ===========================> > [testshare] > comment = Test share > path = /samba/testshare > read only = no > force group = "domain users" > directory mask = 0770 > force directory mode = 0770 > create mask = 0660 > force create mode = 0660 > follow symlinks = yes > wide links = yes > > I tried commenting out the "preferred master" and "domain master" > entries but no change. > > What do I need to clean up here? > > Please help! It is a busy day here and I cannot work without this! > > -- > _______________________________ > > Bob Wooden of Donelson TrophyMy apologies to everyone, the subject is incorrect. I am in a bite of a panic here as I cannot work until this is resolved. -- _______________________________ Bob Wooden of Donelson Trophy
On Thu, 01 Dec 2016 09:20:15 -0600 Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote:> From: Bob of Donelson Trophy via samba <samba at lists.samba.org> > To: SAMBA MailList <samba at lists.samba.org> > Subject: [Samba] member server resolv.conf question > Date: Thu, 01 Dec 2016 09:20:15 -0600 > Reply-To: bob at donelsontrophy.net > Sender: "samba" <samba-bounces at lists.samba.org> > User-Agent: Roundcube Webmail/1.1.5 > Organization: Donelson Trophy > > Yesterday I was "tailing" a log file (nmbd, I think) and noticed > complaints by my member server that there was another "domain master" > at the ipaddress on my DC1. > > This morning Windows clients are being denied updates to > "116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.) >I think there was the word 'browser' after 'domain master' in the log you were 'tailing' and this has nothing to do with your update problem. The 'domain master browser' is the netbios master. What is in your other Samba logs and system log on the DC ? Rowland
Hi Bob, Im leaving the office, but i think if you remove the "wins support = yes" lines from your DC smb.conf wil help. Or set it explicit to no. After that, reboot the DC(s . Then when thats done. Reboot the member, no changes needed. Now, check the logs again, if there are still messages, then you need to find the other master browser.. , so check every samba server if needed. And just a tip install debian-goodies. That give you the program checkrestart, and after every update you do, run : checkrestart Is you see lots of services that needs restarting, reboot helps better when there are a lot. I hoop it helps out. I can check my mail again in about 3-4 hours. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson > Trophy via samba > Verzonden: donderdag 1 december 2016 16:20 > Aan: SAMBA MailList > Onderwerp: [Samba] member server resolv.conf question > Urgentie: Hoog > > Yesterday I was "tailing" a log file (nmbd, I think) and noticed > complaints by my member server that there was another "domain master" at > the ipaddress on my DC1. > > This morning Windows clients are being denied updates to > "116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.) > > I think I have an error in my smb.conf file for this server as I have > had an issue in the past with domian master when I switched from an > older member server to this newer one. > > My smb.conf (slightly sanitized.): > > adminlinux at dtmbr02:~$ cat /etc/samba/smb.conf > [global] > workgroup = DTDOM > server string = Samba Server Version %v > security = ads > realm = DTSHRM.DT > use sendfile = true > > log level = 4 > > preferred master = yes > domain master = yes > dns proxy = yes > > host msdfs = no > > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > idmap config * : range = 50001-80000 <<default was > 10000-299999 > ## map ids from the domain the range may not overlap ! > idmap config DTDOM : backend = ad > idmap config DTDOM : schema_mode = rfc2307 > idmap config DTDOM : range = 10000-40000 << default was > 10000-99999 > winbind separator = + > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind enum users = yes > winbind enum groups = yes > winbind use default domain = yes > winbind refresh tickets = yes > winbind offline logon = yes > > ## wins server = 192.168.16.49 192.168.16.50 > > template shell = /bin/bash > template homedir = /home/samba/DTDOM/users/%U > > # user Administrator workaround, without it you are unable to set > privileges > username map = /etc/samba/samba_usermapping > > # For ACL support on member file server > > vfs objects = acl_xattr > map acl inherit = yes > store dos attributes = yes > > # Share Setting Globally > usershare allow guests = no > unix extensions = no > reset on zero vc = yes > veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/ > hide unreadable = yes > > # disable printing completely > load printers = no > printing = bsd > printcap name = /dev/null > disable spoolss = yes > > restrict anonymous = 2 > log file = /var/log/samba/log.%m > max log size = 50 > > #============================ Share Definitions > ===========================> > [testshare] > comment = Test share > path = /samba/testshare > read only = no > force group = "domain users" > directory mask = 0770 > force directory mode = 0770 > create mask = 0660 > force create mode = 0660 > follow symlinks = yes > wide links = yes > > I tried commenting out the "preferred master" and "domain master" > entries but no change. > > What do I need to clean up here? > > Please help! It is a busy day here and I cannot work without this! > > -- > _______________________________ > > Bob Wooden of Donelson Trophy > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 2016-12-01 10:00, Rowland Penny via samba wrote:> On Thu, 01 Dec 2016 09:20:15 -0600 > Bob of Donelson Trophy via samba <samba at lists.samba.org> wrote: > >> From: Bob of Donelson Trophy via samba <samba at lists.samba.org> >> To: SAMBA MailList <samba at lists.samba.org> >> Subject: [Samba] member server resolv.conf question >> Date: Thu, 01 Dec 2016 09:20:15 -0600 >> Reply-To: bob at donelsontrophy.net >> Sender: "samba" <samba-bounces at lists.samba.org> >> User-Agent: Roundcube Webmail/1.1.5 >> Organization: Donelson Trophy >> >> Yesterday I was "tailing" a log file (nmbd, I think) and noticed >> complaints by my member server that there was another "domain master" >> at the ipaddress on my DC1. >> >> This morning Windows clients are being denied updates to >> "116.168.192.in-addr-arps/IN" (which I believe is the reverse zone.) > > I think there was the word 'browser' after 'domain master' in the log > you were 'tailing' and this has nothing to do with your update problem. > The 'domain master browser' is the netbios master. > > What is in your other Samba logs and system log on the DC ? > > RowlandI checked the "log.samba" of the first DC and it has entries "Failed to connect host 192.168.116.50 on port 135 - NT_STATUS_CONNECTION_REFUSED" This is the address of my other DC. My other DC "log.samba" shows "samba: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor." I have never seen that before!!! The /var/log/syslog discusses updates for one of the W10 clients but doesn't look abnormal. Your thoughts? (This reply is about when my email client buggers up, sorry if it does.) -- _______________________________ Bob Wooden of Donelson Trophy