Hello,
my Samba share was working perfectly and then suddenly was not available
to windows client.
The Samba server is a Domain member and the command "wbinfo -u" and
"getent passwd" returned no AD users.
The service has been recovered merely by restarting the winbindd service
We are running Samba 4.9.5 and my smb.conf is as below, I have also
pasted some (relevant?) logs
Are you aware of any known issue or miss-configuration?
[global]
client ldap sasl wrapping = plain
dedicated keytab file = /etc/krb5.keytab
disable spoolss = yes
host msdfs = no
idmap config * : backend = tdb
idmap config * : range = 30000-40000
idmap config * : schema_mode = rfc2307
idmap config MERCURIA : backend = rid
idmap config MERCURIA : range = 1000000-20000000
idmap config MERCURIA : schema_mode = rfc2307
kerberos method = secrets and keytab
load printers = no
local master = no
log file = /opt/samba/log/%m.log
log level = 5
map acl inherit = Yes
map to guest = bad user
max log size = 100000
preferred master = no
printcap name = /dev/null
realm = mercuria.met
security = ads
server string = Data %h
store dos attributes = Yes
vfs objects = zfsacl
winbind enum groups = yes
winbind enum users = yes
winbind expand groups = 10
winbind nested groups = yes
winbind normalize names = no
winbind nss info = rfc2307
winbind refresh tickets = Yes
winbind use default domain = no
workgroup = MERCURIA
[2020/12/28 08:45:54.785608,? 3]
../source3/winbindd/winbindd_pam.c:1495(winbind_samlogon_retry_loop)
? Could not open handle to NETLOGON pipe (error:
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, attempts: 0)
[2020/12/28 08:45:54.785887,? 3]
../source3/winbindd/winbindd_pam.c:1525(winbind_samlogon_retry_loop)
? The connection to netlogon failed, retrying
[2020/12/28 08:45:54.785898,? 3]
../source3/winbindd/winbindd_pam.c:1495(winbind_samlogon_retry_loop)
? Could not open handle to NETLOGON pipe (error:
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, attempts: 1)
[2020/12/28 08:45:54.785911,? 3]
../source3/winbindd/winbindd_pam.c:1501(winbind_samlogon_retry_loop)
? This is again a problem for this particular call, forcing the close
of this connection
...
2020/12/28 09:36:35.257954,? 3]
../source3/winbindd/winbindd_pam.c:1495(winbind_samlogon_retry_loop)
? Could not open handle to NETLOGON pipe (error:
NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND, attempts: 3)
[2020/12/28 09:36:35.257964,? 3]
../source3/winbindd/winbindd_pam.c:1501(winbind_samlogon_retry_loop)
? This is again a problem for this particular call, forcing the close
of this connection
[2020/12/28 09:36:35.257974,? 3]
../source3/winbindd/winbindd_pam.c:1515(winbind_samlogon_retry_loop)
? This is the third problem for this particular call, adding DC to the
negative cache list: MERCURIA CHGVA-DC22.mercuria.met
[2020/12/28 09:36:35.257992,? 2]
../source3/winbindd/winbindd_pam.c:2395(winbind_dual_SamLogon)
? NTLM CRAP authentication for user [MERCURIA]\[rvenkatesh] returned
NT_STATUS_NO_LOGON_SERVERS
[2020/12/28 09:36:35.258006,? 4]
../source3/winbindd/winbindd_dual.c:1605(child_handler)
? Finished processing child request 14
[2020/12/28 09:36:35.362413,? 5]
../source3/winbindd/winbindd_cm.c:162(msg_try_to_go_online)
? msg_try_to_go_online: received for domain MERCURIA.
[2020/12/28 09:36:35.362449,? 3]
../source3/winbindd/winbindd_cm.c:2146(connection_ok)
? connection_ok: Connection to CHGVA-DC22.mercuria.met for domain
MERCURIA is not connected
[2020/12/28 09:36:35.362509,? 5]
../source3/libsmb/namequery.c:212(saf_fetch)
? saf_fetch: failed to find server for "MERCURIA" domain
[2020/12/28 09:36:35.362540,? 5]
../source3/libads/sitename_cache.c:104(sitename_fetch)
? sitename_fetch: Returning sitename for realm 'mercuria.met':
"Geneva"
[2020/12/28 09:36:35.362560,? 4]
../source3/libsmb/namequery_dc.c:78(ads_dc_name)
? ads_dc_name: domain=MERCURIA
[2020/12/28 09:36:35.362577,? 5]
../source3/libads/sitename_cache.c:104(sitename_fetch)
? sitename_fetch: Returning sitename for realm 'mercuria.met':
"Geneva"
[2020/12/28 09:36:35.362597,? 5]
../source3/libsmb/namequery.c:212(saf_fetch)
? saf_fetch: failed to find server for "mercuria.met" domain
[2020/12/28 09:36:35.362609,? 3]
../source3/libsmb/namequery.c:3111(get_dc_list)
? get_dc_list: preferred server list: ", *"
[2020/12/28 09:36:35.362625,? 5]
../source3/libsmb/namecache.c:165(namecache_fetch)
? name mercuria.met#1C found.
