VigneshDhanraj G
2018-Jun-27 19:08 UTC
[Samba] Not Able to access cifs when AD connected to different network
Hi Team,
Recently upgraded samba to 4.7.8 from 4.7.15
My PC and was connected under router 192.168.1.x in which i have AD server.
now i moved the PC to another network 192.168.4.x.
When i am trying to access the cifs it shows ERROR:Currently no logon
servers available.
When i downgraded samba to 4.5.15 it works properly.
[Global]
available= yes
restrict anonymous= 0
server string= LenovoEMC~D� px4-400d
Workgroup= GNANA
netbios name= px4-400d
realm= GNANA.COM <http://VIGNESH.COM>
password server= 192.168.1.14, *
idmap backend= tdb
idmap uid= 5000-9999999
idmap gid= 5000-9999999
idmap config GNANA : backend= rid
idmap config GNANA : range= 10000000-19999999
security= ADS
name resolve order= wins host bcast lmhosts
client use spnego= yes
dns proxy= no
winbind use default domain= no
winbind nested groups= yes
inherit acls= yes
winbind enum users= yes
winbind enum groups= yes
winbind separator= \\
winbind cache time= 300
winbind offline logon= true
template shell= /bin/sh
kerberos method= secrets and keytab
map to guest= Bad User
host msdfs= yes
strict allocate= no
encrypt passwords= yes
passdb backend= smbpasswd
printcap name= lpstat
printable= no
load printers= yes
ntlm auth= Yes
logs:
check_ntlm_password: Authentication for user [vigneshdhanraj.g] ->
[vigneshdhanraj.g] FAILED with error NT_STATUS_NO_LOGON_SERVERS,
authoritative=1
[2018/06/28 14:00:56.780890, 2, pid=10273, effective(0, 0), real(0, 0)]
../auth/auth_log.c:760(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [DS-7071BC9E7857]\[vigneshdhanraj.g] at [Thu, 28
Jun 2018 14:00:56.780833 IST] with [NTLMv1] status
[NT_STATUS_NO_LOGON_SERVERS] workstation [DS-7071BC9E7857] remote host
[ipv4:10.132.240.57:57088] mapped to [DS-7071BC9E7857]\[vigneshdhanraj.g].
local host [ipv4:10.132.243.69:445]
[2018/06/28 14:00:56.780975, 3, pid=10273, effective(0, 0), real(0, 0)]
../auth/auth_log.c:591(log_no_json)
log_no_json: JSON auth logs not available unless compiled with jansson
[2018/06/28 14:00:56.781028, 5, pid=10273, effective(0, 0), real(0, 0)]
../source3/auth/auth_ntlmssp.c:196(auth3_check_password)
Checking NTLMSSP password for DS-7071BC9E7857\vigneshdhanraj.g failed:
NT_STATUS_NO_LOGON_SERVERS, authoritative=1
[2018/06/28 14:00:56.781093, 5, pid=10273, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_server.c:751(ntlmssp_server_check_password)
../auth/ntlmssp/ntlmssp_server.c:751: Checking NTLMSSP password for
DS-7071BC9E7857\vigneshdhanraj.g failed: NT_STATUS_NO_LOGON_SERVERS
[2018/06/28 14:00:56.781163, 2, pid=10273, effective(0, 0), real(0, 0)]
../auth/gensec/spnego.c:605(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS
[2018/06/28 14:00:56.781247, 4, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:438(pop_sec_ctx)
pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
smbd_smb2_request_pending_queue: req->current_idx = 1
req->in.vector[0].iov_len = 0
req->in.vector[1].iov_len = 0
req->in.vector[2].iov_len = 64
req->in.vector[3].iov_len = 24
req->in.vector[4].iov_len = 283
req->out.vector[0].iov_len = 4
req->out.vector[1].iov_len = 0
req->out.vector[2].iov_len = 64
req->out.vector[3].iov_len = 8
req->out.vector[4].iov_len = 0
[2018/06/28 14:00:56.781396, 4, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:216(push_sec_ctx)
push_sec_ctx(0, 0) : sec_ctx_stack_ndx = 1
[2018/06/28 14:00:56.781451, 4, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/uid.c:491(push_conn_ctx)
push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2018/06/28 14:00:56.781499, 4, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2018/06/28 14:00:56.781547, 5, pid=10273, effective(0, 0), real(0, 0)]
../libcli/security/security_token.c:53(security_token_debug)
[2018/06/28 14:00:56.783085, 5, pid=10273, effective(0, 0), real(0, 0)]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2018/06/28 14:00:56.783131, 5, pid=10273, effective(0, 0), real(0, 0)]
../source3/auth/token_util.c:810(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2018/06/28 14:00:56.783187, 5, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2018/06/28 14:00:56.783237, 4, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
[2018/06/28 14:00:56.783285, 5, pid=10273, effective(0, 0), real(0, 0)]
../libcli/security/security_token.c:53(security_token_debug)
Security token: (NULL)
[2018/06/28 14:00:56.783331, 5, pid=10273, effective(0, 0), real(0, 0)]
../source3/auth/token_util.c:810(debug_unix_user_token)
UNIX token of user 0
Primary group is 0 and contains 0 supplementary groups
[2018/06/28 14:00:56.783393, 5, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2018/06/28 14:00:56.783447, 4, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal)
Primary group is 0 and contains 0 supplementary groups
[2018/06/28 14:00:56.783598, 5, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/uid.c:425(smbd_change_to_root_user)
change_to_root_user: now uid=(0,0) gid=(0,0)
[2018/06/28 14:00:56.783705, 10, pid=10273, effective(0, 0), real(0, 0)]
../source3/lib/messages_dgm_ref.c:157(msg_dgm_ref_destructor)
msg_dgm_ref_destructor: refs=(nil)
[2018/06/28 14:00:56.795996, 3, pid=10273, effective(0, 0), real(0, 0)]
../source3/smbd/server_exit.c:244(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
Please do the needful. i want to change smb.conf for workgroup users alone
to make it work. if i move to that network again i want to write conf for
AD.
