Anantha Raghava
2018-Jun-30  09:21 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
Hi,
We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 LTS) 
for quite sometime now. We recently installed Samba-AD (Samba AD Version 
4.7.6) and made the file server a member of the Domain. Everything was 
fine till around 11:15 am yesterday. We just added one more share folder 
and gave access to three users and restarted Samba File Server services 
- smbd, nmbd and winbindd - services and we lost the file server. None 
of the domain user is able to login to file server and access their 
shares. If we access the shares from a non-domain member PC, shares are 
accessible.
File server when accessed asks for user name & password. Once the user 
feeds his credentials, the login fails and again the file server will 
ask for user credentials. This is really surprising.
We enabled log level 3 on both samba servers (File & AD Server) and we 
see nothing with respect to this error.
Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are attached.
I am aware that Samba file server is very old and it's time to upgrade. 
However, getting it back live is now critical for us.
Look forward for any guidance.
Thanks & Regards,
Anantha Raghava
Do not print this e-mail unless required. Save Paper & trees.
-------------- next part --------------
# Global parameters
[global]
	netbios name = PDC
	realm = XXXX.COM
	server role = active directory domain controller
	server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
	workgroup = XXXX
	idmap_ldb:use rfc2307 = yes
	ldap server require strong auth = No
# Logs and events
	eventlog list = Security
	log level = 3
	log file = /var/log/samba/dc1.%T.log
	max log size = 1000000
[netlogon]
	path = /usr/local/samba/var/locks/sysvol/exza.com/scripts
	read only = No
[sysvol]
	path = /usr/local/samba/var/locks/sysvol
	read only = No
-------------- next part --------------
[gdlobal]
    workgroup = CSAEROTHERM
    server string = Samba Server Version %v
    security = ads
    realm = CSAEROTHERM.COM
    # socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
SO_SNDBUF=131072
    use sendfile = true
    idmap config * : backend = tdb
    idmap config * : range = 100000-299999
    idmap config CSAEROTHERM : schema_mode = rfc2307
    idmap config CSAEROTHERM : backend = rid
    idmap config CSAEROTHERM : range = 10000-99999
    winbind separator = +
    winbind enum users = yes
    winbind enum groups = yes
    winbind use default domain = yes
    winbind refresh tickets = yes
    restrict anonymous = 2
    log file = /var/log/samba/log.%m
    max log size = 50 
    logon script = Set-ADPicture.vbs
##    min protocol = SMB2
## Share definitions
[homes]
        comment = Home Directories
        path = /home/%U
        read only = No
        inherit permissions = Yes
        browseable = No
	veto files
="/*.mp3/*.mov/*.jpeg/*.png/*.mp4/*.jfif/*.ppm/*.pgm/*.tiff/*.bmp/*.dwg/"
        vfs objects = recycle
               recycle:repository = /home/.recycle/%U
               recycle:keeptree = Yes
               recycle:touch = Yes
               recycle:versions = Yes
               recycle:maxsixe = 0
               recycle:exclude = *.tmp 
[Share]
	read list = %U, administrator,suresh
	path = /storage/CSfiles/pubshare
	write list = %U,administrator,suresh
	recycle:touch = Yes
	recycle:maxsixe = 0
	recycle:repository = /storage/CSfiles/pubshare/.recycle/%U
	comment = Public Share
	vfs objects = recycle
	browseable = No
	recycle:exclude = *.tmp
	directory mask = 0700
	inherit permissions = Yes
	# revalidate = yes
	veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
	recycle:keeptree = Yes
	user = administrator,%U,suresh
	public = yes
	recycle:versions = Yes 
