Hi Denis
Thanks for your advise I will not use these wordings here.
Please check the result below when I run the command on the DC-1 when DC-2
is off or on
smbclient -k //IUMSVRAPP01/Pastel12 -d 9
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Processing section "[global]"
doing parameter workgroup = IUMNET
doing parameter realm = IUMNET.EDU.NA
doing parameter netbios name = IUMDCDP01
doing parameter server role = active directory domain controller
doing parameter dns forwarder = 172.16.10.254
doing parameter domain master = yes
doing parameter preferred master = yes
doing parameter password server = 172.16.10.5
doing parameter allow dns updates = nonsecure and secure
doing parameter ntlm auth = yes
doing parameter client use spnego = no
doing parameter client ldap sasl wrapping = sign
doing parameter ldap server require strong auth = no
doing parameter time server = Yes
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter full_audit:prefix = %u|%I|%m|%S
doing parameter full_audit:failure = connect
doing parameter full_audit:success = connect disconnect
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth0 ip=172.16.10.5 bcast=172.16.10.255
netmask=255.255.255.0
added interface eth2 ip=192.29.0.5 bcast=192.29.255.255 netmask=255.255.0.0
Netbios name list:-
my_netbios_names[0]="IUMDCDP01"
Client started (version 4.6.12-SerNet-Ubuntu-14.precise).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for realm 'IUMNET.EDU.NA':
"Default-First-Site-Name"
no entry for IUMSVRAPP01#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name IUMSVRAPP01<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name IUMSVRAPP01<0x20>
namecache_store: storing 1 address for IUMSVRAPP01#20: 172.16.10.21
Connecting to 172.16.10.21 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 24040
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
session setup failed: NT_STATUS_INVALID_PARAMETER_MIX
*Here is the smb.conf dump from DC-1:*
# Global parameters
[global]
workgroup = IUMNET
realm = IUMNET.EDU.NA
netbios name = IUMDCDP01
server role = active directory domain controller
dns forwarder = 172.16.10.254
domain master = yes
preferred master = yes
# server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
password server = 172.16.10.5
allow dns updates = nonsecure and secure
# lanman auth = Yes
# client lanman auth = Yes
ntlm auth = yes
client use spnego = no
client ldap sasl wrapping = sign
# ldap ssl ads = yes
# ldap ssl = start tls
ldap server require strong auth = no
# wins server = iumnet.edu.na
# wins support = Yes
time server = Yes
template shell = /bin/bash
template homedir = /home/%U
# idmap config * : backend = tdb
# idmap config *:range = 50000-1000000
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = connect disconnect
# log level = 9 dns:0
[netlogon]
path = /var/lib/samba/sysvol/iumnet.edu.na/scripts
read only = No
browsable = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[softshare]
path = /home/administrator/ad
read only = No
*When I ran the same command on DC-2 ( Samba 4.7.4) *
smbclient -k //172.16.10.21/Pastel12 -d 9
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
auth_audit: 9
auth_json_audit: 9
kerberos: 9
drs_repl: 9
Processing section "[global]"
doing parameter netbios name = IUMSVRPDC
doing parameter realm = IUMNET.EDU.NA
doing parameter workgroup = IUMNET
doing parameter server role = active directory domain controller
doing parameter dns forwarder = 172.16.10.254
doing parameter allow dns updates = nonsecure and secure
doing parameter ntlm auth = yes
doing parameter ldap server require strong auth = no
doing parameter time server = Yes
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter full_audit:prefix = %u|%I|%m|%S
doing parameter full_audit:failure = connect
doing parameter full_audit:success = connect disconnect
doing parameter tls enabled = yes
doing parameter tls keyfile = tls/key.pem
doing parameter tls certfile = tls/cert.pem
doing parameter tls cafile = tls/ca.pem
doing parameter log level = 9 dns:0
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface ens18 ip=172.16.100.5 bcast=172.16.100.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="IUMSVRPDC"
Client started (version 4.7.4-SerNet-Ubuntu-6.trusty).
