Aaron Johnson
2014-May-20 02:34 UTC
[Samba] Unable to connect to domain after upgrading to Samba 3.6.9
Thanks in advance for your help.
We recently upgraded from Centos 5.X samba 3.5 to Centos 6.X samba
3.6.9. Shared drives and data are accessible which indicates that user
accounts were also successfully migrated.
However when attempting to connect one of our Windows 7 Pro 64-bit SP1
workstation to our Samba domain controller the connection fails. I did
have to add a SRV record for "_ldap._tcp.dc._msdcs.ldoubler.org. 3600 IN
SRV 0 100 389 server.ldoubler.org." to DNS following our first error,
however now the client appears to be attempting to connect to the LDAP
service port 389 on our domain controller, however we are not using an
LDAP backend, as such it is causing this error:
DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain
"ldoubler.org":
The query was for the SRV record for _ldap._tcp.dc._msdcs.ldoubler.org
The following domain controllers were identified by the query:
server.ldoubler.org
However no domain controllers could be contacted.
Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain
controllers to their IP addresses are missing or contain incorrect
addresses.
- Domain controllers registered in DNS are not connected to the
network or are not running.
We are using tdbsam, how do we use this backend without ldap?
Here is our smb.conf file for reference:
# cat /etc/samba/smb.conf | grep -v '^#'
[global]
workgroup = LDOUBLER.ORG
security = user
netbios aliases = server
server string = %h server
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *New\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n
*passwd*\sall\sauthentication\stokens\supdated\ssuccessfully.* .
username map = /etc/samba/smbusers
check password script = /usr/sbin/cracklib-check
unix password sync = yes
syslog = 0
log file = /var/log/samba/log.%m
log level = 1
max log size = 10000000
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/usrdel -r %u/
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/adduser -n -l --home
/var/lib/nobody --shell /bin/false %u
logon script = scripts\logon-common.bat
scripts\logon-%a.bat scripts\logon-%u.bat scripts\logon-%g.bat
logon path = \\%L\profiles
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
dns proxy = No
encrypt passwords = yes
message command = echo %m $(cat %s |tr -d '\000')
>>/tmp/smbmess; rm %s
panic action = /usr/share/samba/panic-action %d
admin users = @admin
#, root, administrator
time server = yes
[homes]
read only = No
acl group control = Yes
create mask = 0600
force create mode = 0600
security mask = 0600
directory mask = 0700
force directory mode = 0700
directory security mask = 0700
hide unreadable = Yes
veto files = //.*/profile/profile.V2/Maildir/
browseable = No
[Office]
comment = Whole Office shared
path = /srv/samba/officeshared
valid users = @users
force group = users
read only = No
create mask = 0770
force create mode = 0770
directory mask = 2770
force directory mode = 2770
veto files wide links = No
[ExecutiveSecure]
comment = Executive Secure Files
path = /srv/samba/execsecure
valid users = @executive
force group = executive
read only = No
create mask = 0660
force create mode = 0660
force security mode = 0660
directory mask = 2770
force directory mode = 2770
force directory security mode = 2770
inherit permissions = Yes
inherit owner = Yes
browseable = Yes
[profiles]
comment = profiles for windows XP logon
path = /home/%U/profile
read only = No
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
store dos attributes = Yes
browseable = No
[profiles.V2]
comment = profiles for windows 7 logon
path = /home/%U/profile.V2
read only = No
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
store dos attributes = Yes
browseable = No
[netlogon]
comment = NetLogon Share
path = /srv/samba/samba/netlogon
guest ok = Yes
browseable = No
[accounting]
comment = Accounting Files
path = /srv/samba/accounting
valid users = @accounting @executive aaron
force group = accounting
read only = No
create mask = 0660
force create mode = 0660
directory mask = 2770
force directory mode = 2770
browseable = Yes
[campwise]
comment = Campwise Data files
path = /srv/samba/campwise
valid users = @campwise @users
force group = campwise
read only = No
create mask = 0660
force create mode = 0660
directory mask = 2770
force directory mode = 2770
wide links = No
browseable = Yes
[scanning]
browseable = Yes
delete readonly = yes
wide links = no
writable = yes
write list = minolta @scanning
path = /srv/samba/scanning
force directory mode = 2070
force group = scanning
force create mode = 0060
comment = New Incoming Scans
valid users = minolta @scanning
create mode = 0060
directory mode = 2070
[sysadmins]
comment = System Administration Things
path = /srv/samba/sysadmins
valid users = @admin
#valid users checks the UNIX group NOT the Windows group
force group = admin
read only = no
create mask = 0660
directory mask = 2770
browsable = no
[root@ ~]#
Thanks,
Aaron Johnson
Aaron Johnson
2014-May-29 00:47 UTC
[Samba] Unable to connect to domain after upgrading to Samba 3.6.9
