[Samba] Problem with AD users and groups
Marcelo Ruriani
systemadmin at helpinghandsofgreenup.org
Fri Jun 7 11:56:31 MDT 2013
On 6/7/13 10:51 AM, Ricky Nance wrote:
> I'd double check on the samba server it self if you can connect to it
> using smbclient... `smbclient //localhost/sysvol -Uadministrator` ....
> if that fails try `smbclient //localhost/sysvol -d5 -Uadministrator`
> and paste the output in your reply. If it succeeds then you can pretty
> much bet on a connectivity issue... by the way, why isn't samba
> listening on port 88 in your last mail? It might be worth it to try a
> `killall samba && sleep 5 && samba -i -M single -d3` and look for any
> error messages ... anyway those are just a couple of my suggestions.
>
> Ricky
>
>
> On Thu, Jun 6, 2013 at 8:30 PM, Marcelo Ruriani
> <systemadmin at helpinghandsofgreenup.org
> <mailto:systemadmin at helpinghandsofgreenup.org>> wrote:
>
> On 6/6/13 5:15 PM, Marc Muehlfeld wrote:
>
> Hello Marcelo,
>
> Am 06.06.2013 22:47, schrieb Marcelo Ruriani:
>
> It seems I locked myself out. I have tried these steps:
> turn off the
> firewall, ntacl sysvol reset, and dis-join from domain.
> The ntacl sysvol reset returns errors (which I'll post if
> necessary) the
> dis-join worked fine but I cannot re-join to the domain
> because it
> doesn't detect our domain and throws up an error "domain
> could not be
> contacted" and "DNS name doesn't exist".
>
>
> * IP connection between the hosts is fine? (ping each other)
>
> * Do you use the internal DNS or Bind DLZ?
>
> * Is Samba/Bind listening on port 53? Use 'netstat -taunp', to
> make sure, that nothing else is listening on this port and
> prevent the correct DNS to start up.
>
> * Can you check:
> https://wiki.samba.org/index.php/Samba_AD_DC_HOWTO#Testing_DNS
>
>
>
> Regards,
> Marc
>
> Dear List & Mark,
>
> Thank you for the reply. To answer your questions. I am using
> the internal DNS. The DNS testing reveals that host -t SRV _ldap
> (and so on) plus host -t SRV _kerberos (and so on) return with a
> "not found" error. The A record test works fine.
>
> Samba is listening on TCP port 53, 636, 1024, 3268, 3269, 389, 135
> (and UDP 53)
> smbd is listening on TCP port 139, 445
>
> The clients ping the server (ip and domain name) fine and the
> server pings the clients fine.
>
> My followup question will appear after this reply.
>
> Marcelo
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
To list, Mark, Ricky,
I must admit I am unsure why it isn't listening on port 88! I will
do that "kill all samba" thing later and reply if that does the trick.
On the tests you asked me to do, this is my output of terminal: (I
apologize for formatting)
root at ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol
-U%administrator
Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-94f11e9]
tree connect failed: NT_STATUS_ACCESS_DENIED
root at ad:/# /usr/local/samba/bin/smbclient //localhost/sysvol -d5
-U%administrator
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
params.c:pm_process() - Processing configuration file
"/usr/local/samba/etc/smb.conf"
Processing section "[global]"
doing parameter workgroup = AD.HHG.COM
doing parameter realm = HHG.COM
doing parameter netbios name = AD
doing parameter server role = active directory domain controller
doing parameter dns forwarder = 192.168.1.1
pm_process() returned Yes
added interface eth0 ip=fe80::222:19ff:fe95:7f31%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.1.10 bcast=192.168.1.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="AD"
Client started (version 4.1.0pre1-GIT-94f11e9).
Opening cache file at /usr/local/samba/var/lock/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
sitename_fetch: No stored sitename for HHG.COM
name localhost#20 found.
Connecting to ::1 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 173200
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
Domain=[AD.HHG.COM] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-94f11e9]
session setup ok
tree connect failed: NT_STATUS_ACCESS_DENIED
My questions are if the worst were if I had to re-provision, would the
re-provision be enough? OR Woul d I have to do the entire compile, make,
install procedure? Thanks.
Marcelo
More information about the samba
mailing list