Connecting to 172.16.10.21 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB2_02] against server[172.16.10.21]
got OID=1.2.840.48018.1.2.2
Kerberos auth with 'administrator at IUMNET.EDU.NA' (IUMNET\root) to
access
'172.16.10.21' not possible
SPNEGO login failed: {Access Denied} A process has requested access to an
object but has not been granted those access rights.
session setup failed: NT_STATUS_ACCESS_DENIED
*Here is the smb.conf dump from DC-2:*
# Global parameters
[global]
netbios name = IUMSVRPDC
realm = IUMNET.EDU.NA
workgroup = IUMNET
server role = active directory domain controller
dns forwarder = 172.16.10.254
# server services = +s3fs,+dnsupdate,+dns,+winbind,+kdc,+ldap
allow dns updates = nonsecure and secure
ntlm auth = yes
ldap server require strong auth = no
time server = Yes
template shell = /bin/bash
template homedir = /home/%U
# idmap config * : backend = tdb
# idmap config *:range = 50000-1000000
full_audit:prefix = %u|%I|%m|%S
full_audit:failure = connect
full_audit:success = connect disconnect
tls enabled = yes
tls keyfile = tls/key.pem
tls certfile = tls/cert.pem
tls cafile = tls/ca.pem
log level = 9 dns:0
[netlogon]
path = /var/lib/samba/sysvol/iumnet.edu.na/scripts
read only = No
browsable = no
[sysvol]
path = /var/lib/samba/sysvol
read only = No
*samba-tool drs showrepl on DC-1 is replicating successfully except for
below under INBOUND NEIGHBOR: *
DC=iumnet,DC=edu,DC=na
Default-First-Site-Name\IUMSVRPDC via RPC
DSA object GUID: 27182378-a9c7-451e-bb95-7b2172a5f311
Last attempt @ Tue Jan 16 14:24:05 2018 WAST failed, result
58 (WERR_BAD_NET_RESP)
17863 consecutive failure(s).
Last success @ Sat Jan 13 23:16:52 2018 WAST
*samba-tool drs showrepl on DC-2 is replicating successfully except for
below under INBOUND NEIGHBOR: *
CN=Configuration,DC=iumnet,DC=edu,DC=na
Default-First-Site-Name\IUMDCDP01 via RPC
DSA object GUID: 8bf63977-f3b3-445e-8eb3-ff74cdd7e0fe
Last attempt @ Tue Jan 16 14:26:56 2018 CAT failed, result
58 (WERR_BAD_NET_RESP)
1926 consecutive failure(s).
Last success @ Tue Jan 9 14:15:43 2018 CAT
*Harsh Kukreja *Systems Administrator
*International University of Namibia *Tel: 061-4336000 - E-mail: h.kukreja
@ium.edu.na - Web:
*http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
On Tue, Jan 16, 2018 at 11:49 AM, Denis Cardon <dcardon at tranquil.it>
wrote:
> Hi Harsh,
>
>>
>> I have two Samba 4 DC’s as below
>> server-1 with all FSMO roles running Samba 4.6.12 on Ubuntu 12.04
>> server-2 joined to server-1 as a DC running Samba 4.7.4 Ubuntu 16.04
>>
>> The problem is when I share files from my Windows 2008 file sharing
server
>> which shows it is logged on to Server-2 DC and the client PC which
logs
>> on
>> to the server-1 DC cannot access the shared folder and gives an error
>> Logon
>> Failure: The target account name is incorrect.
>>
>
> Windows error messages are not very sysadmin friendly. Could you please
> use instead smbclient command line from a domain member linux client to do
> your debugging:
> kinit myusername
> smbclient -k //win2k8server/sharename -d 9
>
> And do it with both with dc1 on and off.
>
> To fix the problem I have to shutdown server-2 DC and restart my Windows
>> File server which logs on to the server-1 and then the client can
access
>> the shared folder.
>>
>
> Could you check if replication is working properly?
> samba-tool drs showrepl
>
> Please assist to fix this issue as I have to run both the DC’s in the
>> network.
>>
>
> You should avoid wordings like "please assist for fix". It is
deemed rude
> (at least in my culture) to give orders to people who don't owe you
> anything... They are many kind people on this mailing list that would be
> happy to help, but this kind of wording just make them dismiss your message
> directly.
>
> Cheers,
>
> Denis
>
>
>> *Harsh Kukreja *Systems Administrator
>> *International University of Namibia *Tel: 061-4336000 - E-mail:
h.kukreja
>> @ium.edu.na - Web:
>> *http://www.ium.edu.na <http://www.ium.edu.na/>*Private Bag
>> 14005,Bachbrech. 21-31 Hercules Street, Dorado Park, Windhoek, NAMIBIA
>>
>>
> --
> Denis Cardon
> Tranquil IT Systems
> Les Espaces Jules Verne, bâtiment A
> 12 avenue Jules Verne
> 44230 Saint Sébastien sur Loire
> tel : +33 (0) 2.40.97.57.55
> http://www.tranquil-it-systems.fr
>
>