[Samba] samba4 ADS no logon servers

Lars Hanke debian at lhanke.de
Wed Feb 26 16:12:50 MST 2014 

Thanks Marc,

I checked the open ports with nmap and all ports listed in the wiki seem 
to be accessible.

However, I see something, which is different to your debug output:

AD\Administrator at nfs4:~# net ads info -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface eth0 ip=172.16.8.4 bcast=172.16.8.255 netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
get_dc_list: preferred server list: ", *"
ads_cldap_netlogon: did not get a reply
ads_try_connect: CLDAP request 127.0.1.1 failed.
ads_connect: No logon servers
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
ads_connect: No logon servers
Didn't find the ldap server!
return code = -1

So it seems samba doesn't bind to lo and therefore is not avaialable on 
127.0.0.0/8, also the FQDN does not show up on the DC list.

I tried to add "interfaces = lo eth0" to the config, which shows me that 
the lo is added (both as IPv4 and IPv6) inthe debugging log, but no 
further change.

Another strange thing, which might be related: "host upstream.domain" 
resolves the machine nicely, but "host upstream.domain 127.0.0.1" does 
not. I use "dns forwarder = 172.16.6.11" in smb.conf. "host 
upstream.domain 172.16.6.11" works nicely.

Still quite confused,
  - lars.

> Hello Lars,
>
> Am 26.02.2014 09:16, schrieb Lars Hanke:
>> root at nfs4:~# net ads info
>> ads_connect: No logon servers
>> ads_connect: No logon servers
>> Didn't find the ldap server!
>> root at nfs4:~# host -t SRV _ldap._tcp.mgr
>> _ldap._tcp.mgr has SRV record 0 100 389 nfs4.mgr.
>> root at nfs4:~# smbclient //nfs4/netlogon -UAdministrator -c 'ls'
>> Enter Administrator password:
>> Domain=[AD] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
>>    .                                   D        O  Thu Feb 20 15:13:27
>> 2014
>>    ..                                  D        O  Thu Feb 20 15:13:41
>> 2014
>> root at nfs4:~#
>
> Are all ports opened, that should be for a DC?
> https://wiki.samba.org/index.php/Samba_port_usage#Port_usage_when_Samba_runs_as_DC
>
>
> Make sure, that no firewall, SElinux, etc. prevents accessing.
>
>
>
>
>  > Is there any systematic approach to troubleshoot
>  > such an installation?
>
> Increase the log level in smb.conf or add "-d" to your command. This is
> the output on my test environment on debug level 3:
>
> # net ads info -d 3
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> params.c:pm_process() - Processing configuration file
> "/etc/samba//smb.conf"
> Processing section "[global]"
> added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
> added interface eth0 ip=10.99.0.1 bcast=10.99.0.255 netmask=255.255.255.0
> Registered MSG_REQ_POOL_USAGE
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> Successfully contacted LDAP server 10.99.0.1
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> Successfully contacted LDAP server 10.99.0.1
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> Successfully contacted LDAP server 10.99.0.1
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> Successfully contacted LDAP server 10.99.0.1
> Connected to LDAP server dc1.samdom.example.com
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> Successfully contacted LDAP server 10.99.0.1
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> get_dc_list: preferred server list: "dc1.samdom.example.com, *"
> Successfully contacted LDAP server 10.99.0.1
> Connected to LDAP server dc1.samdom.example.com
> LDAP server: 10.99.0.1
> LDAP server name: dc1.samdom.example.com
> Realm: SAMDOM.EXAMPLE.COM
> Bind Path: dc=SAMDOM,dc=EXAMPLE,dc=COM
> LDAP port: 389
> Server time: Mi, 26 Feb 2014 20:26:49 CET
> KDC server: 10.99.0.1
> Server time offset: 0
> return code = 0
>
>
>
>
> Regards,
> Marc
>

More information about the samba mailing list