Anantha Raghava
2018-Jun-30 09:21 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
Hi,
We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 LTS)
for quite sometime now. We recently installed Samba-AD (Samba AD Version
4.7.6) and made the file server a member of the Domain. Everything was
fine till around 11:15 am yesterday. We just added one more share folder
and gave access to three users and restarted Samba File Server services
- smbd, nmbd and winbindd - services and we lost the file server. None
of the domain user is able to login to file server and access their
shares. If we access the shares from a non-domain member PC, shares are
accessible.
File server when accessed asks for user name & password. Once the user
feeds his credentials, the login fails and again the file server will
ask for user credentials. This is really surprising.
We enabled log level 3 on both samba servers (File & AD Server) and we
see nothing with respect to this error.
Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are attached.
I am aware that Samba file server is very old and it's time to upgrade.
However, getting it back live is now critical for us.
Look forward for any guidance.
Thanks & Regards,
Anantha Raghava
Do not print this e-mail unless required. Save Paper & trees.
-------------- next part --------------
# Global parameters
[global]
netbios name = PDC
realm = XXXX.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd,
ntp_signd, kcc, dnsupdate
workgroup = XXXX
idmap_ldb:use rfc2307 = yes
ldap server require strong auth = No
# Logs and events
eventlog list = Security
log level = 3
log file = /var/log/samba/dc1.%T.log
max log size = 1000000
[netlogon]
path = /usr/local/samba/var/locks/sysvol/exza.com/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
-------------- next part --------------
[gdlobal]
workgroup = CSAEROTHERM
server string = Samba Server Version %v
security = ads
realm = CSAEROTHERM.COM
# socket options = TCP_NODELAY IPTOS_LOWDELAY SO_RCVBUF=131072
SO_SNDBUF=131072
use sendfile = true
idmap config * : backend = tdb
idmap config * : range = 100000-299999
idmap config CSAEROTHERM : schema_mode = rfc2307
idmap config CSAEROTHERM : backend = rid
idmap config CSAEROTHERM : range = 10000-99999
winbind separator = +
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind refresh tickets = yes
restrict anonymous = 2
log file = /var/log/samba/log.%m
max log size = 50
logon script = Set-ADPicture.vbs
## min protocol = SMB2
## Share definitions
[homes]
comment = Home Directories
path = /home/%U
read only = No
inherit permissions = Yes
browseable = No
veto files
="/*.mp3/*.mov/*.jpeg/*.png/*.mp4/*.jfif/*.ppm/*.pgm/*.tiff/*.bmp/*.dwg/"
vfs objects = recycle
recycle:repository = /home/.recycle/%U
recycle:keeptree = Yes
recycle:touch = Yes
recycle:versions = Yes
recycle:maxsixe = 0
recycle:exclude = *.tmp
[Share]
read list = %U, administrator,suresh
path = /storage/CSfiles/pubshare
write list = %U,administrator,suresh
recycle:touch = Yes
recycle:maxsixe = 0
recycle:repository = /storage/CSfiles/pubshare/.recycle/%U
comment = Public Share
vfs objects = recycle
browseable = No
recycle:exclude = *.tmp
directory mask = 0700
inherit permissions = Yes
# revalidate = yes
veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
recycle:keeptree = Yes
user = administrator,%U,suresh
public = yes
recycle:versions = Yes
[cscloudvendor]
read list = %U, administrator, pranavjairam
path = /storage/CSfiles/cscloud/vendor
valid users = %U, pranavjairam, administrator
write list = %U,administrator
recycle:touch = Yes
recycle:maxsixe = 0
recycle:repository = /storage/CSfiles/cscloud/vendor/.recycle/%U
usershare allow guests = yes
comment = cscloud vendor drawing Share
vfs objects = recycle
browseable = Yes
recycle:exclude = *.tmp
directory mask = 0700
#inherit permissions = Yes
# revalidate = yes
veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
recycle:keeptree = Yes
user = administrator,%U, pranavjairam
public = yes
recycle:versions = Yes
[cscloudvideo]
read list = %U, administrator
path = /storage/CSfiles/cscloud/video
