Rowland penny
2016-Apr-02 16:51 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On 02/04/16 17:37, Luke Barone wrote:> [global] > server max protocol = SMB2 > # Line above added by lbarone - March 30, 2016 > name resolve order = host wins lmhosts bcast > write list = @domainadmins > passwd chat = *new*password* %n\n *new*password* %n\n *updated* > admin users = machine,add,lbarone, at domainadmins > smb ports = 139 > lock directory = /var/cache/samba > preserve case = yes > passwd program = /usr/bin/passwd %u > netbios name = jmac > printing = lprng > logon script = login.bat > local master = yes > workgroup = jmc > os level = 255 > printcap name = /dev/null > security = user > disable spoolss = yes > log file = /var/log/samba/log.%m > log level = 2 > load printers = yes > logon drive = h: > domain master = yes > interfaces = eth1 > encrypt passwords = true > wins support = yes > server string = jmac > wide links = no > path = /var/spool/lpd/samba > unix password sync = true > preferred master = yes > bind interfaces only = yes > pam password change = yes > domain logons = yes > dns proxy = yes > idmap config * : range = 1000-1999999 > # Above line added by lbarone - March 29, 2016 > > ################## SHARES ######################## > > [netlogon] > path = /usr/local/share/netlogon > browseable = no > ##profile acls = yes > write list = @domainadmins > inherit permissions = yes > > [homes] > browseable = no > read only = no > path = /home/%U/ > > [Programs] > path = /usr/local/share/Apps/NetApps > inherit permissions = yes > writeable = yes > > [Windsor] > path = /usr/local/share/Windsor > inherit permissions = yes > writeable = yes > > [Career] > path = /usr/local/share/Staff/CLA/Career > inherit permissions = yes > writeable = yes > comment = Career Programs > > [Office] > path = /usr/local/share/Office > writeable = yes > inherit permissions = yes > > [Admin] > path = /usr/local/share/Admin > inherit permissions = yes > writeable = yes > > [Student_Share] > comment = Classwork Share > path = /usr/local/share/Student > writeable = yes > inherit permissions = yes > > [Tech_Tips] > comment = Tech Applications and tips. Public to see/read. > path = /usr/local/share/TECH_TIPS > writeable = yes > valid users = @staff > inherit permissions = yes > > [Tech_Apps] > comment = Tech Applications. > path = /usr/local/share/Tech_Apps > writeable = no > inherit permissions = yes > valid users = @domainadmins, at admin > browseable = no > > [DropBox] > comment = Classwork Hand-in > path = /usr/local/share/Classwork > writeable = yes > create mode = 700 > force directory mode = 1777 > inherit owner = yes > > [SSS] > comment = Student Support Services > path = /usr/local/share/Staff/SSS > writeable = yes > inherit permissions = yes > > [JMC] > comment = JMC Global Share > path = /usr/local/share/Staff/JMC > writeable = yes > write list = @staff > read list = @staff > > [DRC] > comment = DRC > path = /usr/local/share/Staff/DRC > writeable = yes > inherit permissions = yes > > [CLA] > comment = CLA > path = /usr/local/share/Staff/CLA > writeable = yes > inherit permissions = yes > > [YAPS] > path = /usr/local/share/YAPS > inherit permissions = yes > writeable = yes > > > [IMAGES] > comment = System images. Keep out. > path = /usr/local/share/IMAGES > valid users = blast,lbarone, at domainadmins > writeable = yes > inherit permissions = yes > > [Printer_Drivers] > comment = Printer Drivers for any printers in the building. > path = /usr/local/share/Printer_Drivers > writeable = no > inherit permissions = yes > > I commented when and where I changed the file, based on advice from > various forums when I was trying to figure out this issue. The upgrade > occurred on March 17th, so the changes I made were after issues were > reported to me. > > On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>> wrote: > > On 01/04/16 21:20, Luke Barone wrote: > > Anyone able to chime in? Suggestions on where to go? > > On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone > <lukebarone at gmail.com <mailto:lukebarone at gmail.com>> wrote: > > Hi all, > > I upgraded Samba 3 to 4 when doing a Debian Wheezy to > Jessie upgrade over > the last couple of weeks. Most things worked, but now that > staff are back, > we're seeing more and more issues. > > Computers are logging in using their cached credentials > only. The > computers are not using updated password information from > the server > anymore. The computers will not connect to the server via > it's NetBIOS name > unless I add the entry under the hosts and lmhosts file on > each workstation > (which is a pain...). My remote management won't work > either for using the > server credentials, I need to use a local username and > password. > > It's