[2020/12/28 09:36:35.362712,? 4]
../source3/libsmb/namequery.c:3256(get_dc_list)
? get_dc_list: returning 7 ip addresses in an ordered list
[2020/12/28 09:36:35.362724,? 4]
../source3/libsmb/namequery.c:3257(get_dc_list)
? get_dc_list: 10.41.10.247:389 10.41.10.144:389 10.41.10.123:389
10.41.10.55:389 10.41.10.155:389 10.41.11.127:389 10.41.10.246:389
[2020/12/28 09:36:35.362743,? 5]
../source3/libads/ldap.c:255(ads_try_connect)
? ads_try_connect: sending CLDAP request to 10.41.10.247 (realm:
mercuria.met)
[2020/12/28 09:36:35.363201,? 3] ../source3/libads/ldap.c:636(ads_connect)
? Successfully contacted LDAP server 10.41.10.247
[2020/12/28 09:36:35.363224,? 5]
../source3/libads/sitename_cache.c:104(sitename_fetch)
? sitename_fetch: Returning sitename for realm 'mercuria.met':
"Geneva"
[2020/12/28 09:36:35.363256,? 5]
../source3/libsmb/namequery.c:212(saf_fetch)
? saf_fetch: failed to find server for "mercuria.met" domain
[2020/12/28 09:36:35.363269,? 3]
../source3/libsmb/namequery.c:3111(get_dc_list)
? get_dc_list: preferred server list: ", *"
[2020/12/28 09:36:35.363282,? 5]
../source3/libsmb/namequery.c:2411(resolve_ads)
? resolve_ads: Attempting to resolve KDCs for mercuria.met using DNS
[2020/12/28 09:36:35.388566,? 4]
../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
? ads_dns_lookup_srv: 8 records returned in the answer section.
[2020/12/28 09:36:35.614535,? 4]
../source3/libsmb/namequery.c:3256(get_dc_list)
? get_dc_list: returning 7 ip addresses in an ordered list
[2020/12/28 09:36:35.614557,? 4]
../source3/libsmb/namequery.c:3257(get_dc_list)
? get_dc_list: 10.41.10.55:88 10.41.10.155:88 10.41.11.127:88
10.41.10.246:88 10.41.10.247:88 10.41.10.144:88 10.41.10.123:88
[2020/12/28 09:36:35.614578,? 5]
../source3/libsmb/namequery.c:212(saf_fetch)
? saf_fetch: failed to find server for "mercuria.met" domain
[2020/12/28 09:36:35.614591,? 3]
../source3/libsmb/namequery.c:3111(get_dc_list)
? get_dc_list: preferred server list: ", *"
[2020/12/28 09:36:35.614604,? 5]
../source3/libsmb/namequery.c:2411(resolve_ads)
? resolve_ads: Attempting to resolve KDCs for mercuria.met using DNS
[2020/12/28 09:36:35.845185,? 4]
../lib/addns/dnsquery.c:435(ads_dns_lookup_srv)
? ads_dns_lookup_srv: 25 records returned in the answer section.