write list = %U,administrator
recycle:touch = Yes
recycle:maxsixe = 0
recycle:repository = /storage/CSfiles/cscloud/video/.recycle/%U
comment = Cscloud videos Share
vfs objects = recycle
browseable = No
recycle:exclude = *.tmp
directory mask = 0700
inherit permissions = Yes
# revalidate = yes
veto files = "/*.mp3/*.mov/*.dwg/*.dwx/*.mpg/"
recycle:keeptree = Yes
user = administrator,%U
public = yes
recycle:versions = Yes
[profiles]
recycle:keeptree = Yes
path = /storage/profiles`
recycle:touch = Yes
directory mask = 0700
recycle:versions = Yes
browsable = No
vfs objects = recycle
comment = User profiles
profile acls = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
veto files = /*.mp3/*.avi/*.mov/"
write list =
recycle:repository = /storage/profiles/.recycle/%U
users =
recycle:exclude = *.tmp
store dos attributes = Yes
writable = yes
read list =
create mask = 0600
recycle:maxsixe = 0
[netlogon]
recycle:keeptree = Yes
path = /var/lib/netlogon
recycle:touch = Yes
directory mask = 0700
recycle:versions = Yes
browsable = No
vfs objects = recycle
comment = netlogon
profile acls = Yes
hide files = /desktop.ini/ntuser.ini/NTUSER.*/
veto files = /*.mp3/*.avi/*.mov/"
write list recycle:repository = /var/lib/netlogon/.recycle/%U
users recycle:exclude = *.tmp
store dos attributes = Yes
writable = yes
read list create mask = 0600
recycle:maxsixe = 0
[Design]
recycle:maxsixe = 0
read list = suresh,manjunathsingh,senthil,roopesh,arjunsagar,prabhu
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
valid users =
administrator,suresh,manjunathsingh,senthil,roopesh,arjunsagar,prabhu
recycle:repository = /storage/CSfiles/Design/.recycle/%U
write list = pranavjairam,manjunathsingh,arjunsagar,prabhu
veto files = /*.mp3/*.avi/*.mov/"
public = yes
comment = Design Documents
vfs objects = recycle
recycle:versions = Yes
recycle:touch = Yes
browseable = no
path = /storage/CSfiles/Design
recycle:keeptree = Yes
writeable = yes
[test123]
comment = test123
path = /home/
inherit acls = Yes
inherit permissions = Yes
valid users = harikumar
read list = harikumar
write list = harikumar
veto files = /*.mp3/*.avi/*.mov/"
public = yes
writeable = yes
browseable = no
[Materials]
recycle:keeptree = Yes
writeable = yes
path = /storage/CSfiles/materials
recycle:versions = Yes
browseable = no
recycle:touch = Yes
comment = Materials
vfs objects = recycle
veto files = /*.mp3/*.avi/*.mov/"
recycle:repository = /storage/CSfiles/materials/.recycle/%U
valid users = suresh,senthil,sangeetha,prakash
write list = suresh,senthil,sangeetha,prakash
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
[Accounts]
public = yes
veto files = /*.mp3/*.avi/*.mov/"
write list = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
valid users = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
recycle:repository = /storage/CSfiles/accounting/.recycle/%U
recycle:exclude = *.tmp
inherit permissions = Yes
inherit acls = Yes
create mask = 0600
read list = administrator,lokesh,harishkumar,devaraju,shivanagouda,vijaya
recycle:maxsixe = 0
recycle:keeptree = Yes
writeable = yes
path = /storage/CSfiles/accounting
recycle:touch = Yes
browseable = no
recycle:versions = Yes
directory mask = 0700
vfs objects = recycle
comment = Accounts
[Software]
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = administrator,pranavjairam,harikumar,suresh
recycle:repository = /storage/CSfiles/software/.recycle/%U
valid users = administrator,pranavjairam,harikumar,suresh
write list = administrator,pranavjairam,harikumar,suresh
recycle:versions = Yes
recycle:touch = Yes
comment = Software
vfs objects = recycle
writeable = yes
recycle:keeptree = Yes
path = /storage/CSfiles/software
[Production]
path = /storage/CSfiles/production
writeable = yes
recycle:keeptree = Yes
comment = Production
vfs objects = recycle
user = @Production, at Management
recycle:versions = Yes
browseable = no
recycle:touch = Yes
recycle:repository = /storage/CSfiles/production/.recycle/%U
valid users =
administrator,senthil,manjunathsingh,manjunathmk,rajeshbabu,prabhu,arjunsagar,karthik,kishor,ganeshbabu,vijayakumar,vinodkolar,basavaraj,harikumar
