Luke Barone
2016-Apr-02 18:07 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
@Sonic # /etc/init.d/samba restart [ ok ] Restarting nmbd (via systemctl): nmbd.service. [ ok ] Restarting smbd (via systemctl): smbd.service. [ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service. I may try rebooting as well, after trying @penny's fix. But that's what I've always been doing. When I use systemctl start nmbd smbd I get no output. On Sat, Apr 2, 2016 at 10:59 AM, Rowland penny <rpenny at samba.org> wrote:> On 02/04/16 18:46, Luke Barone wrote: > > OK, this is working with the Windows 7 clients now. Looks like it was just > a reboot. Now I have an issue with the Windows 10 clients... I'll open a > new thread about that... > > On Sat, Apr 2, 2016 at 10:31 AM, Luke Barone <lukebarone at gmail.com> wrote: > >> OK, I'm rebooting the server now. Removed that line first. >> >> SELinux and App Armour are not installed on the servers. Tested with the >> firewall down (iptables), ulimit is not being reached, still lots of memory >> and hard drive space available... Since it's the weekend, no one else is in >> the building except for me. >> >> On Sat, Apr 2, 2016 at 10:20 AM, Rowland penny < <rpenny at samba.org> >> rpenny at samba.org> wrote: >> >>> On 02/04/16 18:06, Luke Barone wrote: >>> >>>> OK, I've tried commenting the line out. Ran /etc/init.d/samba reload, >>>> but no change. Should I try a full server reboot then? >>>> >>>> On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny <rpenny at samba.org >>>> <mailto:rpenny at samba.org>> wrote: >>>> >>>> On 02/04/16 17:37, Luke Barone wrote: >>>> >>>> [global] >>>> server max protocol = SMB2 >>>> # Line above added by lbarone - March 30, 2016 >>>> name resolve order = host wins lmhosts bcast >>>> write list = @domainadmins >>>> passwd chat = *new*password* %n\n *new*password* %n\n >>>> *updated* >>>> admin users = machine,add,lbarone, at domainadmins >>>> smb ports = 139 >>>> lock directory = /var/cache/samba >>>> preserve case = yes >>>> passwd program = /usr/bin/passwd %u >>>> netbios name = jmac >>>> printing = lprng >>>> logon script = login.bat >>>> local master = yes >>>> workgroup = jmc >>>> os level = 255 >>>> printcap name = /dev/null >>>> security = user >>>> disable spoolss = yes >>>> log file = /var/log/samba/log.%m >>>> log level = 2 >>>> load printers = yes >>>> logon drive = h: >>>> domain master = yes >>>> interfaces = eth1 >>>> encrypt passwords = true >>>> wins support = yes >>>> server string = jmac >>>> wide links = no >>>> path = /var/spool/lpd/samba >>>> unix password sync = true >>>> preferred master = yes >>>> bind interfaces only = yes >>>> pam password change = yes >>>> domain logons = yes >>>> dns proxy = yes >>>> idmap config * : range = 1000-1999999 >>>> # Above line added by lbarone - March 29, 2016 >>>> >>>> ################## SHARES ######################## >>>> >>>> [netlogon] >>>> path = /usr/local/share/netlogon >>>> browseable = no >>>> ##profile acls = yes >>>> write list = @domainadmins >>>> inherit permissions = yes >>>> >>>> [homes] >>>> browseable = no >>>> read only = no >>>> path = /home/%U/ >>>> >>>> [Programs] >>>> path = /usr/local/share/Apps/NetApps >>>> inherit permissions = yes >>>> writeable = yes >>>> >>>> [Windsor] >>>> path = /usr/local/share/Windsor >>>> inherit permissions = yes >>>> writeable = yes >>>> >>>> [Career] >>>> path = /usr/local/share/Staff/CLA/Career >>>> inherit permissions = yes >>>> writeable = yes >>>> comment = Career Programs >>>> >>>> [Office] >>>> path = /usr/local/share/Office >>>> writeable = yes >>>> inherit permissions = yes >>>> >>>> [Admin] >>>> path = /usr/local/share/Admin >>>> inherit permissions = yes >>>> writeable = yes >>>> >>>> [Student_Share] >>>> comment = Classwork Share >>>> path = /usr/local/share/Student >>>> writeable = yes >>>> inherit permissions = yes >>>> >>>> [Tech_Tips] >>>> comment = Tech Applications and tips. Public to >>>> see/read. >>>> path = /usr/local/share/TECH_TIPS >>>> writeable = yes >>>> valid users = @staff >>>> inherit permissions = yes >>>> >>>> [Tech_Apps] >>>> comment = Tech Applications. >>>> path = /usr/local/share/Tech_Apps >>>> writeable = no >>>> inherit permissions = yes >>>> valid users = @domainadmins, at admin >>>> browseable = no >>>> >>>> [DropBox] >>>> comment = Classwork Hand-in >>>> path = /usr/local/share/Classwork >>>> writeable = yes >>>> create mode = 700 >>>> force directory mode = 1777 >>>> inherit owner = yes >>>> >>>> [SSS] >>>> comment = Student Support Services >>>> path = /usr/local/share/Staff/SSS >>>> writeable = yes >>>> inherit permissions = yes >>>> >>>> [JMC] >>>> comment = JMC Global Share >>>> path = /usr/local/share/Staff/JMC >>>> writeable = yes >>>> write list = @staff >>>> read list = @staff >>>> >>>> [DRC] >>>> comment = DRC >>>> path = /usr/local/share/Staff/DRC >>>> writeable = yes >>>> inherit permissions = yes >>>> >>>> [CLA] >>>> comment = CLA >>>> path = /usr/local/share/Staff/CLA >>>> writeable = yes >>>> inherit permissions = yes >>>> >>>> [YAPS] >>>> path = /usr/local/share/YAPS >>>> inherit permissions = yes >>>> writeable = yes >>>> >>>> >>>> [IMAGES] >>>> comment = System images. Keep out. >>>> path = /usr/local/share/IMAGES >>>> valid users = blast,lbarone, at domainadmins >>>> writeable = yes >>>> inherit permissions = yes >>>> >>>> [Printer_Drivers] >>>> comment = Printer Drivers for any printers in the >>>> building. >>>> path = /usr/local/share/Printer_Drivers >>>> writeable = no >>>> inherit permissions = yes >>>> >>>> I commented when and where I changed the file, based on advice >>>> from various forums when I was trying to figure out this >>>> issue. The upgrade occurred on March 17th, so the changes I >>>> made were after issues were reported to me. >>>> >>>> On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny >>>> <rpenny at samba.org <mailto:rpenny at samba.org> >>>> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>> wrote: >>>> >>>> On 01/04/16 21:20, Luke Barone wrote: >>>> >>>> Anyone able to chime in? Suggestions on where to go? >>>> >>>> On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone >>>> <lukebarone at gmail.com <mailto:lukebarone at gmail.com> >>>> <mailto:lukebarone at gmail.com <mailto:lukebarone at gmail.com>>> >>>> >>>> wrote: >>>> >>>> Hi all, >>>> >>>> I upgraded Samba 3 to 4 when doing a Debian Wheezy >>>> to >>>> Jessie upgrade over >>>> the last couple of weeks. Most things worked, but >>>> now that >>>> staff are back, >>>> we're seeing more and more issues. >>>> >>>> Computers are logging in using their cached >>>> credentials >>>> only. The >>>> computers are not using updated password >>>> information from >>>> the server >>>> anymore. The computers will not connect to the >>>> server via >>>> it's NetBIOS name >>>> unless I add the entry under the hosts and lmhosts >>>> file on >>>> each workstation >>>> (which is a pain...). My remote management won't >>>> work >>>> either for using the >>>> server credentials, I need to use a local username >>>> and >>>> password. >>>> >>>> It's running Samba 4.1.17-debian, as a Windows NT >>>> Domain >>>> Controller, NOT >>>> Active Directory. >>>> >>>> I have also edited the /etc/nsswitch.conf file so >>>> that: >>>> >>>> passwd: files winbind >>>> shadow: files >>>> group: files winbind >>>> hosts: files wins >>>> >>>> instead of: >>>> passwd: compat >>>> group: compat >>>> shadow: compat >>>> hosts: files dns >>>> >>>> >>>> ... based on advice around the getpwuid error that >>>> seems >>>> so famous. >>>> >>>> My goal is to get this up and running *properly* >>>> without >>>> needing to touch >>>> every computer, and so that user changes (i.e. >>>> password >>>> changes, new users, >>>> users getting deleted, etc) take effect immediately. >>>> >>>> If I need to post other config files, please let >>>> me know >>>> >>>> >>>> OK, lets start with the smb.conf, please post it. >>>> I take it you haven't modified it after the upgrade. >>>> >>>> Rowland >>>> >>>> -- To unsubscribe from this list go to the following >>>> URL and read the >>>> instructions: >>>> <https://lists.samba.org/mailman/options/samba> >>>> https://lists.samba.org/mailman/options/samba >>>> >>>> >>>> >>>> OK, try removing this line: >>>> >>>> smb ports = 139 >>>> >>>> You have turned off port 445 >>>> >>>> >>>> Rowland >>>> -- To unsubscribe from this list go to the following URL and >>>> read the >>>> instructions: https://lists.samba.org/mailman/options/samba >>>> >>>> >>>> >>> Worth trying, the only other thing that I can see that is sort of wrong, >>> is this: >>> >>> path = /var/spool/lpd/samba >>> >>> It is in [global] and really only belongs in a share. >>> >>> After that I would start looking at the OS and the computer, is Apparmor >>> running and stopping something, is a firewall running and blocking ports, >>> is something going wrong with the computer, memory, HD etc >>> >>> >>> Rowland >>> >>> -- >>> To unsubscribe from this list go to the following URL and read the >>> instructions: https://lists.samba.org/mailman/options/samba >>> >> >> > > Try removing the 'server max protocol' line, windows 10 needs SMB3 + a reg > hack > > Rowland > >
Sonic
2016-Apr-02 18:18 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On Sat, Apr 2, 2016 at 2:07 PM, Luke Barone <lukebarone at gmail.com> wrote:> [ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service. > > I may try rebooting as well, after trying @penny's fix. But that's what > I've always been doing. When I use systemctl start nmbd smbd I get no > output.OK, that's the Debian packaging, seems fine except I don't think you want the samba-ad-dc.service to start.
Luke Barone
2016-Apr-02 18:20 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
Think I should actively STOP that service? On Sat, Apr 2, 2016 at 11:18 AM, Sonic <sonicsmith at gmail.com> wrote:> On Sat, Apr 2, 2016 at 2:07 PM, Luke Barone <lukebarone at gmail.com> wrote: > > [ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service. > > > > I may try rebooting as well, after trying @penny's fix. But that's what > > I've always been doing. When I use systemctl start nmbd smbd I get no > > output. > > OK, that's the Debian packaging, seems fine except I don't think you > want the samba-ad-dc.service to start. >
Sonic
2016-Apr-02 18:21 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On Sat, Apr 2, 2016 at 2:07 PM, Luke Barone <lukebarone at gmail.com> wrote:> When I use systemctl start nmbd smbd I get no > output.Actually that's good - it means it worked - starting both nmbd and smbd. And it's the proper way to run these services (since you're using systemd).
Rowland penny
2016-Apr-02 18:34 UTC
[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
On 02/04/16 19:21, Sonic wrote:> On Sat, Apr 2, 2016 at 2:07 PM, Luke Barone <lukebarone at gmail.com> wrote: >> When I use systemctl start nmbd smbd I get no >> output. > Actually that's good - it means it worked - starting both nmbd and > smbd. And it's the proper way to run these services (since you're > using systemd).Wrong On debian there is a script called samba in /etc/init.d , it starts smbd & nmbd *or* samba, if it doesn't find 'server role = active directory domain controller' in smb.conf , it doesn't try to start the samba deamon.