[cscloudvendor]
        read list = %U, administrator, pranavjairam
        path = /storage/CSfiles/cscloud/vendor
        valid users = %U, pranavjairam, administrator
	write list = %U,administrator
	recycle:touch = Yes
        recycle:maxsixe = 0
        recycle:repository = /storage/CSfiles/cscloud/vendor/.recycle/%U
        usershare allow guests = yes
	comment = cscloud vendor drawing Share
        vfs objects = recycle
        browseable = Yes
        recycle:exclude = *.tmp
        directory mask = 0700
        #inherit permissions = Yes
        # revalidate = yes
        veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
        recycle:keeptree = Yes
        user = administrator,%U, pranavjairam
        public = yes
        recycle:versions = Yes
[cscloudvideo]
        read list = %U, administrator
        path = /storage/CSfiles/cscloud/video
        write list = %U,administrator
        recycle:touch = Yes
        recycle:maxsixe = 0
        recycle:repository = /storage/CSfiles/cscloud/video/.recycle/%U
        comment = Cscloud videos Share
        vfs objects = recycle
        browseable = No
        recycle:exclude = *.tmp
        directory mask = 0700
        inherit permissions = Yes
        # revalidate = yes
        veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
        recycle:keeptree = Yes
        user = administrator,%U
        public = yes
        recycle:versions = Yes
[profiles]
	recycle:keeptree = Yes
	path = /storage/profiles`
	recycle:touch = Yes
	directory mask = 0700
	recycle:versions = Yes
	browsable = No
	vfs objects = recycle
	comment = User profiles
	profile acls = Yes
	hide files = /desktop.ini/ntuser.ini/NTUSER.*/
	veto files = /*.mp3/*.avi/*.mov/"
	write list = 
	recycle:repository = /storage/profiles/.recycle/%U
	users = 
	recycle:exclude = *.tmp 
	store dos attributes = Yes
	writable = yes
	read list = 
	create mask = 0600
	recycle:maxsixe = 0
[netlogon]
	recycle:keeptree = Yes
        path = /var/lib/netlogon
        recycle:touch = Yes
        directory mask = 0700
        recycle:versions = Yes
        browsable = No
        vfs objects = recycle
        comment = netlogon
        profile acls = Yes
        hide files = /desktop.ini/ntuser.ini/NTUSER.*/
        veto files = /*.mp3/*.avi/*.mov/"
        write list         recycle:repository = /var/lib/netlogon/.recycle/%U
        users         recycle:exclude = *.tmp
        store dos attributes = Yes
        writable = yes
        read list         create mask = 0600
        recycle:maxsixe = 0
[Design]
	recycle:maxsixe = 0
	read list = suresh,manjunathsingh,senthil,roopesh,arjunsagar,prabhu
	inherit acls = Yes
	recycle:exclude = *.tmp 
	inherit permissions = Yes
	valid users =
administrator,suresh,manjunathsingh,senthil,roopesh,arjunsagar,prabhu
	recycle:repository = /storage/CSfiles/Design/.recycle/%U
	write list = pranavjairam,manjunathsingh,arjunsagar,prabhu
	veto files = /*.mp3/*.avi/*.mov/"
	public = yes
	comment = Design Documents
	vfs objects = recycle
	recycle:versions = Yes
	recycle:touch = Yes
	browseable = no
	path = /storage/CSfiles/Design
	recycle:keeptree = Yes
	writeable = yes
[test123]
	comment = test123
	path = /home/
        inherit acls = Yes
        inherit permissions = Yes
        valid users = harikumar
        read list = harikumar
        write list = harikumar
        veto files = /*.mp3/*.avi/*.mov/"
        public = yes
        writeable = yes
        browseable = no
	
[Materials]
	recycle:keeptree = Yes
	writeable = yes
	path = /storage/CSfiles/materials
	recycle:versions = Yes
	browseable = no
	recycle:touch = Yes
	comment = Materials
	vfs objects = recycle
	veto files = /*.mp3/*.avi/*.mov/"
