Hi,
I have a File Server as Domain Member and it was working properly.
Recently I changed my DCs and after I am not getting authenticate users
with winbind.
I'm using Samba 4.6.3 as DC and Samba 4.1.17 as File Server.
When I restart Samba Service, this message appears:
root at dc1:/root# /etc/init.d/samba4 status
● samba4.service - LSB: start Samba4 daemons
Loaded: loaded (/etc/init.d/samba4)
Active: active (running) since Ter 2017-06-13 00:27:08 -03; 22min ago
Process: 587 ExecStop=/etc/init.d/samba4 stop (code=exited,
status=0/SUCCESS)
Process: 596 ExecStart=/etc/init.d/samba4 start (code=exited,
status=0/SUCCESS)
CGroup: /system.slice/samba4.service
├─601 /usr/local/samba/sbin/samba -D
├─626 /usr/local/samba/sbin/samba -D
├─627 /usr/local/samba/sbin/samba -D
├─628 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
├─629 /usr/local/samba/sbin/samba -D
├─630 /usr/local/samba/sbin/samba -D
├─631 /usr/local/samba/sbin/samba -D
├─632 /usr/local/samba/sbin/samba -D
├─633 /usr/local/samba/sbin/samba -D
├─634 /usr/local/samba/sbin/samba -D
├─635 /usr/local/samba/sbin/samba -D
├─636 /usr/local/samba/sbin/samba -D
├─637 /usr/local/samba/sbin/samba -D
├─638 /usr/local/samba/sbin/samba -D
├─639 /usr/local/samba/sbin/samba -D
├─640 /usr/local/samba/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─643 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
├─644 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
├─645 /usr/local/samba/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─647 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
├─674 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
├─675 /usr/local/samba/sbin/winbindd -D --option=server role
check:inhibit=yes --foreground
├─677 /usr/local/samba/sbin/samba -D
├─751 /usr/local/samba/sbin/smbd -D --option=server role
check:inhibit=yes --foreground
└─753 /usr/local/samba/sbin/samba -D
Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.916883, 0]
../source4/smbd/server.c:487(binary_smbd_main)
Jun 13 00:27:08 dc1 samba[601]: samba: using 'standard' process model
Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.932572, 0]
../lib/util/become_daemon.c:124(daemon_ready)
Jun 13 00:27:08 dc1 samba[601]: STATUS=daemon 'samba' finished starting
up
and ready to serve connections
Jun 13 00:27:08 dc1 winbindd[640]: [2017/06/13 00:27:08.995026, 0]
../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache)
Jun 13 00:27:08 dc1 winbindd[640]: initialize_winbindd_cache: clearing
cache and re-creating with version number 2
Jun 13 00:27:09 dc1 winbindd[640]: [2017/06/13 00:27:09.356050, 0]
../lib/util/become_daemon.c:124(daemon_ready)
Jun 13 00:27:09 dc1 winbindd[640]: STATUS=daemon 'winbindd' finished
starting up and ready to serve connections
Jun 13 00:27:09 dc1 smbd[628]: [2017/06/13 00:27:09.396000, 0]
../lib/util/become_daemon.c:124(daemon_ready)
Jun 13 00:27:09 dc1 smbd[628]: STATUS=daemon 'smbd' finished starting up
and ready to serve connections
Is it a problem?