[2020/12/28 09:36:35.845361,? 4]
../source3/libsmb/namequery.c:3256(get_dc_list)
? get_dc_list: returning 25 ip addresses in an ordered list
[2020/12/28 09:36:35.845373,? 4]
../source3/libsmb/namequery.c:3257(get_dc_list)
? get_dc_list: 10.224.75.227:88 10.224.75.226:88 10.41.10.247:88
10.17.140.100:88 10.16.140.14:88 10.16.211.11:88 10.1.12.15:88
10.1.12.16:88 10.16.140.13:88 10.178.10.23:88 10.41.10.144:88
10.41.10.55:88 10.41.10.123:88 10.41.10.155:88 10.32.10.100:88
10.41.10.246:88 10.224.11.44:88 10.226.10.12:88 10.226.10.11:88
10.227.70.150:88 10.44.11.27:88 10.44.11.171:88 10.49.11.55:88
10.49.11.14:88 10.34.10.16:88
[2020/12/28 09:36:35.846776,? 5]
../source3/libads/kerberos.c:741(create_local_private_krb5_conf_for_domain)
? create_local_private_krb5_conf_for_domain: wrote file
/opt/samba/var/lock/smb_krb5/krb5.conf.MERCURIA with realm MERCURIA.MET
KDC list = ??? ??? kdc = 10.41.10.247
? ??? ??? kdc = 10.41.10.55
? ??? ??? kdc = 10.41.10.155
? ??? ??? kdc = 10.41.11.127
[2020/12/28 09:36:35.846811,? 4]
../source3/libsmb/namequery_dc.c:152(ads_dc_name)
? ads_dc_name: using server='CHGVA-DC22.MERCURIA.MET' IP=10.41.10.247
[2020/12/28 09:36:35.846834,? 5]
../source3/libads/sitename_cache.c:104(sitename_fetch)
? sitename_fetch: Returning sitename for realm 'mercuria.met':
"Geneva"
[2020/12/28 09:36:35.846851,? 5]
../source3/libsmb/namequery.c:212(saf_fetch)
? saf_fetch: failed to find server for "mercuria.met" domain
[2020/12/28 09:36:35.846863,? 3]
../source3/libsmb/namequery.c:3111(get_dc_list)
? get_dc_list: preferred server list: ", *"
[2020/12/28 09:36:35.846878,? 5]
../source3/libsmb/namecache.c:165(namecache_fetch)
? name mercuria.met#1C found.
[2020/12/28 09:36:35.846934,? 4]
../source3/libsmb/namequery.c:3256(get_dc_list)
? get_dc_list: returning 7 ip addresses in an ordered list
[2020/12/28 09:36:35.846945,? 4]
../source3/libsmb/namequery.c:3257(get_dc_list)
? get_dc_list: 10.41.10.247:389 10.41.10.144:389 10.41.10.123:389
10.41.10.55:389 10.41.10.155:389 10.41.11.127:389 10.41.10.246:389
[2020/12/28 09:36:35.846986,? 5]
../source3/libsmb/namequery.c:212(saf_fetch)
? saf_fetch: failed to find server for "mercuria.met" domain
[2020/12/28 09:36:35.846998,? 3]
../source3/libsmb/namequery.c:3111(get_dc_list)
? get_dc_list: preferred server list: ", *"
[2020/12/28 09:36:35.847011,? 5]
../source3/libsmb/namecache.c:165(namecache_fetch)
? name mercuria.met#1C found.
[2020/12/28 09:36:35.847059,? 4]
../source3/libsmb/namequery.c:3256(get_dc_list)
? get_dc_list: returning 7 ip addresses in an ordered list
[2020/12/28 09:36:35.847069,? 4]
../source3/libsmb/namequery.c:3257(get_dc_list)
? get_dc_list: 10.41.10.247:389 10.41.10.144:389 10.41.10.123:389
10.41.10.55:389 10.41.10.155:389 10.41.11.127:389 10.41.10.246:389
[2020/12/28 09:36:35.847130,? 3]
../source3/lib/util_sock.c:515(open_socket_out_send)
? Connecting to 10.41.10.247 at port 445
[2020/12/28 09:36:35.847297,? 5]
../source3/libads/ldap.c:255(ads_try_connect)
? ads_try_connect: sending CLDAP request to 10.41.10.247 (realm:
mercuria.met)
[2020/12/28 09:36:35.847661,? 3] ../source3/libads/ldap.c:636(ads_connect)
? Successfully contacted LDAP server 10.41.10.247
[2020/12/28 09:36:35.847677,? 5]
../source3/libsmb/namecache.c:78(namecache_store)
? namecache_store: storing 1 address for CHGVA-DC22.mercuria.met#20:
10.41.10.247
[2020/12/28 09:36:35.847766,? 5]
../source3/libads/sitename_cache.c:104(sitename_fetch)
? sitename_fetch: Returning sitename for realm 'MERCURIA.MET':
"Geneva"
[2020/12/28 09:36:35.847798,? 5]
../source3/libsmb/namequery.c:212(saf_fetch)
? saf_fetch: failed to find server for "mercuria.met" domain
--
Regards
Andrea Cucciarre'