Thoughts on this anyone? Thanks, Aaron> On May 19, 2014, at 8:34 PM, Aaron Johnson <aaron at ajserver.com> wrote: > > Thanks in advance for your help. > > We recently upgraded from Centos 5.X samba 3.5 to Centos 6.X samba 3.6.9. Shared drives and data are accessible which indicates that user accounts were also successfully migrated. > > However when attempting to connect one of our Windows 7 Pro 64-bit SP1 workstation to our Samba domain controller the connection fails. I did have to add a SRV record for "_ldap._tcp.dc._msdcs.ldoubler.org. 3600 IN SRV 0 100 389 server.ldoubler.org." to DNS following our first error, however now the client appears to be attempting to connect to the LDAP service port 389 on our domain controller, however we are not using an LDAP backend, as such it is causing this error: > > DNS was successfully queried for the service location (SRV) resource > record used to locate a domain controller for domain "ldoubler.org": > > The query was for the SRV record for _ldap._tcp.dc._msdcs.ldoubler.org > > The following domain controllers were identified by the query: > server.ldoubler.org > > > However no domain controllers could be contacted. > > Common causes of this error include: > > - Host (A) or (AAAA) records that map the names of the domain > controllers to their IP addresses are missing or contain incorrect > addresses. > > - Domain controllers registered in DNS are not connected to the > network or are not running. > > We are using tdbsam, how do we use this backend without ldap? > > > Here is our smb.conf file for reference: > > # cat /etc/samba/smb.conf | grep -v '^#' > > [global] > workgroup = LDOUBLER.ORG > security = user > netbios aliases = server > server string = %h server > passdb backend = tdbsam > passwd program = /usr/bin/passwd %u > passwd chat = *New\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n > *passwd*\sall\sauthentication\stokens\supdated\ssuccessfully.* . > username map = /etc/samba/smbusers > check password script = /usr/sbin/cracklib-check > unix password sync = yes > syslog = 0 > log file = /var/log/samba/log.%m > log level = 1 > max log size = 10000000 > add user script = /usr/sbin/useradd -m %u > delete user script = /usr/sbin/usrdel -r %u/ > add group script = /usr/sbin/groupadd %g > delete group script = /usr/sbin/groupdel %g > add user to group script = /usr/sbin/groupmod -A %u %g > delete user from group script = /usr/sbin/groupmod -R %u %g > add machine script = /usr/sbin/adduser -n -l --home > /var/lib/nobody --shell /bin/false %u > logon script = scripts\logon-common.bat > scripts\logon-%a.bat scripts\logon-%u.bat scripts\logon-%g.bat > logon path = \\%L\profiles > logon drive = H: > logon home = \\%L\%U > domain logons = Yes > os level = 35 > preferred master = Yes > domain master = Yes > dns proxy = No > encrypt passwords = yes > message command = echo %m $(cat %s |tr -d '\000') > >>/tmp/smbmess; rm %s > panic action = /usr/share/samba/panic-action %d > admin users = @admin > #, root, administrator > time server = yes > > > > [homes] > read only = No > acl group control = Yes > create mask = 0600 > force create mode = 0600 > security mask = 0600 > directory mask = 0700 > force directory mode = 0700 > directory security mask = 0700 > hide unreadable = Yes > veto files = //.*/profile/profile.V2/Maildir/ > browseable = No > > [Office] > comment = Whole Office shared > path = /srv/samba/officeshared > valid users = @users > force group = users > read only = No > create mask = 0770 > force create mode = 0770 > directory mask = 2770 > force directory mode = 2770 > veto files > wide links = No > > [ExecutiveSecure] > comment = Executive Secure Files > path = /srv/samba/execsecure > valid users = @executive > force group = executive > read only = No > create mask = 0660 > force create mode = 0660 > force security mode = 0660 > directory mask = 2770 > force directory mode = 2770 > force directory security mode = 2770 > inherit permissions = Yes > inherit owner = Yes > browseable = Yes > > [profiles] > comment = profiles for windows XP logon > path = /home/%U/profile > read only = No > create mask = 0600 > force create mode = 0600 > directory mask = 0700 > force directory mode = 0700 > store dos attributes = Yes > browseable = No > > [profiles.V2] > comment = profiles for windows 7 logon > path = /home/%U/profile.V2 > read only = No > create mask = 0600 > force create mode = 0600 > directory mask = 0700 > force directory mode = 0700 > store dos attributes = Yes > browseable = No > > > [netlogon] > comment = NetLogon Share > path = /srv/samba/samba/netlogon > guest ok = Yes > browseable = No > > > [accounting] > comment = Accounting Files > path = /srv/samba/accounting > valid users = @accounting @executive aaron > force group = accounting > read only = No > create mask = 0660 > force create mode = 0660 > directory mask = 2770 > force directory mode = 2770 > browseable = Yes > > > [campwise] > comment = Campwise Data files > path = /srv/samba/campwise > valid users = @campwise @users > force group = campwise > read only = No > create mask = 0660 > force create mode = 0660 > directory mask = 2770 > force directory mode = 2770 > wide links = No > browseable = Yes > > [scanning] > browseable = Yes > delete readonly = yes > wide links = no > writable = yes > write list = minolta @scanning > path = /srv/samba/scanning > force directory mode = 2070 > force group = scanning > force create mode = 0060 > comment = New Incoming Scans > valid users = minolta @scanning > create mode = 0060 > directory mode = 2070 > > [sysadmins] > comment = System Administration Things > path = /srv/samba/sysadmins > valid users = @admin > #valid users checks the UNIX group NOT the Windows group > force group = admin > read only = no > create mask = 0660 > directory mask = 2770 > browsable = no > [root@ ~]# > > Thanks, > Aaron Johnson > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba