Hello (again) all!
After successfully joining my Debian Jessie box to my Server 2012R2-based domain
as a domain member, I've run into another snag. The installation worked
successful for a couple days as a file server, and then after a while I stopped
being able to access the file server. After trying various trouble-shooting
steps (including nuking the samba and winbind installations and reinstalling)
I'm left in the following scenario:
root at domain-member:~# net ads testjoin
Join is OK
root at domain-member:~# net ads info
LDAP server: 192.168.0.34
LDAP server name: ad-domain-controller.domain.local
Realm: DOMAIN.LOCAL
Bind Path: dc=DOMAIN,dc=LOCAL
LDAP port: 389
Server time: Thu, 11 Aug 2016 14:57:38 MDT
KDC server: 192.168.0.34
Server time offset: 0
root at domain-member:~# net rpc testjoin -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
Processing section "[global]"
doing parameter netbios name = DOMAIN-MEMBER
doing parameter security = ADS
doing parameter workgroup = DOMAIN
doing parameter realm = DOMAIN.LOCAL
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config DOMAIN:backend = ad
doing parameter idmap config DOMAIN:schema_mode = rfc2307
doing parameter idmap config DOMAIN:range = 10000-99999
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind use default domain = yes
doing parameter winbind nss info = template
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter vfs objects = acl_xattr
doing parameter map acl inherit = yes
doing parameter store dos attributes = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="DOMAIN-MEMBER"
added interface eth0 ip=192.168.0.37 bcast=192.168.0.255 netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for DOMAIN:
"Default-First-Site-Name"
dsgetdcname_internal: domain_name: DOMAIN, domain_guid: (null), site_name:
Default-First-Site-Name, flags: 0x40000000
debug_dsdcinfo_flags: 0x40000000
DS_RETURN_DNS_NAME
dsgetdcname_internal: domain_name: DOMAIN, domain_guid: (null), site_name:
Default-First-Site-Name, flags: 0x40000001
debug_dsdcinfo_flags: 0x40000001
DS_FORCE_REDISCOVERY DS_RETURN_DNS_NAME
dsgetdcname_rediscover
dns_send_req: Failed to resolve
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up DOMAIN#1c (sitename (null))
no entry for DOMAIN#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1c>
discover_dc_netbios: failed to find DC
dsgetdcname_rediscover
dns_send_req: Failed to resolve
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
dns_send_req: Failed to resolve _ldap._tcp.dc._msdcs.DOMAIN (Success)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL)
internal_resolve_name: looking up DOMAIN#1c (sitename (null))
no entry for DOMAIN#1C found.
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
resolve_lmhosts: Attempting lmhosts lookup for name DOMAIN<0x1c>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No such
file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
name_resolve_bcast: Attempting broadcast lookup for name DOMAIN<0x1c>
discover_dc_netbios: failed to find DC
return code = -1
Freeing parametrics:
root at domain-member:~# cat /etc/samba/smb.conf
[global]
netbios name = DOMAIN-MEMBER
security = ADS
workgroup = DOMAIN
realm = DOMAIN.LOCAL
idmap config *:backend = tdb
idmap config *:range = 2000-9999
idmap config DOMAIN:backend = ad
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 10000-99999
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nss info = template
template shell = /bin/bash
template homedir = /home/%U
vfs objects = acl_xattr
map acl inherit = yes
store dos attributes = yes
[upload]
path = /var/www/upload
read only = no
admin users = "@DOMAIN\Domain Admins"