write list = administrator,manjunathsingh, at
Production,prabhu,arjunsagar,karthik,kishor,vijayakumar,vinodkolar,basavaraj,harikumar
veto files = /*.mp3/*.avi/*.mov/"
recycle:maxsixe = 0
read list = administrator,senthil,manjunathsingh,manjunathmk,rajeshbabu, at
Production, at
Management,prabhu,arjunsagar,karthik,kishor,ganeshbabu,vijayakumar,vinodkolar,basavaraj,harikumar
inherit permissions = Yes
recycle:exclude = *.tmp
[Management]
writeable = yes
recycle:keeptree = Yes
path = /storage/management
recycle:versions = Yes
browseable = no
recycle:touch = Yes
comment = Management
vfs objects = recycle
user = @Management
recycle:repository = /storage/CSfiles/management/.recycle/%U
valid users = administrator
write list = administrator, at Management
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = administrator, at Management
[Marketing]
recycle:maxsixe = 0
comment = Marketing Files
vfs objects = recycle
read list = administrator,kavitha,kokila
recycle:versions = Yes
recycle:touch = Yes
browseable = no
recycle:exclude = *.tmp
valid users = administrator,kavitha,kokila
recycle:repository = /storage/CSfiles/marketing/.recycle/%U
path = /storage/CSfiles/marketing
write list = administrator,kavitha,kokila
veto files = "*.mp3/*.avi/*.mov/"
recycle:keeptree = Yes
[Productoin Bakery Equipment]
recycle:exclude = *.tmp
inherit permissions = Yes
read list = administrator, at Production, at Management, at materials
recycle:maxsixe = 0
veto files = /*.mp3/*.avi/*.mov/"
write list = administrator, at Production, at Management
valid users = administrator
recycle:repository = /storage/production-BE/.recycle/%U
browseable = no
recycle:touch = Yes
recycle:versions = Yes
user = @Production, at Management, at materials
vfs objects = recycle
comment = Production Bakery Equipment
recycle:keeptree = Yes
writeable = yes
path = /production-BE
[QMS]
recycle:maxsixe = 0
read list = administrator,senthil,suresh
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:repository = /storage/qms/.recycle/%U
valid users = administrator,senthil,suresh
write list = administrator,senthil,suresh
veto files = /*.mp3/*.avi/*.mov/"
comment = QMS Files
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
path = /storage/CSfiles/qms
recycle:keeptree = Yes
writeable = yes
[HR]
recycle:maxsixe = 0
read only = No
read list = administrator,vijaya,suresh,rajeshwari,harikumar
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:repository = /storage/CSfiles/HR/.recycle/%U
valid users = administrator,vijaya,suresh,rajeshwari,harikumar
write list = administrator,vijaya,suresh,rajeshwari,harikumar
veto files = /*.mp3/*.avi/*.mov/"
comment = HR Documents
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
path = /storage/CSfiles/HR/
writeable = yes
recycle:keeptree = Yes
[storagebox]
comment = Entire CSA files
read list = suresh
inherit acls = Yes
inherit permissions = Yes
valid users = suresh
write list = suresh
path = /storage/
veto files = /*.mp3/*.avi/*.mov/
recycle:repository = /storage/.recycle/%U
recycle:maxsixe = 0
recycle:exclude = *.tmp
recycle:keeptree = Yes
recycle:versions = Yes
recycle:touch = Yes
[revent]
valid users = administrator,prabhu,pranavjairam,roopesh,vinodkolar
recycle:repository = /storage/CSfiles/revent/.recycle/%U
write list = administrator,pranavjairam, at
management,prabhu,roopesh,vinodkolar
public = yes
recycle:maxsixe = 0
read list = administrator,pranavjairam,prabhu, at management,roopesh,vinodkolar
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
path = /storage/CSfiles/revent
recycle:keeptree = Yes
writeable = yes
comment = revent
vfs objects = recycle
user = @management
recycle:versions = Yes
recycle:touch = Yes
browseable = no
# only user = Yes
[csvideo]
write list =
administrator,pranavjairam,manjunathsingh,suresh,harikumar,harsha,ram, at
management
valid users = administrator,suresh,%U
recycle:repository = /storage/CSfiles/csaplvideos/.recycle/%U
public = yes
read list = administrator,%U,satheeshkumar, at management
recycle:maxsixe = 0
recycle:exclude = *.tmp