	recycle:repository = /storage/CSfiles/materials/.recycle/%U
	valid users = suresh,senthil,sangeetha,prakash
	write list = suresh,senthil,sangeetha,prakash
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	recycle:maxsixe = 0
[Accounts]
	public = yes
	veto files = /*.mp3/*.avi/*.mov/"
	write list = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
	valid users = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
	recycle:repository = /storage/CSfiles/accounting/.recycle/%U
	recycle:exclude = *.tmp 
	inherit permissions = Yes
	inherit acls = Yes
	create mask = 0600
	read list = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
	recycle:maxsixe = 0
	recycle:keeptree = Yes
	writeable = yes
	path = /storage/CSfiles/accounting
	recycle:touch = Yes
	browseable = no
	recycle:versions = Yes
	directory mask = 0700
	vfs objects = recycle
	comment = Accounts
[Software]
	recycle:exclude = *.tmp 
	recycle:maxsixe = 0
	read list = administrator,pranavjairam,harikumar,suresh
	recycle:repository = /storage/CSfiles/software/.recycle/%U
	valid users = administrator,pranavjairam,harikumar,suresh
	write list = administrator,pranavjairam,harikumar,suresh
	recycle:versions = Yes
	recycle:touch = Yes
	comment = Software
	vfs objects = recycle
	writeable = yes
	recycle:keeptree = Yes
	path = /storage/CSfiles/software
[Production]
	path = /storage/CSfiles/production
	writeable = yes
	recycle:keeptree = Yes
	comment = Production
	vfs objects = recycle
	user = @Production, at Management
	recycle:versions = Yes
	browseable = no
	recycle:touch = Yes
	recycle:repository = /storage/CSfiles/production/.recycle/%U
	valid users =
administrator,senthil,manjunathsingh,manjunathmk,rajeshbabu,prabhu,arjunsagar,karthik,kishor,ganeshbabu,vijayakumar,vinodkolar,basavaraj,harikumar
	write list = administrator,manjunathsingh, at
Production,prabhu,arjunsagar,karthik,kishor,vijayakumar,vinodkolar,basavaraj,harikumar
	veto files = /*.mp3/*.avi/*.mov/"
	recycle:maxsixe = 0
	read list = administrator,senthil,manjunathsingh,manjunathmk,rajeshbabu, at
Production, at
Management,prabhu,arjunsagar,karthik,kishor,ganeshbabu,vijayakumar,vinodkolar,basavaraj,harikumar
	inherit permissions = Yes
	recycle:exclude = *.tmp 
[Management]
	writeable = yes
	recycle:keeptree = Yes
	path = /storage/management
	recycle:versions = Yes
	browseable = no
	recycle:touch = Yes
	comment = Management
	vfs objects = recycle
	user = @Management
	recycle:repository = /storage/CSfiles/management/.recycle/%U
	valid users = administrator
	write list = administrator, at Management
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	recycle:maxsixe = 0
	read list = administrator, at Management
 
[Marketing]
	recycle:maxsixe = 0
	comment = Marketing Files
	vfs objects = recycle
	read list = administrator,kavitha,kokila
	recycle:versions = Yes
	recycle:touch = Yes
	browseable = no
	recycle:exclude = *.tmp 
	valid users = administrator,kavitha,kokila
	recycle:repository = /storage/CSfiles/marketing/.recycle/%U
	path = /storage/CSfiles/marketing
	write list = administrator,kavitha,kokila
	veto files = "*.mp3/*.avi/*.mov/"
	recycle:keeptree = Yes
[Productoin Bakery Equipment]
	recycle:exclude = *.tmp 
	inherit permissions = Yes
	read list = administrator, at Production, at Management, at materials
	recycle:maxsixe = 0
	veto files = /*.mp3/*.avi/*.mov/"
	write list = administrator, at Production, at Management
	valid users = administrator
	recycle:repository = /storage/production-BE/.recycle/%U
	browseable = no
	recycle:touch = Yes
	recycle:versions = Yes
	user = @Production, at Management, at materials
	vfs objects = recycle
	comment = Production Bakery Equipment
	recycle:keeptree = Yes
	writeable = yes
	path = /production-BE
[QMS]
	recycle:maxsixe = 0
