[Samba] [Samba 3, Debian wheezy] All of a sudden, resolving ADS user fails completely

Patrick G. Stoesser lists at pgs-info.de
Tue Dec 10 07:49:51 MST 2013 

Am 10.12.2013 15:25, schrieb steve:
> On Tue, 2013-12-10 at 13:39 +0100, Patrick G. Stoesser wrote:
>
>>
>> Does anyone have any idea where I could look after?
>
> nss is failing. What do you have in:
> /etc/nsswitch.conf
> and is the service for passwd running (could be winbind, sss,
> ldap. . .)
>
> What does /smb.conf look like?
>
> IOW, not enough info 2 b able 2 help further. . .
>
> Steve
>
>

Oops, my fault. Ok, here we are. Winbind is running.

/etc/nsswitch.conf:

passwd: files winbind
group:  files winbind
hosts:  files dns wins
shadow: files winbind

networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis



/etc/samba/smb.conf (anonymized with "***"). the directives "server 
signing", "client signing", "max protocol" were added by me a few 
minutes ago but did not help.


[global]
server signing = auto
client signing = auto
max protocol = smb2
security = ADS
encrypt passwords = true
password server = ***.***.15.146 ***.***.15.208 ***.***.15.144
workgroup = AD
netbios name = fileserver3
enhanced browsing = no
realm = AD.***.DE
winbind separator = #
winbind use default domain = Yes
client use spnego = yes
server string = %h Debian GNU/Linux
log file = /var/log/samba/%m.log
syslog only = no
syslog = 0
log level = 1
machine password timeout = 0
winbind enum users = no
winbind enum groups = no
socket options = TCP_NODELAY.

hostname lookups = no
dnsproxy = no
local master = no
domain master = no
directory mask = 0700
create mask = 0700
wins support = no
wins server = ***.***.15.208 ***.***.15.144
admin users = root
dos charset = cp850
unix charset = ISO-8859-15
display charset = ISO-8859-15
deadtime = 30
name resolve order = wins bcast host
disable spoolss = yes
follow symlinks = no
show add printer wizard = no
oplocks = no
level2 oplocks = no
max log size = 1000
load printers = no
vfs object = recycle
recycle:repository = ___TRASH___
recycle:keeptree = yes
recycle:touch = yes
recycle:versions = yes


[user1]
path = /srv1/user1
browseable = no
valid users = ad#user1
write list = ad#user1

and so on with more shares.



I raised the log level to 3, and here's a client log when trying to connect:

[2013/12/10 15:43:24.695236,  3] lib/access.c:338(allow_access)
   Allowed connection from ***.***.14.24 (***.***.14.24)
[2013/12/10 15:43:24.695406,  3] smbd/oplock.c:922(init_oplocks)
   init_oplocks: initializing messages.
[2013/12/10 15:43:24.695541,  3] 
smbd/oplock_linux.c:226(linux_init_kernel_oplocks)
   Linux kernel oplocks enabled
[2013/12/10 15:43:24.695681,  3] smbd/process.c:1662(process_smb)
   Transaction 0 of length 72 (0 toread)
[2013/12/10 15:43:24.695752,  2] smbd/reply.c:553(reply_special)
   netbios connect: name1=FILESERVER30x20 name2=TSNEU          0x0
[2013/12/10 15:43:24.711464,  2] smbd/reply.c:573(reply_special)
   netbios connect: local=fileserver3 remote=tsneu, name type = 0
[2013/12/10 15:43:33.633745,  3] lib/access.c:338(allow_access)
   Allowed connection from ***.***.14.24 (***.***.14.24)
[2013/12/10 15:43:33.633899,  3] smbd/oplock.c:922(init_oplocks)
   init_oplocks: initializing messages.
[2013/12/10 15:43:33.634030,  3] 
smbd/oplock_linux.c:226(linux_init_kernel_oplocks)
   Linux kernel oplocks enabled
[2013/12/10 15:43:33.634163,  3] smbd/process.c:1662(process_smb)
   Transaction 0 of length 72 (0 toread)
[2013/12/10 15:43:33.634232,  2] smbd/reply.c:553(reply_special)
   netbios connect: name1=FILESERVER30x20 name2=TSNEU          0x0
[2013/12/10 15:43:33.634306,  2] smbd/reply.c:573(reply_special)
   netbios connect: local=fileserver3 remote=tsneu, name type = 0
[2013/12/10 15:43:37.018709,  3] lib/access.c:338(allow_access)
   Allowed connection from ***.***.14.24 (***.***.14.24)
[2013/12/10 15:43:37.018857,  3] smbd/oplock.c:922(init_oplocks)
   init_oplocks: initializing messages.
[2013/12/10 15:43:37.019023,  3] 
smbd/oplock_linux.c:226(linux_init_kernel_oplocks)
   Linux kernel oplocks enabled
[2013/12/10 15:43:37.019167,  3] smbd/process.c:1662(process_smb)
   Transaction 0 of length 72 (0 toread)
[2013/12/10 15:43:37.019237,  2] smbd/reply.c:553(reply_special)
   netbios connect: name1=FILESERVER30x20 name2=TSNEU          0x0
[2013/12/10 15:43:37.019310,  2] smbd/reply.c:573(reply_special)
   netbios connect: local=fileserver3 remote=tsneu, name type = 0

Kind regards, Patrick

More information about the samba mailing list