inherit permissions = Yes
inherit acls = Yes
path = /storage/CSfiles/csaplvideos
writeable = yes
recycle:keeptree = Yes
user = @management
vfs objects = recycle
comment = csaplvideo
recycle:touch = Yes
recycle:versions = Yes
[ABL]
read list = administrator,pranavjairam,manjunathsingh, at
management,prabhu,arjunsagar,vijayakumar
recycle:maxsixe = 0
recycle:exclude = *.tmp
inherit permissions = Yes
inherit acls = Yes
write list = administrator,pranavjairam,manjunathsingh, at
management,prabhu,arjunsagar,vijayakumar
valid users =
administrator,pranavjairam,manjunathsingh,prabhu,arjunsagar,vijayakumar
recycle:repository = /storage/CSfiles/ABL/.recycle/%U
public = yes
veto files = /*.mp3/*.avi/*.mov/"
user = @management
vfs objects = recycle
comment = Automatic Bread Line Project
recycle:touch = Yes
browseable = no
recycle:versions = Yes
path = /storage/CSfiles/ABL
writeable = yes
recycle:keeptree = Yes
[automation]
path = /storage/CSfiles/automation
writeable = yes
recycle:keeptree = Yes
comment = Automation - PLC
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
recycle:repository = /storage/CSfiles/automation/.recycle/%U
valid users = pranavjairam,amir,electrical,anilm,yogeshkumar
write list = pranavjairam,amir,anilm,yogeshkumar
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:maxsixe = 0
read list = pranavjairam,amir,electrical,anilm,yogeshkumar
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
[inventory]
path = /storage/CSfiles/Inventory
writeable = yes
recycle:keeptree = Yes
comment = Automation - PLC
vfs objects = recycle
recycle:versions = Yes
browseable = no
recycle:touch = Yes
recycle:repository = /storage/CSfiles/Inventory/.recycle/%U
valid users = pranavjairam,suresh,harikumar
write list = pranavjairam,suresh,harikumar
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:maxsixe = 0
read list = suresh,pranavjairam,harikumar
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
[rackoven]
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:repository = /storage/CSfiles/Design/.recycle/%U
valid users = roopesh
write list = maheshbabu,prabath
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = roopesh
recycle:keeptree = Yes
writeable = yes
path = /storage/CSfiles/Design/Rackovens-oct2010
recycle:versions = Yes
recycle:touch = Yes
comment = Rack Ovens
vfs objects = recycle
[rack1]
recycle:maxsixe = 0
read list = rajeshbabu,arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
valid users =
roopesh,rajeshbabu,arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
recycle:repository = /storage/CSfiles/Design/.recycle/%U
write list = arjunsagar,prabhu,vijayasullad,vinodkolar,basavaraj
veto files = /*.mp3/*.avi/*.mov/"
public = yes
comment = Rack Ovens( New on created by Mr.Mukund)
vfs objects = recycle
recycle:versions = Yes
recycle:touch = Yes
path = /storage/CSfiles/Design/RACK
writeable = yes
recycle:keeptree = Yes
[edshare]
write list =
pranavjairam,suresh,manjunathsingh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
recycle:repository = /storage/CSfiles/Design/.recycle/%U
valid users =
manjunathsingh,pranavjairam,suresh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
public = yes
read list =
manjunathsingh,pranavjairam,suresh,prabhu,arjunsagar,kishor,basavaraj,vinodkolar,vijayakumar
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.txt
inherit acls = Yes
path = /storage/CSfiles/Design/EDShare
writeable = yes
recycle:keeptree = Yes
vfs objects = recycle
comment = Engineering Drwaing for Sharing Design Department
recycle:touch = Yes
recycle:versions = Yes
[B1900]
write list = senthil
recycle:repository = /storage/CSfiles/Design/.recycle/%U
valid users = senthil
public = yes
veto files = /*.mp3/*.avi/*.mov/"
read list = senthil
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
path =
/storage/CSfiles/Design/EDShare/Rack_ovens/India_231211(14.02.2012)/B-1900(New14.02.2012)
recycle:keeptree = Yes
writeable = yes
vfs objects = recycle
comment = Engineering Drwaing for B1900
recycle:touch = Yes
recycle:versions = Yes
[egostol]
comment = Gostol Documents ;
read list = administrator