	read list = administrator,senthil,suresh
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	recycle:repository = /storage/qms/.recycle/%U
	valid users = administrator,senthil,suresh
	write list = administrator,senthil,suresh
	veto files = /*.mp3/*.avi/*.mov/"
	comment = QMS Files
	vfs objects = recycle
	recycle:versions = Yes
	browseable = no
	recycle:touch = Yes
	path = /storage/CSfiles/qms
	recycle:keeptree = Yes
	writeable = yes
[HR]
	recycle:maxsixe = 0
	read only = No
	read list = administrator,vijaya,suresh,rajeshwari,harikumar
	inherit acls = Yes
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	recycle:repository = /storage/CSfiles/HR/.recycle/%U
	valid users = administrator,vijaya,suresh,rajeshwari,harikumar
	write list = administrator,vijaya,suresh,rajeshwari,harikumar
	veto files = /*.mp3/*.avi/*.mov/"
	comment = HR Documents
	vfs objects = recycle
	recycle:versions = Yes
	browseable = no
	recycle:touch = Yes
	path = /storage/CSfiles/HR/
	writeable = yes
	recycle:keeptree = Yes
[storagebox]
	comment = Entire CSA files
	read list = suresh
	inherit acls = Yes 
	inherit permissions = Yes
	valid users = suresh
	write list = suresh
	path = /storage/
	veto files = /*.mp3/*.avi/*.mov/
		recycle:repository = /storage/.recycle/%U
		recycle:maxsixe = 0
	 	recycle:exclude = *.tmp
	 	recycle:keeptree = Yes
		recycle:versions = Yes
        	recycle:touch = Yes
[revent]
	valid users = administrator,prabhu,pranavjairam,roopesh,vinodkolar
	recycle:repository = /storage/CSfiles/revent/.recycle/%U
	write list = administrator,pranavjairam, at
management,prabhu,roopesh,vinodkolar
	public = yes
	recycle:maxsixe = 0
	read list = administrator,pranavjairam,prabhu, at management,roopesh,vinodkolar
	inherit acls = Yes
	recycle:exclude = *.tmp 
	inherit permissions = Yes
	path = /storage/CSfiles/revent
	recycle:keeptree = Yes
	writeable = yes
	comment = revent
	vfs objects = recycle
	user = @management
	recycle:versions = Yes
	recycle:touch = Yes
	browseable = no
       # only user = Yes
[csvideo]
	write list =
administrator,pranavjairam,manjunathsingh,suresh,harikumar,harsha,ram, at
management
	valid users = administrator,suresh,%U
	recycle:repository = /storage/CSfiles/csaplvideos/.recycle/%U
	public = yes
	read list = administrator,%U,satheeshkumar, at management
	recycle:maxsixe = 0
	recycle:exclude = *.tmp 
	inherit permissions = Yes
	inherit acls = Yes
	path = /storage/CSfiles/csaplvideos
	writeable = yes
	recycle:keeptree = Yes
	user = @management
	vfs objects = recycle
	comment = csaplvideo
	recycle:touch = Yes
	recycle:versions = Yes
[ABL]
	read list = administrator,pranavjairam,manjunathsingh, at
management,prabhu,arjunsagar,vijayakumar
	recycle:maxsixe = 0
	recycle:exclude = *.tmp 
	inherit permissions = Yes
	inherit acls = Yes
	write list = administrator,pranavjairam,manjunathsingh, at
management,prabhu,arjunsagar,vijayakumar
	valid users =
administrator,pranavjairam,manjunathsingh,prabhu,arjunsagar,vijayakumar
	recycle:repository = /storage/CSfiles/ABL/.recycle/%U
	public = yes
	veto files = /*.mp3/*.avi/*.mov/"
	user = @management
	vfs objects = recycle
	comment = Automatic Bread Line Project
	recycle:touch = Yes
	browseable = no
	recycle:versions = Yes
	path = /storage/CSfiles/ABL
	writeable = yes
	recycle:keeptree = Yes
[automation]
	path = /storage/CSfiles/automation
	writeable = yes
	recycle:keeptree = Yes
	comment = Automation - PLC
	vfs objects = recycle
	recycle:versions = Yes
	browseable = no
	recycle:touch = Yes
	recycle:repository = /storage/CSfiles/automation/.recycle/%U
	valid users = pranavjairam,amir,electrical,anilm,yogeshkumar
	write list = pranavjairam,amir,anilm,yogeshkumar
	veto files = /*.mp3/*.avi/*.mov/"
	public = yes
	recycle:maxsixe = 0