Regards,
Márcio Bacci
On Tue, 13 Jun 2017 01:11:04 -0300 Marcio Demetrio Bacci via samba <samba at lists.samba.org> wrote:> Hi, > > I have a File Server as Domain Member and it was working properly. > > Recently I changed my DCs and after I am not getting authenticate > users with winbind. > > I'm using Samba 4.6.3 as DC and Samba 4.1.17 as File Server. > > When I restart Samba Service, this message appears: > > root at dc1:/root# /etc/init.d/samba4 status > ● samba4.service - LSB: start Samba4 daemons > Loaded: loaded (/etc/init.d/samba4) > Active: active (running) since Ter 2017-06-13 00:27:08 -03; 22min > ago Process: 587 ExecStop=/etc/init.d/samba4 stop (code=exited, > status=0/SUCCESS) > Process: 596 ExecStart=/etc/init.d/samba4 start (code=exited, > status=0/SUCCESS) > CGroup: /system.slice/samba4.service > ├─601 /usr/local/samba/sbin/samba -D > ├─626 /usr/local/samba/sbin/samba -D > ├─627 /usr/local/samba/sbin/samba -D > ├─628 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─629 /usr/local/samba/sbin/samba -D > ├─630 /usr/local/samba/sbin/samba -D > ├─631 /usr/local/samba/sbin/samba -D > ├─632 /usr/local/samba/sbin/samba -D > ├─633 /usr/local/samba/sbin/samba -D > ├─634 /usr/local/samba/sbin/samba -D > ├─635 /usr/local/samba/sbin/samba -D > ├─636 /usr/local/samba/sbin/samba -D > ├─637 /usr/local/samba/sbin/samba -D > ├─638 /usr/local/samba/sbin/samba -D > ├─639 /usr/local/samba/sbin/samba -D > ├─640 /usr/local/samba/sbin/winbindd -D --option=server > role check:inhibit=yes --foreground > ├─643 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─644 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─645 /usr/local/samba/sbin/winbindd -D --option=server > role check:inhibit=yes --foreground > ├─647 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─674 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > ├─675 /usr/local/samba/sbin/winbindd -D --option=server > role check:inhibit=yes --foreground > ├─677 /usr/local/samba/sbin/samba -D > ├─751 /usr/local/samba/sbin/smbd -D --option=server role > check:inhibit=yes --foreground > └─753 /usr/local/samba/sbin/samba -D > > Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.916883, 0] > ../source4/smbd/server.c:487(binary_smbd_main) > Jun 13 00:27:08 dc1 samba[601]: samba: using 'standard' process model > Jun 13 00:27:08 dc1 samba[601]: [2017/06/13 00:27:08.932572, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > Jun 13 00:27:08 dc1 samba[601]: STATUS=daemon 'samba' finished > starting up and ready to serve connections > Jun 13 00:27:08 dc1 winbindd[640]: [2017/06/13 00:27:08.995026, 0] > ../source3/winbindd/winbindd_cache.c:3171(initialize_winbindd_cache) > Jun 13 00:27:08 dc1 winbindd[640]: initialize_winbindd_cache: clearing > cache and re-creating with version number 2 > Jun 13 00:27:09 dc1 winbindd[640]: [2017/06/13 00:27:09.356050, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > Jun 13 00:27:09 dc1 winbindd[640]: STATUS=daemon 'winbindd' finished > starting up and ready to serve connections > Jun 13 00:27:09 dc1 smbd[628]: [2017/06/13 00:27:09.396000, 0] > ../lib/util/become_daemon.c:124(daemon_ready) > Jun 13 00:27:09 dc1 smbd[628]: STATUS=daemon 'smbd' finished starting > up and ready to serve connections > > Is it a problem? > > Regards, > > Márcio BacciThere doesn't appear to be anything wrong, so where are not get users authenticated, on the DC, or on the fileserver, or both ? Can you post the smb.conf files from both machines. Rowland
On Tue, 13 Jun 2017 17:00:10 -0300 Marcio Demetrio Bacci <marciobacci at gmail.com> wrote:> Hi, > > When I run the command line *wbinfo -a user* I get the following > result: > > root at filserver:~# wbinfo -a mane > Enter mane's password: > plaintext password authentication succeeded > Enter mane's password: > challenge/response password authentication failed > error code was NT_STATUS_WRONG_PASSWORD (0xc000006a) > error message was: Wrong Password > Could not authenticate user mane with challenge/response > > However the password is correct. > > File server users can not access SMB shares. > > This is my smb.conf and nsswitch of the File Server: > > ########################################################## > [global] > netbios name = fileserver > workgroup = EMPRESA > security = ads > realm = EMPRESA.COM.BR > encrypt passwords = yes > dedicated keytab file = /etc/krb5.keytab > kerberos method = secrets and keytab > preferred master = no > idmap config *:backend = tdb > idmap config *:range = 1000-3000 > idmap config EMPRESA:backend = ad > idmap config EMPRESA:schema_mode = rfc2307 > idmap config EMPRESA:range = 10000-9999999 > > winbind nss info = rfc2307 > winbind trusted domains only = no > winbind use default domain = yes > winbind enum users = yes > winbind enum groups = yes > winbind refresh tickets = yes > > vfs objects = acl_xattr > map acl inherit = Yes > store dos attributes = Yes > username map = /etc/samba/user.map >What OS is this ? Is there anything like an auth.log on the DC ? If so, is there anything in it ? Rowland
Possibly Parallel Threads
- DNS Update Failed
- Migrating to Samba 4.9.4 AD, kinit administrator -> kinit: Cannot contact any KDC for realm...
- Problems joining Samba 4 in the domain
- Migrating to Samba 4.9.4 AD, kinit administrator -> kinit: Cannot contact any KDC for realm...
- DNS Update Failed