inherit acls = Yes
inherit permissions = Yes
valid users = administrator
write list = administrator
path = /storage/Design/Gostol Documents ;
veto files = /*.mp3/*.avi/*.mov/" ;
public = yes
writeable = yes
# only user = No
[gostol]
recycle:versions = Yes
recycle:touch = Yes
comment = Gostol Gopan
vfs objects = recycle
writeable = yes
recycle:keeptree = Yes
path = /storage/CSfiles/Gostol
inherit acls = Yes
inherit permissions = Yes
recycle:exclude = *.tmp
recycle:maxsixe = 0
read list = hrjairam
veto files = /*.mp3/*.avi/*.mov/"
public = yes
recycle:repository = /storage/CSfiles/Gostol/.recycle/%U
valid users = hrjairam
write list = hrjairam
[financial]
recycle:versions = Yes
recycle:touch = Yes
comment = Financial Statements
vfs objects = recycle
writeable = yes
recycle:keeptree = Yes
path = /storage/CSfiles/Financial
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
recycle:maxsixe = 0
veto files = /*.mp3/*.avi/*.mov/"
public = yes
valid users = vijaya,hrjairam
recycle:repository = /storage/CSfiles/Financial/.recycle/%U
write list = vijaya,hrjairam
[csinfo]
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
write list = pranavjairam,hrjairam,vijaya
recycle:repository = /storage/CSfiles/CSAPLInfo/.recycle/%U
valid users = pranavjairam,hrjairam,vijaya
public = yes
veto files = /*.mp3/*.avi/*.mov/"
vfs objects = recycle
comment = CS Aerotherm Pvt. Ltd. Information
recycle:touch = Yes
recycle:versions = Yes
path = /storage/CSfiles/CSAPLInfo
recycle:keeptree = Yes
writeable = yes
[service]
comment = Service Office Files (K.R.Road -- Through VPN)
vfs objects = recycle
recycle:versions = Yes
recycle:touch = Yes
path = /storage/CSfiles/Service
recycle:keeptree = Yes
writeable = yes
recycle:maxsixe = 0
read list = suresh,nirmala,balaji,archana,manjunathmk,devaraju,padminisharma
inherit acls = Yes
recycle:exclude = *.tmp
inherit permissions = Yes
valid users = suresh,nirmala,balaji,archana,manjunathmk,devaraju,padminisharma
recycle:repository = /storage/CSfiles/Service/.recycle/%U
write list = suresh,nirmala,balaji,archana,manjunath,devaraju,padminisharma
veto files = /*.mp3/*.avi/*.mov/"
public = yes
[goinfo]
recycle:keeptree = Yes
writeable = yes
path = /opt/sqlanywhere12/gosoft
recycle:touch = Yes
recycle:versions = Yes
vfs objects = recycle
comment = Gosoft
public = yes
veto files = /*.mp3/*.avi/*.mov/"
write list = pranavjairam,manjunath
recycle:repository = /opt/sqlanywhere12/gosoft/.recycle/%U
valid users = pranavjairam,manjunath
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
read list = pranavjairam,manjunath
recycle:maxsixe = 0
[ISO]
read list =
administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
recycle:maxsixe = 0
inherit permissions = Yes
recycle:exclude = *.tmp
inherit acls = Yes
write list =
administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
recycle:repository = /storage/CSfiles/iso_2015/.recycle/%U
valid users =
administrator,senthil,suresh,nirmala,manjunathsingh,rajeshbabu,lokesh.vijaya,pranavjairam,harsha,prakash,kokila,roopesh
public = yes
veto files = /*.mp3/*.avi/*.mov/"
vfs objects = recycle
comment = ISO Files
browseable = no
recycle:touch = Yes
recycle:versions = Yes
path = /storage/CSfiles/ISO_2015/
writeable = yes
recycle:keeptree = Yes
Andrew Bartlett
2018-Jun-30 10:10 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
On Sat, 2018-06-30 at 14:51 +0530, Anantha Raghava via samba wrote:> Hi, > > We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 LTS) > for quite sometime now. We recently installed Samba-AD (Samba AD Version > 4.7.6) and made the file server a member of the Domain. Everything was > fine till around 11:15 am yesterday. We just added one more share folder > and gave access to three users and restarted Samba File Server services > - smbd, nmbd and winbindd - services and we lost the file server. None > of the domain user is able to login to file server and access their > shares. If we access the shares from a non-domain member PC, shares are > accessible. > > File server when accessed asks for user name & password. Once the user > feeds his credentials, the login fails and again the file server will > ask for user credentials. This is really surprising. > > We enabled log level 3 on both samba servers (File & AD Server) and we > see nothing with respect to this error.Given the serious nature of things, I would just keep turning up the logs until something becomes clear. Is winbindd still talking to the domain, eg 'wbinfo -P'? Thanks, Andrew Bartlett -- Andrew Bartlett http://samba.org/~abartlet/ Authentication Developer, Samba Team http://samba.org Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