	read list = pranavjairam,amir,electrical,anilm,yogeshkumar
	inherit acls = Yes
	inherit permissions = Yes
	recycle:exclude = *.tmp
[inventory]
        path = /storage/CSfiles/Inventory
        writeable = yes
        recycle:keeptree = Yes
        comment = Automation - PLC
        vfs objects = recycle
        recycle:versions = Yes
        browseable = no
        recycle:touch = Yes
        recycle:repository = /storage/CSfiles/Inventory/.recycle/%U
        valid users = pranavjairam,suresh,harikumar
        write list = pranavjairam,suresh,harikumar
        veto files = /*.mp3/*.avi/*.mov/"
        public = yes
        recycle:maxsixe = 0
        read list = suresh,pranavjairam,harikumar
        inherit acls = Yes
        inherit permissions = Yes
        recycle:exclude = *.tmp
[rackoven]
	veto files = /*.mp3/*.avi/*.mov/"
	public = yes
	recycle:repository = /storage/CSfiles/Design/.recycle/%U
	valid users = roopesh
	write list = maheshbabu,prabath
	inherit acls = Yes
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	recycle:maxsixe = 0
	read list = roopesh
	recycle:keeptree = Yes
	writeable = yes
	path = /storage/CSfiles/Design/Rackovens-oct2010
	recycle:versions = Yes
	recycle:touch = Yes
	comment = Rack Ovens
	vfs objects = recycle
[rack1]
	recycle:maxsixe = 0
	read list = rajeshbabu,arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
	inherit acls = Yes
	recycle:exclude = *.tmp
	inherit permissions = Yes
	valid users =
roopesh,rajeshbabu,arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
	recycle:repository = /storage/CSfiles/Design/.recycle/%U
	write list = arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
	veto files = /*.mp3/*.avi/*.mov/"
	public = yes
	comment = Rack Ovens( New on created by Mr.Mukund)
	vfs objects = recycle
	recycle:versions = Yes
	recycle:touch = Yes
	path = /storage/CSfiles/Design/RACK
	writeable = yes
	recycle:keeptree = Yes
        
[edshare]
	write list =
pranavjairam,suresh,manjunathsingh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
	recycle:repository = /storage/CSfiles/Design/.recycle/%U
	valid users =
manjunathsingh,pranavjairam,suresh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
	public = yes
	read list =
manjunathsingh,pranavjairam,suresh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
	recycle:maxsixe = 0
	inherit permissions = Yes
	recycle:exclude = *.txt
	inherit acls = Yes
	path = /storage/CSfiles/Design/EDShare
	writeable = yes
	recycle:keeptree = Yes
	vfs objects = recycle
	comment = Engineering Drwaing for Sharing Design Department
	recycle:touch = Yes
	recycle:versions = Yes
				
[B1900]
	write list = senthil
	recycle:repository = /storage/CSfiles/Design/.recycle/%U
	valid users = senthil
	public = yes
	veto files = /*.mp3/*.avi/*.mov/"
	read list = senthil
	recycle:maxsixe = 0
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	inherit acls = Yes
	path =
/storage/CSfiles/Design/EDShare/Rack_ovens/India_231211(14.02.2012)/B-1900(New14.02.2012)
	recycle:keeptree = Yes
	writeable = yes
	vfs objects = recycle
	comment = Engineering Drwaing for B1900
	recycle:touch = Yes
	recycle:versions = Yes
[egostol]
	comment = Gostol Documents ;
	read list = administrator
	inherit acls = Yes
	inherit permissions = Yes
	valid users = administrator
	write list = administrator
	path = /storage/Design/Gostol Documents ;
	veto files = /*.mp3/*.avi/*.mov/" ;
	public = yes
	writeable = yes
	# only user = No 
[gostol]
	recycle:versions = Yes
	recycle:touch = Yes
	comment = Gostol Gopan
	vfs objects = recycle
	writeable = yes
	recycle:keeptree = Yes
	path = /storage/CSfiles/Gostol
	inherit acls = Yes
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	recycle:maxsixe = 0
	read list = hrjairam
