[Samba] Unable to connect to domain after upgrading to Samba 3.6.9
Aaron Johnson
aaron at ajserver.com
Wed May 28 18:47:16 MDT 2014
Thoughts on this anyone?
Thanks,
Aaron
> On May 19, 2014, at 8:34 PM, Aaron Johnson <aaron at ajserver.com> wrote:
>
> Thanks in advance for your help.
>
> We recently upgraded from Centos 5.X samba 3.5 to Centos 6.X samba 3.6.9. Shared drives and data are accessible which indicates that user accounts were also successfully migrated.
>
> However when attempting to connect one of our Windows 7 Pro 64-bit SP1 workstation to our Samba domain controller the connection fails. I did have to add a SRV record for "_ldap._tcp.dc._msdcs.ldoubler.org. 3600 IN SRV 0 100 389 server.ldoubler.org." to DNS following our first error, however now the client appears to be attempting to connect to the LDAP service port 389 on our domain controller, however we are not using an LDAP backend, as such it is causing this error:
>
> DNS was successfully queried for the service location (SRV) resource
> record used to locate a domain controller for domain "ldoubler.org":
>
> The query was for the SRV record for _ldap._tcp.dc._msdcs.ldoubler.org
>
> The following domain controllers were identified by the query:
> server.ldoubler.org
>
>
> However no domain controllers could be contacted.
>
> Common causes of this error include:
>
> - Host (A) or (AAAA) records that map the names of the domain
> controllers to their IP addresses are missing or contain incorrect
> addresses.
>
> - Domain controllers registered in DNS are not connected to the
> network or are not running.
>
> We are using tdbsam, how do we use this backend without ldap?
>
>
> Here is our smb.conf file for reference:
>
> # cat /etc/samba/smb.conf | grep -v '^#'
>
> [global]
> workgroup = LDOUBLER.ORG
> security = user
> netbios aliases = server
> server string = %h server
> passdb backend = tdbsam
> passwd program = /usr/bin/passwd %u
> passwd chat = *New\sUNIX\spassword:* %n\n
> *Retype\snew\sUNIX\spassword:* %n\n
> *passwd*\sall\sauthentication\stokens\supdated\ssuccessfully.* .
> username map = /etc/samba/smbusers
> check password script = /usr/sbin/cracklib-check
> unix password sync = yes
> syslog = 0
> log file = /var/log/samba/log.%m
> log level = 1
> max log size = 10000000
> add user script = /usr/sbin/useradd -m %u
> delete user script = /usr/sbin/usrdel -r %u/
> add group script = /usr/sbin/groupadd %g
> delete group script = /usr/sbin/groupdel %g
> add user to group script = /usr/sbin/groupmod -A %u %g
> delete user from group script = /usr/sbin/groupmod -R %u %g
> add machine script = /usr/sbin/adduser -n -l --home
> /var/lib/nobody --shell /bin/false %u
> logon script = scripts\logon-common.bat
> scripts\logon-%a.bat scripts\logon-%u.bat scripts\logon-%g.bat
> logon path = \\%L\profiles
> logon drive = H:
> logon home = \\%L\%U
> domain logons = Yes
> os level = 35
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> encrypt passwords = yes
> message command = echo %m $(cat %s |tr -d '\000')
> >>/tmp/smbmess; rm %s
> panic action = /usr/share/samba/panic-action %d
> admin users = @admin
> #, root, administrator
> time server = yes
>
>
>
> [homes]
> read only = No
> acl group control = Yes
> create mask = 0600
> force create mode = 0600
> security mask = 0600
> directory mask = 0700
> force directory mode = 0700
> directory security mask = 0700
> hide unreadable = Yes
> veto files = //.*/profile/profile.V2/Maildir/
> browseable = No
>
> [Office]
> comment = Whole Office shared
> path = /srv/samba/officeshared
> valid users = @users
> force group = users
> read only = No
> create mask = 0770
> force create mode = 0770
> directory mask = 2770
> force directory mode = 2770
> veto files =
> wide links = No
>
> [ExecutiveSecure]
> comment = Executive Secure Files
> path = /srv/samba/execsecure
> valid users = @executive
> force group = executive
> read only = No
> create mask = 0660
> force create mode = 0660
> force security mode = 0660
> directory mask = 2770
> force directory mode = 2770
> force directory security mode = 2770
> inherit permissions = Yes
> inherit owner = Yes
> browseable = Yes
>
> [profiles]
> comment = profiles for windows XP logon
> path = /home/%U/profile
> read only = No
> create mask = 0600
> force create mode = 0600
> directory mask = 0700
> force directory mode = 0700
> store dos attributes = Yes
> browseable = No
>
> [profiles.V2]
> comment = profiles for windows 7 logon
> path = /home/%U/profile.V2
> read only = No
> create mask = 0600
> force create mode = 0600
> directory mask = 0700
> force directory mode = 0700
> store dos attributes = Yes
> browseable = No
>
>
> [netlogon]
> comment = NetLogon Share
> path = /srv/samba/samba/netlogon
> guest ok = Yes
> browseable = No
>
>
> [accounting]
> comment = Accounting Files
> path = /srv/samba/accounting
> valid users = @accounting @executive aaron
> force group = accounting
> read only = No
> create mask = 0660
> force create mode = 0660
> directory mask = 2770
> force directory mode = 2770
> browseable = Yes
>
>
> [campwise]
> comment = Campwise Data files
> path = /srv/samba/campwise
> valid users = @campwise @users
> force group = campwise
> read only = No
> create mask = 0660
> force create mode = 0660
> directory mask = 2770
> force directory mode = 2770
> wide links = No
> browseable = Yes
>
> [scanning]
> browseable = Yes
> delete readonly = yes
> wide links = no
> writable = yes
> write list = minolta @scanning
> path = /srv/samba/scanning
> force directory mode = 2070
> force group = scanning
> force create mode = 0060
> comment = New Incoming Scans
> valid users = minolta @scanning
> create mode = 0060
> directory mode = 2070
>
> [sysadmins]
> comment = System Administration Things
> path = /srv/samba/sysadmins
> valid users = @admin
> #valid users checks the UNIX group NOT the Windows group
> force group = admin
> read only = no
> create mask = 0660
> directory mask = 2770
> browsable = no
> [root@ ~]#
>
> Thanks,
> Aaron Johnson
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list