[Samba] Unable to connect to domain after upgrading to Samba 3.6.9
Aaron Johnson
aaron at ajserver.com
Mon May 19 20:34:16 MDT 2014
Thanks in advance for your help.
We recently upgraded from Centos 5.X samba 3.5 to Centos 6.X samba
3.6.9. Shared drives and data are accessible which indicates that user
accounts were also successfully migrated.
However when attempting to connect one of our Windows 7 Pro 64-bit SP1
workstation to our Samba domain controller the connection fails. I did
have to add a SRV record for "_ldap._tcp.dc._msdcs.ldoubler.org. 3600 IN
SRV 0 100 389 server.ldoubler.org." to DNS following our first error,
however now the client appears to be attempting to connect to the LDAP
service port 389 on our domain controller, however we are not using an
LDAP backend, as such it is causing this error:
DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain "ldoubler.org":
The query was for the SRV record for _ldap._tcp.dc._msdcs.ldoubler.org
The following domain controllers were identified by the query:
server.ldoubler.org
However no domain controllers could be contacted.
Common causes of this error include:
- Host (A) or (AAAA) records that map the names of the domain
controllers to their IP addresses are missing or contain incorrect
addresses.
- Domain controllers registered in DNS are not connected to the
network or are not running.
We are using tdbsam, how do we use this backend without ldap?
Here is our smb.conf file for reference:
# cat /etc/samba/smb.conf | grep -v '^#'
[global]
workgroup = LDOUBLER.ORG
security = user
netbios aliases = server
server string = %h server
passdb backend = tdbsam
passwd program = /usr/bin/passwd %u
passwd chat = *New\sUNIX\spassword:* %n\n
*Retype\snew\sUNIX\spassword:* %n\n
*passwd*\sall\sauthentication\stokens\supdated\ssuccessfully.* .
username map = /etc/samba/smbusers
check password script = /usr/sbin/cracklib-check
unix password sync = yes
syslog = 0
log file = /var/log/samba/log.%m
log level = 1
max log size = 10000000
add user script = /usr/sbin/useradd -m %u
delete user script = /usr/sbin/usrdel -r %u/
add group script = /usr/sbin/groupadd %g
delete group script = /usr/sbin/groupdel %g
add user to group script = /usr/sbin/groupmod -A %u %g
delete user from group script = /usr/sbin/groupmod -R %u %g
add machine script = /usr/sbin/adduser -n -l --home
/var/lib/nobody --shell /bin/false %u
logon script = scripts\logon-common.bat
scripts\logon-%a.bat scripts\logon-%u.bat scripts\logon-%g.bat
logon path = \\%L\profiles
logon drive = H:
logon home = \\%L\%U
domain logons = Yes
os level = 35
preferred master = Yes
domain master = Yes
dns proxy = No
encrypt passwords = yes
message command = echo %m $(cat %s |tr -d '\000')
>>/tmp/smbmess; rm %s
panic action = /usr/share/samba/panic-action %d
admin users = @admin
#, root, administrator
time server = yes
[homes]
read only = No
acl group control = Yes
create mask = 0600
force create mode = 0600
security mask = 0600
directory mask = 0700
force directory mode = 0700
directory security mask = 0700
hide unreadable = Yes
veto files = //.*/profile/profile.V2/Maildir/
browseable = No
[Office]
comment = Whole Office shared
path = /srv/samba/officeshared
valid users = @users
force group = users
read only = No
create mask = 0770
force create mode = 0770
directory mask = 2770
force directory mode = 2770
veto files =
wide links = No
[ExecutiveSecure]
comment = Executive Secure Files
path = /srv/samba/execsecure
valid users = @executive
force group = executive
read only = No
create mask = 0660
force create mode = 0660
force security mode = 0660
directory mask = 2770
force directory mode = 2770
force directory security mode = 2770
inherit permissions = Yes
inherit owner = Yes
browseable = Yes
[profiles]
comment = profiles for windows XP logon
path = /home/%U/profile
read only = No
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
store dos attributes = Yes
browseable = No
[profiles.V2]
comment = profiles for windows 7 logon
path = /home/%U/profile.V2
read only = No
create mask = 0600
force create mode = 0600
directory mask = 0700
force directory mode = 0700
store dos attributes = Yes
browseable = No
[netlogon]
comment = NetLogon Share
path = /srv/samba/samba/netlogon
guest ok = Yes
browseable = No
[accounting]
comment = Accounting Files
path = /srv/samba/accounting
valid users = @accounting @executive aaron
force group = accounting
read only = No
create mask = 0660
force create mode = 0660
directory mask = 2770
force directory mode = 2770
browseable = Yes
[campwise]
comment = Campwise Data files
path = /srv/samba/campwise
valid users = @campwise @users
force group = campwise
read only = No
create mask = 0660
force create mode = 0660
directory mask = 2770
force directory mode = 2770
wide links = No
browseable = Yes
[scanning]
browseable = Yes
delete readonly = yes
wide links = no
writable = yes
write list = minolta @scanning
path = /srv/samba/scanning
force directory mode = 2070
force group = scanning
force create mode = 0060
comment = New Incoming Scans
valid users = minolta @scanning
create mode = 0060
directory mode = 2070
[sysadmins]
comment = System Administration Things
path = /srv/samba/sysadmins
valid users = @admin
#valid users checks the UNIX group NOT the Windows group
force group = admin
read only = no
create mask = 0660
directory mask = 2770
browsable = no
[root@ ~]#
Thanks,
Aaron Johnson
More information about the samba
mailing list