Louis,
Please find the o/p below. Have a question, I read somewhere that using
hostname lookups = yes in smb.conf helps with this. Is that correct?
We followed the samba wiki to setup the DNS.
Hostname: winad01
DNS Domain: addom.com
FQDN: winad01.addom.com
ipaddress: 10.10.10.10
-----------
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
NAME="Ubuntu"
VERSION="18.04.1 LTS (Bionic Beaver)"
This computer is running Ubuntu 18.04.1 LTS x86_64
-----------
running command : ip a
inet 10.10.10.10/24 brd 10.10.10.255 scope global lan
-----------
Checking file: /etc/hosts
127.0.0.1 localhost
10.10.10.10 winad01.addom.com winad01
Checking file: /etc/resolv.conf
# Needs to point to ourselves
search addom.com
nameserver 10.10.10.10
---------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = addom.com
dns_lookup_realm = false
dns_lookup_kdc = true
[realms]
addom.com = {
kdc = winad01
admin_server = winad01
}
-----------
Checking file: /etc/nsswitch.conf
passwd: files winbind
group: files winbind
shadow: compat
gshadow: files
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-----------
Checking file: /etc/samba/smb.conf
[global]
workgroup = ADDOM
realm = ADDOM.COM
netbios name = WINAD01
server role = active directory domain controller
idmap_ldb:use rfc2307 = yes
server services = -dns
#hostname lookups = yes
[netlogon]
path = /var/lib/samba/sysvol/addom.com/scripts
read only = No
[sysvol]
path = /var/lib/samba/sysvol
read only = No
[companydata]
path = /mnt/cdata
read only = No
inherit permissions = Yes
hide unreadable = Yes
[eng]
comment = Eng data
path = /mnt/eng
read only = No
inherit permissions = Yes
hide unreadable = Yes
Detected bind DLZ enabled..
Checking file: /etc/bind/named.conf
include "/etc/bind/named.conf.options";
include "/etc/bind/named.conf.local";
include "/etc/bind/named.conf.default-zones";
include "/var/lib/samba/private/named.conf";
-----------
Checking file: /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you may need to fix the firewall to allow multiple
// ports to talk. See http://www.kb.cert.org/vuls/id/800113
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
forwarders {
8.8.8.8;
};
dnssec-validation auto;
tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
-----------
Checking file: /etc/bind/named.conf.local
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
-----------
Checking file: /etc/bind/named.conf.default-zones
// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};
// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
-----------
Samba DNS zone list:
Samba DNS zone list Automated check :
Installed packages:
ii attr 1:2.4.47-2build1 amd64
Utilities for manipulating filesystem extended attributes
ii bind9 1:9.11.3+dfsg-1ubuntu1.7 amd64
Internet Domain Name Server
ii bind9-host 1:9.11.3+dfsg-1ubuntu1.7 amd64
DNS lookup utility (deprecated)
ii bind9utils 1:9.11.3+dfsg-1ubuntu1.7 amd64
Utilities for BIND
ii krb5-config 2.6 all
Configuration files for Kerberos Version 5
ii krb5-locales 1.16-2ubuntu0.1 all
internationalization support for MIT Kerberos
ii krb5-user 1.16-2ubuntu0.1 amd64
basic programs to authenticate using MIT Kerberos
ii libacl1:amd64 2.2.52-3build1 amd64
Access control list shared library
ii libattr1:amd64 1:2.4.47-2build1 amd64
Extended attribute shared library
ii libbind9-160:amd64 1:9.11.3+dfsg-1ubuntu1.7 amd64
BIND9 Shared Library used by BIND
ii libgssapi-krb5-2:amd64 1.16-2ubuntu0.1 amd64
MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-26-heimdal:amd64 7.5.0+dfsg-1 amd64
Heimdal Kerberos - libraries
ii libkrb5-3:amd64 1.16-2ubuntu0.1 amd64
MIT Kerberos runtime libraries
ii libkrb5support0:amd64 1.16-2ubuntu0.1 amd64
MIT Kerberos runtime libraries - Support library
ii libnss-winbind:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Samba nameservice integration plugins
ii libpam-winbind:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Windows domain authentication integration plugin
ii libwbclient0:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Samba winbind client library
ii python-samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Python bindings for Samba
ii samba 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
SMB/CIFS file, print, and login server for Unix
ii samba-common 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 all
common files used by both the Samba server and client
ii samba-common-bin 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Samba common files used by both the server and the client
ii samba-dsdb-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Samba Directory Services Database
ii samba-libs:amd64 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Samba core libraries
ii samba-vfs-modules 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
Samba Virtual FileSystem plugins
ii winbind 2:4.7.6+dfsg~ubuntu-0ubuntu2.11 amd64
service to resolve user and group information from Windows NT servers
-----------
On Wed, Jun 19, 2019 at 5:01 PM L.P.H. van Belle via samba <
samba at lists.samba.org> wrote:
> What for me looks a bit off.