running Samba 4.1.17-debian, as a Windows NT Domain > Controller, NOT > Active Directory. > > I have also edited the /etc/nsswitch.conf file so that: > > passwd: files winbind > shadow: files > group: files winbind > hosts: files wins > > instead of: > passwd: compat > group: compat > shadow: compat > hosts: files dns > > > ... based on advice around the getpwuid error that seems > so famous. > > My goal is to get this up and running *properly* without > needing to touch > every computer, and so that user changes (i.e. password > changes, new users, > users getting deleted, etc) take effect immediately. > > If I need to post other config files, please let me know > > > OK, lets start with the smb.conf, please post it. > I take it you haven't modified it after the upgrade. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >OK, try removing this line: smb ports = 139 You have turned off port 445 Rowland
Luke Barone
2016-Apr-02 17:06 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
OK, I've tried commenting the line out. Ran /etc/init.d/samba reload, but no change. Should I try a full server reboot then? On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny <rpenny at samba.org> wrote:> On 02/04/16 17:37, Luke Barone wrote: > >> [global] >> server max protocol = SMB2 >> # Line above added by lbarone - March 30, 2016 >> name resolve order = host wins lmhosts bcast >> write list = @domainadmins >> passwd chat = *new*password* %n\n *new*password* %n\n *updated* >> admin users = machine,add,lbarone, at domainadmins >> smb ports = 139 >> lock directory = /var/cache/samba >> preserve case = yes >> passwd program = /usr/bin/passwd %u >> netbios name = jmac >> printing = lprng >> logon script = login.bat >> local master = yes >> workgroup = jmc >> os level = 255 >> printcap name = /dev/null >> security = user >> disable spoolss = yes >> log file = /var/log/samba/log.%m >> log level = 2 >> load printers = yes >> logon drive = h: >> domain master = yes >> interfaces = eth1 >> encrypt passwords = true >> wins support = yes >> server string = jmac >> wide links = no >> path = /var/spool/lpd/samba >> unix password sync = true >> preferred master = yes >> bind interfaces only = yes >> pam password change = yes >> domain logons = yes >> dns proxy = yes >> idmap config * : range = 1000-1999999 >> # Above line added by lbarone - March 29, 2016 >> >> ################## SHARES ######################## >> >> [netlogon] >> path = /usr/local/share/netlogon >> browseable = no >> ##profile acls = yes >> write list = @domainadmins >> inherit permissions = yes >> >> [homes] >> browseable = no >> read only = no >> path = /home/%U/ >> >> [Programs] >> path = /usr/local/share/Apps/NetApps >> inherit permissions = yes >> writeable = yes >> >> [Windsor] >> path = /usr/local/share/Windsor >> inherit permissions = yes >> writeable = yes >> >> [Career] >> path = /usr/local/share/Staff/CLA/Career >> inherit permissions = yes >> writeable = yes >> comment = Career Programs >> >> [Office] >> path = /usr/local/share/Office >> writeable = yes >> inherit permissions = yes >> >> [Admin] >> path = /usr/local/share/Admin >> inherit permissions = yes >> writeable = yes >> >> [Student_Share] >> comment = Classwork Share >> path = /usr/local/share/Student >> writeable = yes >> inherit permissions = yes >> >> [Tech_Tips] >> comment = Tech Applications and tips. Public to see/read. >> path = /usr/local/share/TECH_TIPS >> writeable = yes >> valid users = @staff >> inherit permissions = yes >> >> [Tech_Apps] >> comment = Tech Applications. >> path = /usr/local/share/Tech_Apps >> writeable = no >> inherit permissions = yes >> valid users = @domainadmins, at admin >> browseable = no >> >> [DropBox] >> comment = Classwork Hand-in >> path = /usr/local/share/Classwork >> writeable = yes >> create mode = 700 >> force directory mode = 1777 >> inherit owner = yes >> >> [SSS] >> comment = Student Support Services >> path = /usr/local/share/Staff/SSS >> writeable = yes >> inherit permissions = yes >> >> [JMC] >> comment = JMC Global Share >> path = /usr/local/share/Staff/JMC >> writeable = yes >> write list = @staff >> read list = @staff >> >> [DRC] >> comment = DRC >> path = /usr/local/share/Staff/DRC >> writeable = yes >> inherit permissions = yes >> >> [CLA] >> comment = CLA >> path = /usr/local/share/Staff/CLA >> writeable = yes >> inherit permissions = yes >> >> [YAPS] >> path = /usr/local/share/YAPS >> inherit permissions = yes >> writeable = yes >> >> >> [IMAGES] >> comment = System images. Keep out. >> path = /usr/local/share/IMAGES >> valid users = blast,lbarone, at domainadmins >> writeable = yes >> inherit permissions = yes >> >> [Printer_Drivers] >> comment = Printer Drivers for any printers in the building. >> path = /usr/local/share/Printer_Drivers >> writeable = no >> inherit permissions = yes >> >> I commented when and where I changed the file, based on advice from >> various forums when I was trying to figure out this issue. The upgrade >> occurred on March 17th, so the changes I made were after issues were >> reported to me. >> >> On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny <rpenny at samba.org <mailto: >> rpenny at samba.org>> wrote: >> >> On 01/04/16 21:20, Luke Barone wrote: >> >> Anyone able to chime in? Suggestions on where to go? >> >> On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone >> <lukebarone at gmail.com <mailto:lukebarone at gmail.com>> wrote: >> >> Hi all, >> >> I upgraded Samba 3 to 4 when doing a Debian Wheezy to >> Jessie upgrade over >> the last couple of weeks. Most things worked, but now that >> staff are back, >> we're seeing more and more issues. >> >> Computers are logging in using their cached credentials >> only. The >> computers are not using updated password information from >> the server >> anymore. The computers will not connect to the server via >> it's NetBIOS name >> unless I add the entry under the hosts and lmhosts file on >> each workstation >> (which is a pain...). My remote management won't work >> either for using the >> server credentials, I need to use a local username and >> password. >> >> It's running Samba 4.1.17-debian, as a Windows NT Domain >> Controller, NOT >> Active Directory. >> >> I have also edited the /etc/nsswitch.conf file so that: >> >> passwd: files winbind >> shadow: files >> group: files winbind >> hosts: files wins >> >> instead of: >> passwd: compat >> group: compat >> shadow: compat >> hosts: files dns >> >> >> ... based on advice around the getpwuid error that seems >> so famous. >> >> My goal is to get this up and running *properly* without >> needing to touch >> every computer, and so that user changes (i.e. password >> changes, new users, >> users getting deleted, etc) take effect immediately. >> >> If I need to post other config files, please let me know >> >> >> OK, lets start with the smb.conf, please post it. >> I take it you haven't modified it after the upgrade. >> >> Rowland >> >> -- To unsubscribe from this list go to the following URL and read >> the >> instructions: https://lists.samba.org/mailman/options/samba >> >> >> > OK, try removing this line: > > smb ports = 139 > > You have turned off port 445 > > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2016-Apr-02 17:20 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On 02/04/16 18:06, Luke Barone wrote:> OK, I've tried commenting the line out. Ran /etc/init.d/samba reload, > but no change. Should I try a full server reboot then? > > On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny <rpenny at samba.org > <mailto:rpenny at samba.org>> wrote: > > On 02/04/16 17:37, Luke Barone wrote: > > [global] > server max protocol = SMB2 > # Line above added by lbarone - March 30, 2016 > name resolve order = host wins lmhosts bcast > write list = @domainadmins > passwd chat = *new*password* %n\n *new*password* %n\n > *updated* > admin users = machine,add,lbarone, at domainadmins > smb ports = 139 > lock directory = /var/cache/samba > preserve case = yes > passwd program = /usr/bin/passwd %u > netbios name = jmac > printing = lprng > logon script = login.bat > local master = yes > workgroup = jmc > os level = 255 > printcap name = /dev/null > security = user > disable spoolss = yes > log file = /var/log/samba/log.%m > log level = 2 > load printers = yes > logon drive = h: > domain master = yes > interfaces = eth1 > encrypt passwords = true > wins support = yes > server string = jmac > wide links = no > path = /var/spool/lpd/samba > unix password sync = true > preferred master = yes > bind interfaces only = yes > pam password change = yes > domain logons = yes > dns proxy = yes > idmap config * : range = 1000-1999999 > # Above line added by lbarone - March 29, 2016 > > ################## SHARES ######################## > > [netlogon] > path = /usr/local/share/netlogon > browseable = no > ##profile acls = yes > write list = @domainadmins > inherit permissions = yes > > [homes] > browseable = no > read only = no > path = /home/%U/ > > [Programs] > path = /usr/local/share/Apps/NetApps > inherit permissions = yes > writeable = yes > > [Windsor] > path = /usr/local/share/Windsor > inherit permissions = yes > writeable = yes > > [Career] > path = /usr/local/share/Staff/CLA/Career > inherit permissions = yes > writeable = yes > comment = Career Programs > > [Office] > path = /usr/local/share/Office > writeable = yes > inherit permissions = yes > > [Admin] > path = /usr/local/share/Admin > inherit permissions = yes > writeable = yes > > [Student_Share] > comment = Classwork Share > path = /usr/local/share/Student > writeable = yes > inherit permissions = yes > > [Tech_Tips] > comment = Tech Applications and tips. Public to see/read. > path = /usr/local/share/TECH_TIPS > writeable = yes > valid users = @staff > inherit permissions = yes > > [Tech_Apps] > comment = Tech Applications. > path = /usr/local/share/Tech_Apps > writeable = no > inherit permissions = yes > valid users = @domainadmins, at admin > browseable = no > > [DropBox] > comment = Classwork Hand-in > path = /usr/local/share/Classwork > writeable = yes > create mode = 700 > force directory mode = 1777 > inherit owner = yes > > [SSS] > comment = Student Support Services > path = /usr/local/share/Staff/SSS > writeable = yes > inherit permissions = yes > > [JMC] > comment = JMC Global Share > path = /usr/local/share/Staff/JMC > writeable = yes > write list = @staff > read list = @staff > > [DRC] > comment = DRC > path = /usr/local/share/Staff/DRC > writeable = yes > inherit permissions = yes > > [CLA] > comment = CLA > path = /usr/local/share/Staff/CLA > writeable = yes > inherit permissions = yes > > [YAPS] > path = /usr/local/share/YAPS > inherit permissions = yes > writeable = yes > > > [IMAGES] > comment = System images. Keep out. > path = /usr/local/share/IMAGES > valid users = blast,lbarone, at domainadmins > writeable = yes > inherit permissions = yes > > [Printer_Drivers] > comment = Printer Drivers for any printers in the > building. > path = /usr/local/share/Printer_Drivers > writeable = no > inherit permissions = yes > > I commented when and where I changed the file, based on advice > from various forums when I was trying to figure out this > issue. The upgrade occurred on March 17th, so the changes I > made were after issues were reported to me. > > On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny > <rpenny at samba.org <mailto:rpenny at samba.org> > <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>> wrote: > > On 01/04/16 21:20, Luke Barone wrote: > > Anyone able to chime in? Suggestions on where to go? > > On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone > <lukebarone at gmail.com <mailto:lukebarone at gmail.com> > <mailto:lukebarone at gmail.com <mailto:lukebarone at gmail.com>>> > wrote: > > Hi all, > > I upgraded Samba 3 to 4 when doing a Debian Wheezy to > Jessie upgrade over > the last couple of weeks. Most things worked, but > now that > staff are back, > we're seeing more and more issues. > > Computers are logging in using their cached > credentials > only. The > computers are not using updated password > information from > the server > anymore. The computers will not connect to the > server via > it's NetBIOS name > unless I add the entry under the hosts and lmhosts > file on > each workstation > (which is a pain...). My remote management won't work > either for using the > server credentials, I need to use a local username and > password. > > It's running Samba 4.1.17-debian, as a Windows NT > Domain > Controller, NOT > Active Directory. > > I have also edited the /etc/nsswitch.conf file so > that: > > passwd: files winbind > shadow: files > group: files winbind > hosts: files wins > > instead of: > passwd: compat > group: compat > shadow: compat > hosts: files dns > > > ... based on advice around the getpwuid error that > seems > so famous. > > My goal is to get this up and running *properly* > without > needing to touch > every computer, and so that user changes (i.e. > password > changes, new users, > users getting deleted, etc) take effect immediately. > > If I need to post other config files, please let > me know > > > OK, lets start with the smb.conf, please post it. > I take it you haven't modified it after the upgrade. > > Rowland > > -- To unsubscribe from this list go to the following > URL and read the > instructions: https://lists.samba.org/mailman/options/samba > > > > OK, try removing this line: > > smb ports = 139 > > You have turned off port 445 > > > Rowland > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >Worth trying, the only other thing that I can see that is sort of wrong, is this: path = /var/spool/lpd/samba It is in [global] and really only belongs in a share. After that I would start looking at the OS and the computer, is Apparmor running and stopping something, is a firewall running and blocking ports, is something going wrong with the computer, memory, HD etc Rowland
Apparently Analagous Threads
- Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
- Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
- Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
- Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
- Upgrading Samba 3 to Samba 4 - Domain Controller unreachable