Anantha Raghava
2018-Jun-30 10:47 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
Hello Andrew, Thanks for quick response. It looks like winbindd is not connecting to domain. wbinfo -P results in a failure. The actual result is: checking the NETLOGON for domain[WORKGROUP] dc connection to "" failed failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND -- Thanks & Regards, Anantha Raghava Do not print this e-mail unless required. Save Paper & trees. On 30/06/18 3:40 PM, Andrew Bartlett wrote:> On Sat, 2018-06-30 at 14:51 +0530, Anantha Raghava via samba wrote: >> Hi, >> >> We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 LTS) >> for quite sometime now. We recently installed Samba-AD (Samba AD Version >> 4.7.6) and made the file server a member of the Domain. Everything was >> fine till around 11:15 am yesterday. We just added one more share folder >> and gave access to three users and restarted Samba File Server services >> - smbd, nmbd and winbindd - services and we lost the file server. None >> of the domain user is able to login to file server and access their >> shares. If we access the shares from a non-domain member PC, shares are >> accessible. >> >> File server when accessed asks for user name & password. Once the user >> feeds his credentials, the login fails and again the file server will >> ask for user credentials. This is really surprising. >> >> We enabled log level 3 on both samba servers (File & AD Server) and we >> see nothing with respect to this error. > Given the serious nature of things, I would just keep turning up the > logs until something becomes clear. > > Is winbindd still talking to the domain, eg 'wbinfo -P'? > > Thanks, > > Andrew Bartlett >
Rowland Penny
2018-Jun-30 11:43 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
On Sat, 30 Jun 2018 14:51:48 +0530 Anantha Raghava via samba <samba at lists.samba.org> wrote:> Hi, > > We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 > LTS) for quite sometime now. We recently installed Samba-AD (Samba AD > Version 4.7.6) and made the file server a member of the Domain. > Everything was fine till around 11:15 am yesterday. We just added one > more share folder and gave access to three users and restarted Samba > File Server services > - smbd, nmbd and winbindd - services and we lost the file server. > None of the domain user is able to login to file server and access > their shares. If we access the shares from a non-domain member PC, > shares are accessible. > > File server when accessed asks for user name & password. Once the > user feeds his credentials, the login fails and again the file server > will ask for user credentials. This is really surprising. > > We enabled log level 3 on both samba servers (File & AD Server) and > we see nothing with respect to this error. > > Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are > attached. > > I am aware that Samba file server is very old and it's time to > upgrade. However, getting it back live is now critical for us. > > Look forward for any guidance. > > > Thanks & Regards, > > > Anantha Raghava > > > Do not print this e-mail unless required. Save Paper & trees. >There doesn't seen to be anything really wrong with the Unix domain member smb.conf, apart from it having a netlogon share (this in my opinion should only be on a PDC or DC). I would leave the domain, remove the netlogon share, remove all Samba .ldb and .tdb files (usually in /var/lib/samba), then rejoin the domain and restart the samba deamons (nmbd, smbd and winbindd), this will recreate all the Samba databases. If this doesn't work, add 'log level = 10' to smb.conf on the Unix domain member and see if anything pops out. I have however noticed this: DC smb.conf: realm = XXXX.COM workgroup = XXXX [netlogon] path = /usr/local/samba/var/locks/sysvol/exza.com/scripts Unix domain member smb.conf: workgroup = CSAEROTHERM realm = CSAEROTHERM.COM On the DC, the realm appears to actually be 'exza.com' but on the Unix domain member it is set to 'CSAEROTHERM.COM', these must match, yours don't. Rowland