> This is my output ( part of ) smbstatus -a on the AD-DC.
>
> PID Username Group Machine IP
> Protocol Version Encryption Signing
> 25843 ADDOM\member-vpn1$ ADDOM\domain computers 192.168.0.2 (ipv4:
> 192.168.0.2:36860) SMB3_11 - AES-128-CMAC
> 34317 root ADDOM\domain users 192.168.0.5 (ipv4:
> 192.168.0.5:55934) SMB2_10 - HMAC-SHA256
>
> Service pid Machine Connected at
> Encryption Signing
> IPC$ 25843 192.168.0.2 Wed Jun 19 02:30:09 AM 2019 CEST -
> AES-128-CMAC
> sysvol 34317 192.168.0.5 Wed Jun 19 08:12:34 AM 2019 CEST -
> HMAC-SHA256
>
> Now look at the pid numbers, i showed 1 computer and 1 user connection.
>
> These your yours, what do you notice.
> netlogon 439 10.10.10..187 Wed Jun 19 04:15:07 2019 UTC -
> HMAC-SHA256
> Administrator 440 10.10.10..25 Wed Jun 19 04:15:07 2019 UTC -
> HMAC-SHA256
>
> i hope this is a typo : 10.10.10..25 << .. ?
>
> There is more going on in you setup.
> Ow and in above my "computer" showed up as "username"
ADDOM\member-vpn1$
>
> Can you post you OS, samba version, compiled or supplied by OS.
> And if its a debian or ubuntu server, can you run :
>
>
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
> And post the output.
>
> That saves us from asking things again, the script shows almost all we
> need.
>
> Greetz,
>
> Louis
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Rob
> > Thoman via samba
> > Verzonden: woensdag 19 juni 2019 6:27
> > Aan: samba
> > Onderwerp: [Samba] IPs in smbstatus
> >
> > Hi,
> >
> > Can I request some suggestions regarding the following?
> >
> > Issue1
> >
> > In our AD server, we are not seeing the hostname of the machine in
> > smbstatus, it only shows IP. How can we see the hostname? The
> > server can
> > ping/resolve the hosts in question.
> >
> > PID Username COM Machine
> > Protocol Version Encryption Signing
> > --------------------------------------------------------------
> > --------------------------------------------------------------
> > ------------
> > 439 dadmin users 10.10.10.187
> > (ipv4:10.10.10.187:58934)
> > SMB2_10 - HMAC-SHA256
> > 440 root users 10.10.10.25 (ipv4:10.10.10.25:61136)
> > SMB2_10 - HMAC-SHA256
> >
> > Service pid Machine Connected at
> > Encryption Signing
> > --------------------------------------------------------------
> > -------------------------------
> > netlogon 439 10.10.10..187 Wed Jun 19 04:15:07 2019 UTC -
> > HMAC-SHA256
> > Administrator 440 10.10.10..25 Wed Jun 19 04:15:07 2019 UTC -
> > HMAC-SHA256
> >
> > smb.conf
> >
> > [global]
> > workgroup = ADDOM
> > realm = ADDOM.COM
> > netbios name = WINAD01
> > server role = active directory domain controller
> > idmap_ldb:use rfc2307 = yes
> > server services = -dns
> >
> > Issue2
> > The net groupmap list doesn't show any AD groups? Is that to
> > be expected?
> >
> > Thank you
> >
> > RT
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>