Aaron Johnson
2014-May-20 02:34 UTC
[Samba] Unable to connect to domain after upgrading to Samba 3.6.9
Thanks in advance for your help. We recently upgraded from Centos 5.X samba 3.5 to Centos 6.X samba 3.6.9. Shared drives and data are accessible which indicates that user accounts were also successfully migrated. However when attempting to connect one of our Windows 7 Pro 64-bit SP1 workstation to our Samba domain controller the connection fails. I did have to add a SRV record for "_ldap._tcp.dc._msdcs.ldoubler.org. 3600 IN SRV 0 100 389 server.ldoubler.org." to DNS following our first error, however now the client appears to be attempting to connect to the LDAP service port 389 on our domain controller, however we are not using an LDAP backend, as such it is causing this error: DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "ldoubler.org": The query was for the SRV record for _ldap._tcp.dc._msdcs.ldoubler.org The following domain controllers were identified by the query: server.ldoubler.org However no domain controllers could be contacted. Common causes of this error include: - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. We are using tdbsam, how do we use this backend without ldap? Here is our smb.conf file for reference: # cat /etc/samba/smb.conf | grep -v '^#' [global] workgroup = LDOUBLER.ORG security = user netbios aliases = server server string = %h server passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *New\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *passwd*\sall\sauthentication\stokens\supdated\ssuccessfully.* . username map = /etc/samba/smbusers check password script = /usr/sbin/cracklib-check unix password sync = yes syslog = 0 log file = /var/log/samba/log.%m log level = 1 max log size = 10000000 add user script = /usr/sbin/useradd -m %u delete user script = /usr/sbin/usrdel -r %u/ add group script = /usr/sbin/groupadd %g delete group script = /usr/sbin/groupdel %g add user to group script = /usr/sbin/groupmod -A %u %g delete user from group script = /usr/sbin/groupmod -R %u %g add machine script = /usr/sbin/adduser -n -l --home /var/lib/nobody --shell /bin/false %u logon script = scripts\logon-common.bat scripts\logon-%a.bat scripts\logon-%u.bat scripts\logon-%g.bat logon path = \\%L\profiles logon drive = H: logon home = \\%L\%U domain logons = Yes os level = 35 preferred master = Yes domain master = Yes dns proxy = No encrypt passwords = yes message command = echo %m $(cat %s |tr -d '\000') >>/tmp/smbmess; rm %s panic action = /usr/share/samba/panic-action %d admin users = @admin #, root, administrator time server = yes [homes] read only = No acl group control = Yes create mask = 0600 force create mode = 0600 security mask = 0600 directory mask = 0700 force directory mode = 0700 directory security mask = 0700 hide unreadable = Yes veto files = //.*/profile/profile.V2/Maildir/ browseable = No [Office] comment = Whole Office shared path = /srv/samba/officeshared valid users = @users force group = users read only = No create mask = 0770 force create mode = 0770 directory mask = 2770 force directory mode = 2770 veto files wide links = No [ExecutiveSecure] comment = Executive Secure Files path = /srv/samba/execsecure valid users = @executive force group = executive read only = No create mask = 0660 force create mode = 0660 force security mode = 0660 directory mask = 2770 force directory mode = 2770 force directory security mode = 2770 inherit permissions = Yes inherit owner = Yes browseable = Yes [profiles] comment = profiles for windows XP logon path = /home/%U/profile read only = No create mask = 0600 force create mode = 0600 directory mask = 0700 force directory mode = 0700 store dos attributes = Yes browseable = No [profiles.V2] comment = profiles for windows 7 logon path = /home/%U/profile.V2 read only = No create mask = 0600 force create mode = 0600 directory mask = 0700 force directory mode = 0700 store dos attributes = Yes browseable = No [netlogon] comment = NetLogon Share path = /srv/samba/samba/netlogon guest ok = Yes browseable = No [accounting] comment = Accounting Files path = /srv/samba/accounting valid users = @accounting @executive aaron force group = accounting read only = No create mask = 0660 force create mode = 0660 directory mask = 2770 force directory mode = 2770 browseable = Yes [campwise] comment = Campwise Data files path = /srv/samba/campwise valid users = @campwise @users force group = campwise read only = No create mask = 0660 force create mode = 0660 directory mask = 2770 force directory mode = 2770 wide links = No browseable = Yes [scanning] browseable = Yes delete readonly = yes wide links = no writable = yes write list = minolta @scanning path = /srv/samba/scanning force directory mode = 2070 force group = scanning force create mode = 0060 comment = New Incoming Scans valid users = minolta @scanning create mode = 0060 directory mode = 2070 [sysadmins] comment = System Administration Things path = /srv/samba/sysadmins valid users = @admin #valid users checks the UNIX group NOT the Windows group force group = admin read only = no create mask = 0660 directory mask = 2770 browsable = no [root@ ~]# Thanks, Aaron Johnson
Aaron Johnson
2014-May-29 00:47 UTC
[Samba] Unable to connect to domain after upgrading to Samba 3.6.9