	veto files = /*.mp3/*.avi/*.mov/"
	public = yes
	recycle:repository = /storage/CSfiles/Gostol/.recycle/%U
	valid users = hrjairam
	write list = hrjairam
[financial]
	recycle:versions = Yes
	recycle:touch = Yes
	comment = Financial Statements
	vfs objects = recycle
	writeable = yes
	recycle:keeptree = Yes
	path = /storage/CSfiles/Financial
	inherit acls = Yes
	recycle:exclude = *.tmp 
	inherit permissions = Yes
	recycle:maxsixe = 0
	veto files = /*.mp3/*.avi/*.mov/"
	public = yes
	valid users = vijaya,hrjairam
	recycle:repository = /storage/CSfiles/Financial/.recycle/%U
	write list = vijaya,hrjairam
[csinfo]
	recycle:maxsixe = 0
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	inherit acls = Yes
	write list = pranavjairam,hrjairam,vijaya
	recycle:repository = /storage/CSfiles/CSAPLInfo/.recycle/%U
	valid users = pranavjairam,hrjairam,vijaya
	public = yes
	veto files = /*.mp3/*.avi/*.mov/"
	vfs objects = recycle
	comment = CS Aerotherm Pvt. Ltd. Information
	recycle:touch = Yes
	recycle:versions = Yes
	path = /storage/CSfiles/CSAPLInfo
	recycle:keeptree = Yes
	writeable = yes
[service]
	comment = Service Office Files (K.R.Road -- Through VPN)
	vfs objects = recycle
	recycle:versions = Yes
	recycle:touch = Yes
	path = /storage/CSfiles/Service
	recycle:keeptree = Yes
	writeable = yes
	recycle:maxsixe = 0
	read list = suresh,nirmala,balaji,archana,manjunathmk,devaraju,padminisharma
	inherit acls = Yes
	recycle:exclude = *.tmp
	inherit permissions = Yes
	valid users = suresh,nirmala,balaji,archana,manjunathmk,devaraju,padminisharma
	recycle:repository = /storage/CSfiles/Service/.recycle/%U
	write list = suresh,nirmala,balaji,archana,manjunath,devaraju,padminisharma
	veto files = /*.mp3/*.avi/*.mov/"
	public = yes
				
[goinfo]
	recycle:keeptree = Yes
	writeable = yes
	path = /opt/sqlanywhere12/gosoft
	recycle:touch = Yes
	recycle:versions = Yes
	vfs objects = recycle
	comment = Gosoft
	public = yes
	veto files = /*.mp3/*.avi/*.mov/"
	write list = pranavjairam,manjunath
	recycle:repository = /opt/sqlanywhere12/gosoft/.recycle/%U
	valid users = pranavjairam,manjunath
	inherit permissions = Yes
	recycle:exclude = *.tmp 
	inherit acls = Yes
	read list = pranavjairam,manjunath
	recycle:maxsixe = 0
[ISO]
	read list =
administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
	recycle:maxsixe = 0
	inherit permissions = Yes
	recycle:exclude = *.tmp
	inherit acls = Yes
	write list =
administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
	recycle:repository = /storage/CSfiles/iso_2015/.recycle/%U
	valid users =
administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
	public = yes
	veto files = /*.mp3/*.avi/*.mov/"
	vfs objects = recycle
	comment = ISO Files
	browseable = no
	recycle:touch = Yes
	recycle:versions = Yes
	path = /storage/CSfiles/ISO_2015/
	writeable = yes
	recycle:keeptree = Yes
Andrew Bartlett
2018-Jun-30  10:10 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
On Sat, 2018-06-30 at 14:51 +0530, Anantha Raghava via samba wrote:> Hi, > > We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 LTS) > for quite sometime now. We recently installed Samba-AD (Samba AD Version > 4.7.6) and made the file server a member of the Domain. Everything was > fine till around 11:15 am yesterday. We just added one more share folder > and gave access to three users and restarted Samba File Server services > - smbd, nmbd and winbindd - services and we lost the file server. None > of the domain user is able to login to file server and access their > shares. If we access the shares from a non-domain member PC, shares are > accessible. > > File server when accessed asks for user name & password. Once the user > feeds his credentials, the login fails and again the file server will > ask for user credentials. This is really surprising. > > We enabled log level 3 on both samba servers (File & AD Server) and we > see nothing with respect to this error.Given the serious nature of things, I would just keep turning up the logs until something becomes clear. Is winbindd still talking to the domain, eg 'wbinfo -P'? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Anantha Raghava
