[Samba] Samba AD DC not Available
VIKAS
c.vikas at altechtechnologies.com
Mon Jul 28 09:24:35 MDT 2014
Hi All,
I have been using Samba 4.15 on CentOS 6.3 64 bit for last 3 months with no
issues but suddenly there i am facing below issues.
1. Windows 7 Pro/Ultimate cannot join the domain, but can telnet all the
port.
2. Shared resources on Server 2003 which is added to domain is available
some time and some time not. For isolating the issue I have temporary
removed the server from Domain the error i get when i try to access shared
resources from run is
http://3.bp.blogspot.com/-z_PiUex9rI8/Tvll0M4Q0FI/AAAAAAAAAHQ/zxpHzca90bs/s1600/error.jpg.
and now I am not facing any issue as of now
Below is the wireshark log when i am attempting to join the domain.
$ tshark host 192.168.1.253
Running as user "root" and group "root". This could be dangerous.
Capturing on eth0
0.000000 192.168.1.253 -> 192.168.10.16 DNS 89 Standard query 0xb88b SRV
_ldap._tcp.dc._msdcs.ik.local
0.000176 192.168.10.16 -> 192.168.1.253 DNS 112 Standard query response
0xb88b SRV 0 100 389 dc.ik.local
0.003773 192.168.1.253 -> 192.168.10.16 DNS 71 Standard query 0xd961 A
dc.ik.local
0.003930 192.168.10.16 -> 192.168.1.253 DNS 87 Standard query response
0xd961 A 192.168.10.16
0.008004 192.168.1.253 -> 192.168.10.16 CLDAP 161 searchRequest(1)
"<ROOT>" baseObject
0.009669 192.168.10.16 -> 192.168.1.253 CLDAP 168 searchResEntry(1)
"<ROOT>" searchResDone(1) success
7.488021 192.168.1.253 -> 192.168.10.16 CLDAP 161 searchRequest(2)
"<ROOT>" baseObject
7.489684 192.168.10.16 -> 192.168.1.253 CLDAP 168 searchResEntry(2)
"<ROOT>" searchResDone(2) success
7.893965 192.168.1.253 -> 192.168.10.16 DNS 89 Standard query 0xfa82 SRV
_ldap._tcp.dc._msdcs.ik.local
7.894136 192.168.10.16 -> 192.168.1.253 DNS 112 Standard query response
0xfa82 SRV 0 100 389 dc.ik.local
$ telnet <domain ip> 53 --> from client
$ tshark host 192.168.1.253 --> at server
91.083022 192.168.1.253 -> 192.168.10.16 TCP 60 49215 > domain [FIN, ACK]
Seq=11 Ack=1 Win=65536 Len=0
91.083178 192.168.10.16 -> 192.168.1.253 TCP 54 domain > 49215 [FIN, ACK]
Seq=1 Ack=12 Win=14720 Len=0
91.085382 192.168.1.253 -> 192.168.10.16 TCP 60 49215 > domain [ACK]
Seq=12 Ack=2 Win=65536 Len=0
$ telnet <domain ip> 445 --> from client
$ tshark host 192.168.1.253 --> at server
106.929307 192.168.1.253 -> 192.168.10.16 TCP 66 49216 > microsoft-ds [SYN]
Seq=0 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM=1
106.929319 192.168.10.16 -> 192.168.1.253 TCP 66 microsoft-ds > 49216 [SYN,
ACK] Seq=0 Ack=1 Win=14600 Len=0 MSS=1460 SACK_PERM=1 WS=128
106.950451 192.168.1.253 -> 192.168.10.16 TCP 60 49216 > microsoft-ds [ACK]
Seq=1 Ack=1 Win=65536 Len=0
116.266820 192.168.1.253 -> 192.168.10.16 NBSS 60 NBSS Continuation Message
Also all other ports can be telnet
If I restart the domain i can join the domain immediately.
I will provide the tshark report of success.
Note: FYI There is a firewall in middle. I am facing this issue for last 1
week. I have increase the log level but do not find any errors. Any help
will appreciated.
Commands Output
$ samba-tool dbcheck
Checking 957 objects
Checked 957 objects (0 errors)
$ samba-tool testparm
Press enter to see a dump of your service definitions
# Global parameters
[global]
workgroup = IK
realm = IK.LOCAL
netbios name = DC
server role = active directory domain controller
log level = 0
syslog = 0
log file = /var/log/samba/log.%m
printcap name = /dev/null
dns forwarder = 192.168.1.1
idmap_ldb:use rfc2307 = yes
[netlogon]
path = /usr/local/samba/var/locks/sysvol/ik.local/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[Profiles]
path = /srv/samba/Profiles/
read only = No
create mask = 0600
directory mask = 0700
profile acls = Yes
store dos attributes = Yes
csc policy = disable
thanks
vikas
More information about the samba
mailing list