Let-me explain my environment. I have 3 DCI 105 (Principal) 106 and 101
(where i use for test). All DC its CPU for grow up for 100%. I just make
the change in one DC, not all ok ?
> How did you provision samba, what were the exact commands used ?
samba-tool domain provision --realm=DOMAIN.BR --domain=DOMAIN
--server-role=dc --adminpass=pwd
> /etc/resolv.conf
search domain.br
nameserver 10.10.10.105
nameserver 10.10.10.106
> /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
10.10.10.101 dc-server4.domain.br dc-server4
!> /etc/hostname
dc-server4.domain.br
!
/etc/named.conf or /etc/named/named.conf
I dont have named configured in this DC, i put the dns forwarder 10.10.10.11.
> /etc/krb5.conf
libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
default_ccache_name = KEYRING:persistent:%{uid}
dns_lookup_kdc = true
default_realm = DOMAIN.BR
!> smb.conf
# Global parameters
[global]
bind interfaces only = Yes
interfaces = lo ens32
netbios name = DC-SERVER4
realm = DOMAIN.BR
dns forwarder = 10.10.10.11
workgroup = DOMAIN.BR
server role = active directory domain controller
ldap server require strong auth = no
comment log level = 3
log file = /var/log/samba.log
[netlogon]
path = /usr/local/samba/var/locks/sysvol/DOMAIN.BR/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
!
>Finally (for the time being) can you check if there is another kerberos
>server running on the DC (just to rulle it out).
Ticket cache: KEYRING:persistent:0:0
Default principal: administrator at DOMAIN.BR
Valid starting Expires Service principal
29-08-2016 11:26:41 29-08-2016 21:26:41 krbtgt/DOMAIN.BR at DOMAIN.BR
renew until 05-09-2016 11:26:34
Some errors:
2016/08/29 14:19:11.836901, 3]
../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'winbind_wbclient' registered
[2016/08/29 14:19:11.836940, 3]
../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'name_to_ntstatus' registered
[2016/08/29 14:19:11.836969, 3]
../source4/auth/ntlm/auth.c:675(auth_register)
AUTH backend 'unix' registered
[2016/08/29 14:19:11.844165, 3]
../source4/smbd/service_stream.c:66(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2016/08/29 14:19:11.844364, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2016/08/29 14:19:11.847261, 3]
../libcli/auth/schannel_state_tdb.c:121(schannel_store_session_key_tdb)
schannel_store_session_key_tdb: stored schannel info with key
SECRETS/SCHANNEL/292929
[2016/08/29 14:19:11.849417, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2016/08/29 14:19:11.855367, 3]
../lib/ldb-samba/ldb_wrap.c:325(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2016/08/29 14:19:11.856999, 3]
../libcli/auth/schannel_state_tdb.c:190(schannel_fetch_session_key_tdb)
schannel_fetch_session_key_tdb: restored schannel info key
SECRETS/SCHANNEL/292929
[2016/08/29 14:19:11.861331, 3]
../source3/smbd/negprot.c:711(reply_negprot)
Selected protocol SMB 2.???
[2016/08/29 14:22:57.715099, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_OBJECT_PATH_NOT_FOUND] || at
../source3/smbd/smb2_create.c:293
[2016/08/29 14:22:57.828768, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_OBJECT_NAME_NOT_FOUND] || at
../source3/smbd/smb2_create.c:293
[2016/08/29 14:23:11.282681, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1]
status[NT_STATUS_OBJECT_PATH_NOT_FOUND] || at
../source3/smbd/smb2_create.c:293
[2016/08/29 14:23:19.261429, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5]
status[STATUS_NO_MORE_FILES] || at
../source3/smbd/smb2_query_directory.c:154
[2016/08/29 14:23:19.687733, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[9]
status[NT_STATUS_INFO_LENGTH_MISMATCH] || at
../source3/smbd/smb2_query_directory.c:154
[2016/08/29 14:23:19.974391, 3]
../source3/smbd/smb2_server.c:3098(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[5]
status[STATUS_NO_MORE_FILES] || at
../source3/smbd/smb2_query_directory.c:154
2016-08-29 13:40 GMT-03:00 Rowland Penny via samba <samba at
lists.samba.org>:
> On Mon, 29 Aug 2016 13:20:48 -0300
> Maiquel Consalter <maiquelconsalter at gmail.com> wrote:
>
> OK, you now have samba compiled correctly (if it wasn't before), you
> have turned off the firewall and selinux and you use bind9 as the dns
> server. It should work ok, but it obviously doesn't.
>
> Can we recap some settings etc and get them all in the same place. I
> know you will have posted most of them already, but they are scattered
> in several posts.
>
> How did you provision samba, what were the exact commands used ?
>
> please post the following:
>
> /etc/resolv.conf
> /etc/hosts
> /etc/hostname
> /etc/named.conf or /etc/named/named.conf
> /etc/krb5.conf
>
> If you need to, change the names and IPs, but please use the same ones.
>
> Finally (for the time being) can you check if there is another kerberos
> server running on the DC (just to rulle it out).
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
--
Att,
Maiquel