2018-Jun-30  10:47 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
Hello Andrew, Thanks for quick response. It looks like winbindd is not connecting to domain. wbinfo -P results in a failure. The actual result is: checking the NETLOGON for domain[WORKGROUP] dc connection to "" failed failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 30/06/18 3:40 PM, Andrew Bartlett wrote:> On Sat, 2018-06-30 at 14:51 +0530, Anantha Raghava via samba wrote: >> Hi, >> >> We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 LTS) >> for quite sometime now. We recently installed Samba-AD (Samba AD Version >> 4.7.6) and made the file server a member of the Domain. Everything was >> fine till around 11:15 am yesterday. We just added one more share folder >> and gave access to three users and restarted Samba File Server services >> - smbd, nmbd and winbindd - services and we lost the file server. None >> of the domain user is able to login to file server and access their >> shares. If we access the shares from a non-domain member PC, shares are >> accessible. >> >> File server when accessed asks for user name & password. Once the user >> feeds his credentials, the login fails and again the file server will >> ask for user credentials. This is really surprising. >> >> We enabled log level 3 on both samba servers (File & AD Server) and we >> see nothing with respect to this error. > Given the serious nature of things, I would just keep turning up the > logs until something becomes clear. > > Is winbindd still talking to the domain, eg 'wbinfo -P'? > > Thanks, > > Andrew Bartlett >
Rowland Penny
2018-Jun-30  11:43 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
On Sat, 30 Jun 2018 14:51:48 +0530 Anantha Raghava via samba <samba at lists.samba.org> wrote:> Hi, > > We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 > LTS) for quite sometime now. We recently installed Samba-AD (Samba AD > Version 4.7.6) and made the file server a member of the Domain. > Everything was fine till around 11:15 am yesterday. We just added one > more share folder and gave access to three users and restarted Samba > File Server services > - smbd, nmbd and winbindd - services and we lost the file server. > None of the domain user is able to login to file server and access > their shares. If we access the shares from a non-domain member PC, > shares are accessible. > > File server when accessed asks for user name & password. Once the > user feeds his credentials, the login fails and again the file server > will ask for user credentials. This is really surprising. > > We enabled log level 3 on both samba servers (File & AD Server) and > we see nothing with respect to this error. > > Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are > attached. > > I am aware that Samba file server is very old and it's time to > upgrade. However, getting it back live is now critical for us. > > Look forward for any guidance. > > > Thanks & Regards, > > > Anantha Raghava > > > Do not print this e-mail unless required. Save Paper & trees. >There doesn't seen to be anything really wrong with the Unix domain member smb.conf, apart from it having a netlogon share (this in my opinion should only be on a PDC or DC). I would leave the domain, remove the netlogon share, remove all Samba .ldb and .tdb