[Samba] Problem with AD users and groups

Marcelo Ruriani systemadmin at helpinghandsofgreenup.org
Thu Jun 6 19:30:53 MDT 2013

On 6/6/13 5:15 PM, Marc Muehlfeld wrote:
> Hello Marcelo,
> Am 06.06.2013 22:47, schrieb Marcelo Ruriani:
>> It seems I locked myself out. I have tried these steps: turn off the
>> firewall, ntacl sysvol reset, and dis-join from domain.
>> The ntacl sysvol reset returns errors (which I'll post if necessary) the
>> dis-join worked fine but I cannot re-join to the domain because it
>> doesn't detect our domain and throws up an error "domain could not be
>> contacted" and "DNS name doesn't exist".
> * IP connection between the hosts is fine? (ping each other)
> * Do you use the internal DNS or Bind DLZ?
> * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to make 
> sure, that nothing else is listening on this port and prevent the 
> correct DNS to start up.
> * Can you check: 
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS
> Regards,
> Marc
Dear List & Mark,

     Thank you for the reply. To answer your questions. I am using the 
internal DNS. The DNS testing reveals that host -t SRV _ldap (and so on) 
plus host -t SRV _kerberos (and so on) return with a "not found" error. 
The A record test works fine.

Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135 (and 
UDP 53)
smbd is listening on TCP port 139, 445

The clients ping the server (ip and domain name) fine and the server 
pings the clients fine.

My followup question will appear after this reply.


More information about the samba mailing list