Anantha Raghava
2018-Jun-30 15:39 UTC
[Samba] Developed an issue with Samba File Server integrated with Samba-AD
Hello Rowland,> On Sat, 30 Jun 2018 14:51:48 +0530 > Anantha Raghava via samba <samba at lists.samba.org> wrote: > >> Hi, >> >> We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04 >> LTS) for quite sometime now. We recently installed Samba-AD (Samba AD >> Version 4.7.6) and made the file server a member of the Domain. >> Everything was fine till around 11:15 am yesterday. We just added one >> more share folder and gave access to three users and restarted Samba >> File Server services >> - smbd, nmbd and winbindd - services and we lost the file server. >> None of the domain user is able to login to file server and access >> their shares. If we access the shares from a non-domain member PC, >> shares are accessible. >> >> File server when accessed asks for user name & password. Once the >> user feeds his credentials, the login fails and again the file server >> will ask for user credentials. This is really surprising. >> >> We enabled log level 3 on both samba servers (File & AD Server) and >> we see nothing with respect to this error. >> >> Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are >> attached. >> >> I am aware that Samba file server is very old and it's time to >> upgrade. However, getting it back live is now critical for us. >> >> Look forward for any guidance. >> >> >> Thanks & Regards, >> >> >> Anantha Raghava >> >> >> Do not print this e-mail unless required. Save Paper & trees. >> > There doesn't seen to be anything really wrong with the Unix domain > member smb.conf, apart from it having a netlogon share (this in my > opinion should only be on a PDC or DC). I would leave the domain, > remove the netlogon share, remove all Samba .ldb and .tdb files > (usually in /var/lib/samba), then rejoin the domain and restart the > samba deamons (nmbd, smbd and winbindd), this will recreate all the > Samba databases. > > If this doesn't work, add 'log level = 10' to smb.conf on the Unix > domain member and see if anything pops out. > > I have however noticed this: > > DC smb.conf: > > realm = XXXX.COM > workgroup = XXXX > > [netlogon] > path = /usr/local/samba/var/locks/sysvol/exza.com/scripts > > Unix domain member smb.conf: > > workgroup = CSAEROTHERM > realm = CSAEROTHERM.COM > > On the DC, the realm appears to actually be 'exza.com' but on the Unix > domain member it is set to 'CSAEROTHERM.COM', these must match, yours > don't.This is matching. I was just comparing the smb.conf of AD DC on exza.com server with that of CSAEROTHERM.COM. Since it was same, I just copied smb.conf from exza.com server and attached to the mail. I tried the your suggestion. I attempted to leave domain. it resulted in: root at samba-64:/var/lib/samba# net ads leave -U administrator No realm set, are we joined ? & If I try to join the domain, it results in : root at samba-64:/var/lib/samba# net ads join -U administrator Host is not configured as a member server. Invalid configuration. Exiting.... Failed to join domain: This operation is only allowed for the PDC of the domain.> > Rowland >Regards, Anantha Raghava
Apparently Analagous Threads
- Developed an issue with Samba File Server integrated with Samba-AD
- Developed an issue with Samba File Server integrated with Samba-AD
- Developed an issue with Samba File Server integrated with Samba-AD
- Developed an issue with Samba File Server integrated with Samba-AD
- Upgrading BIND DNS Backend