files (usually in /var/lib/samba), then rejoin the domain and restart the samba deamons (nmbd, smbd and winbindd), this will recreate all the Samba databases. If this doesn't work, add 'log level = 10' to smb.conf on the Unix domain member and see if anything pops out. I have however noticed this: DC smb.conf: realm = XXXX.COM workgroup = XXXX [netlogon] path = /usr/local/samba/var/locks/sysvol/exza.com/scripts Unix domain member smb.conf: workgroup = CSAEROTHERM realm = CSAEROTHERM.COM On the DC, the realm appears to actually be 'exza.com' but on the Unix domain member it is set to 'CSAEROTHERM.COM', these must match, yours don't. Rowland
Anantha Raghava
2018-Jun-30  15:39 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
Hello Rowland,> On Sat, 30 Jun 2018 14:51:48 +0530 > Anantha Raghava via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 >> LTS) for quite sometime now. We recently installed Samba-AD (Samba AD >> Version 4.7.6) and made the file server a member of the Domain. >> Everything was fine till around 11:15 am yesterday. We just added one >> more share folder and gave access to three users and restarted Samba >> File Server services >> - smbd, nmbd and winbindd - services and we lost the file server. >> None of the domain user is able to login to file server and access >> their shares. If we access the shares from a non-domain member PC, >> shares are accessible. >> >> File server when accessed asks for user name & password. Once the >> user feeds his credentials, the login fails and again the file server >> will ask for user credentials. This is really surprising. >> >> We enabled log level 3 on both samba servers (File & AD Server) and >> we see nothing with respect to this error. >> >> Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are >> attached. >> >> I am aware that Samba file server is very old and it's time to >> upgrade. However, getting it back live is now critical for us. >> >> Look forward for any guidance. >> >> >> Thanks & Regards, >> >> >> Anantha Raghava >> >> >> Do not print this e-mail unless required. Save Paper & trees. >> > There doesn't seen to be anything really wrong with the Unix domain > member smb.conf, apart from it having a netlogon share (this in my > opinion should only be on a PDC or DC). I would leave the domain, > remove the netlogon share, remove all Samba .ldb and .tdb files > (usually in /var/lib/samba), then rejoin the domain and restart the > samba deamons (nmbd, smbd and winbindd), this will recreate all the > Samba databases. > > If this doesn't work, add 'log level = 10' to smb.conf on the Unix > domain member and see if anything pops out. > > I have however noticed this: > > DC smb.conf: > > realm = XXXX.COM > workgroup = XXXX > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/exza.com/scripts > > Unix domain member smb.conf: > > workgroup = CSAEROTHERM > realm = CSAEROTHERM.COM > > On the DC, the realm appears to actually be 'exza.com' but on the Unix > domain member it is set to 'CSAEROTHERM.COM', these must match, yours > don't.This is matching. I was just comparing the smb.conf of AD DC on exza.com server with that of CSAEROTHERM.COM. Since it was same, I just copied smb.conf from exza.com server and attached to the mail. I tried the your suggestion. I attempted to leave domain. it resulted in: root at samba-64:/var/lib/samba# net ads leave -U administrator No realm set, are we joined ? & If I try to join the domain, it results in : root at samba-64:/var/lib/samba# net ads join -U administrator Host is not configured as a member server. Invalid configuration. Exiting.... Failed to join domain: This operation is only allowed for the PDC of the domain.> > Rowland >Regards, Anantha Raghava