Thoughts on this anyone? Thanks, Aaron> On May 19, 2014, at 8:34 PM, Aaron Johnson <aaron at ajserver.com> wrote: > > Thanks in advance for your help. > > We recently upgraded from Centos 5.X samba 3.5 to Centos 6.X samba 3.6.9. Shared drives and data are accessible which indicates that user accounts were also successfully migrated. > > However when attempting to connect one of our Windows 7 Pro 64-bit SP1 workstation to our Samba domain controller the connection fails. I did have to add a SRV record for "_ldap._tcp.dc._msdcs.ldoubler.org. 3600 IN SRV 0 100 389 server.ldoubler.org." to DNS following our first error, however now the client appears to be attempting to connect to the LDAP service port 389 on our domain controller, however we are not using an LDAP backend, as such it is causing this error: > > DNS was successfully queried for the service location (SRV) resource > record used to locate a domain controller for domain "ldoubler.org": > > The query was for the SRV record for _ldap._tcp.dc._msdcs.ldoubler.org > > The following domain controllers were identified by the query: > server.ldoubler.org > > > However no domain controllers could be contacted. > > Common causes of this error include: > > - Host (A) or (AAAA) records that map the names of the domain > controllers to their IP addresses are missing or contain incorrect > addresses. > > - Domain controllers registered in DNS are not connected to the > network or are not running. > > We are using tdbsam, how do we use this backend without ldap? > > > Here is our smb.conf file for reference: > > # cat /etc/samba/smb.conf | grep -v '^#' > > [global] > workgroup = LDOUBLER.ORG > security = user > netbios aliases = server > server string = %h server > passdb backend = tdbsam > passwd program = /usr/bin/passwd %u > passwd chat = *New\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n > *passwd*\sall\sauthentication\stokens\supdated\ssuccessfully.* . > username map = /etc/samba/smbusers > check password script = /usr/sbin/cracklib-check > unix password sync = yes > syslog = 0 > log file = /var/log/samba/log.%m > log level = 1 > max log size = 10000000 > add user script = /usr/sbin/useradd -m %u > delete user script = /usr/sbin/usrdel -r %u/ > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel %g > add user to group script = /usr/sbin/groupmod -A %u %g > delete user from group script = /usr/sbin/groupmod -R %u %g > add machine script = /usr/sbin/adduser -n -l --home > /var/lib/nobody --shell /bin/false %u > logon script = scripts\logon-common.bat > scripts\logon-%a.bat scripts\logon-%u.bat scripts\logon-%g.bat > logon path = \\%L\profiles > logon drive = H: > logon home = \\%L\%U > domain logons = Yes > os level = 35 > preferred master = Yes > domain master = Yes > dns proxy = No > encrypt passwords = yes > message command = echo %m $(cat %s |tr -d '\000') > >>/tmp/smbmess; rm %s > panic action = /usr/share/samba/panic-action %d > admin users = @admin > #, root, administrator > time server = yes > > > > [homes] > read only = No > acl group control = Yes > create mask = 0600 > force create mode = 0600 > security mask = 0600 > directory mask = 0700 > force directory mode = 0700 > directory security mask = 0700 > hide unreadable = Yes > veto files = //.*/profile/profile.V2/Maildir/ > browseable = No > > [Office] > comment = Whole Office shared > path = /srv/samba/officeshared > valid users = @users > force group = users > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 2770 > force directory mode = 2770 > veto files > wide links = No > > [ExecutiveSecure] > comment = Executive Secure Files > path = /srv/samba/execsecure > valid users = @executive > force group = executive > read only = No > create mask = 0660 > force create mode = 0660 > force security mode = 0660 > directory mask = 2770 > force directory mode = 2770 > force directory security mode = 2770 > inherit permissions = Yes > inherit owner = Yes > browseable = Yes > > [profiles] > comment = profiles for windows XP logon > path = /home/%U/profile > read only = No > create mask = 0600 > force create mode = 0600 > directory mask = 0700 > force directory mode = 0700 > store dos attributes = Yes > browseable = No > > [profiles.V2] > comment = profiles for windows 7 logon > path = /home/%U/profile.V2 > read only = No > create mask = 0600 > force create mode = 0600 > directory mask = 0700 > force directory mode = 0700 > store dos attributes = Yes > browseable = No > > > [netlogon] > comment = NetLogon Share > path = /srv/samba/samba/netlogon > guest ok = Yes > browseable = No > > > [accounting] > comment = Accounting Files > path = /srv/samba/accounting > valid users = @accounting @executive aaron > force group = accounting > read only = No > create mask = 0660 > force create mode = 0660 > directory mask = 2770 > force directory mode = 2770 > browseable = Yes > > > [campwise] > comment = Campwise Data files > path = /srv/samba/campwise > valid users = @campwise @users > force group = campwise > read only = No > create mask = 0660 > force create mode = 0660 > directory mask = 2770 > force directory mode = 2770 > wide links = No > browseable = Yes > > [scanning] > browseable = Yes > delete readonly = yes > wide links = no > writable = yes > write list = minolta @scanning > path = /srv/samba/scanning > force directory mode = 2070 > force group = scanning > force create mode = 0060 > comment = New Incoming Scans > valid users = minolta @scanning > create mode = 0060 > directory mode = 2070 > > [sysadmins] > comment = System Administration Things > path = /srv/samba/sysadmins > valid users = @admin > #valid users checks the UNIX group NOT the Windows group > force group = admin > read only = no > create mask = 0660 > directory mask = 2770 > browsable = no > [root@ ~]# > > Thanks, > Aaron Johnson > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
Maybe Matching Threads
- File Modify/Delete Problems with Samba 3.0.14a and Windows XP
- file permissions with inherit permission + ACL's
- Problems with Group Ids and several samba servers
- Samba (2.2.8a or 3.0.2a) + WinXP not updating roaming profiles on logout
- Excel and Samba Problem