Regards,
VigneshDhanraj G
Rowland Penny
2018-Jun-27 19:47 UTC
[Samba] Not Able to access cifs when AD connected to different network
On Thu, 28 Jun 2018 00:38:23 +0530 VigneshDhanraj G via samba <samba at lists.samba.org> wrote:> Hi Team, > > Recently upgraded samba to 4.7.8 from 4.7.15 > > My PC and was connected under router 192.168.1.x in which i have AD > server. now i moved the PC to another network 192.168.4.x. > > When i am trying to access the cifs it shows ERROR:Currently no logon > servers available.Is your 'new' subnet in AD ? Can I suggest you try this smb.conf: [Global] Workgroup = GNANA realm = GNANA.COM security = ADS server string= LenovoEMC~D px4-400d kerberos method= secrets and keytab idmap config * : backend = tdb idmap config * : range = 5000-9999 idmap config GNANA : backend = rid idmap config GNANA : range = 10000000-19999999 name resolve order= wins host bcast lmhosts dns proxy= no inherit acls= yes winbind offline logon= true template shell= /bin/sh map to guest= Bad User printcap name= lpstat ntlm auth= Yes It is basically yours, but without all the default lines and 'idmap config' set up correctly. Rowland
VigneshDhanraj G
2018-Jun-27 20:33 UTC
[Samba] Not Able to access cifs when AD connected to different network
the problem is actually, i have two networks one is 192.168.1.* and 192.168.4.* , I have my linux pc in which samba server is running and it is in 192.168.1.12 and i have a AD server GNANA.COM in 192.168.1.14. i have shares which is having permission for only local linux users. i moved my linux pc from 192.168.1.12 to 192.168.4.12, samba server is running with the same config when it was running in 192.168.1.12 network. now i accessing cifs it shows no logon servers directly. Before in samba 4.5.15 i usually do this i will not get any errors it will list the shares available. On Thu, Jun 28, 2018 at 1:18 AM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 28 Jun 2018 00:38:23 +0530 > VigneshDhanraj G via samba <samba at lists.samba.org> wrote: > > > Hi Team, > > > > Recently upgraded samba to 4.7.8 from 4.7.15 > > > > My PC and was connected under router 192.168.1.x in which i have AD > > server. now i moved the PC to another network 192.168.4.x. > > > > When i am trying to access the cifs it shows ERROR:Currently no logon > > servers available. > > Is your 'new' subnet in AD ? > > Can I suggest you try this smb.conf: > > [Global] > Workgroup = GNANA > realm = GNANA.COM > security = ADS > server string= LenovoEMC~D px4-400d > > kerberos method= secrets and keytab > > idmap config * : backend = tdb > idmap config * : range = 5000-9999 > idmap config GNANA : backend = rid > idmap config GNANA : range = 10000000-19999999 > > name resolve order= wins host bcast lmhosts > dns proxy= no > inherit acls= yes > winbind offline logon= true > template shell= /bin/sh > map to guest= Bad User > printcap name= lpstat > ntlm auth= Yes > > It is basically yours, but without all the default lines and 'idmap > config' set up correctly. > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Reasonably Related Threads
- Not Able to access cifs when AD connected to different network
- Not Able to access cifs when AD connected to different network
- In mac guest user is not working when AD connected - samba 4.9.3
- After configured server signing, file transfer speed is very slow
- In mac guest user is not working when AD connected - samba 4.9.3