[Samba] Samba4 Domain member only usable with ip

Rowland Penny rowlandpenny241155 at gmail.com
Mon Jul 27 17:10:26 UTC 2015 

On 27/07/15 16:50, zorg wrote:
> Le 27/07/2015 17:02, Rowland Penny a écrit :
>> On 27/07/15 15:51, zorg wrote:
>>> Le 27/07/2015 16:16, Rowland Penny a écrit :
>>>> On 27/07/15 15:13, zorg wrote:
>>>>> HI,
>>>>>
>>>>> I'm using debian jessie
>>>>> I have followed this instruction
>>>>>
>>>>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>>>>
>>>>> Here is :
>>>>>
>>>>> [global]
>>>>>     workgroup = DOM
>>>>>     realm = DOM.LOCAL
>>>>>     server role = member server
>>>>>     security = ADS
>>>>>     map to guest = Bad User
>>>>>     dedicated keytab file = /etc/krb5.keytab
>>>>>     kerberos method = dedicated keytab
>>>>>     syslog = 0
>>>>>     log file = /var/log/samba/log.%m
>>>>>     max log size = 1000
>>>>>     dns proxy = No
>>>>>     panic action = /usr/share/samba/panic-action %d
>>>>>     winbind enum users = Yes
>>>>>     winbind enum groups = Yes
>>>>>     winbind use default domain = Yes
>>>>>     winbind nss info = rfc2307
>>>>>     winbind refresh tickets = Yes
>>>>>     idmap config DOM:range = 10000-99999
>>>>>     idmap config DOM:backend = rid
>>>>>     idmap config *:range = 2000-9999
>>>>>     idmap config * : backend = tdb
>>>>>     create mask = 0664
>>>>>     force create mode = 0664
>>>>>     force directory mode = 0775
>>>>>
>>>>> [homes]
>>>>>     comment = Home Directories
>>>>>     valid users = %S
>>>>>     create mask = 0700
>>>>>     directory mask = 0700
>>>>>     browseable = No
>>>>>
>>>>>
>>>>>
>>>>> Le 27/07/2015 15:47, Rowland Penny a écrit :
>>>>>> On 27/07/15 14:37, zorg wrote:
>>>>>>> Hi,
>>>>>>> Hope someone can help
>>>>>>> I have setup a domain menber samba4 server
>>>>>>
>>>>>> How have you set it up, what howto or instructions did you follow ?
>>>>>> What OS ?
>>>>>> Please post the smb.conf from the member server
>>>>>>
>>>>>>>
>>>>>>> I can access it perfectly using his ip \\192.168.0.3
>>>>>>
>>>>>> How are you trying to access the server ?
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> But if I use his name \\shareserver it ask me for a password 
>>>>>>> like if i was not join
>>>>>>>
>>>>>>> dns are working
>>>>>>
>>>>>> What DNS are you using ?
>>>>>>
>>>>>> Rowland
>>>>>>
>>>>>>>
>>>>>>> Don't really know where to look to find the clue
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>> What about the other two questions ?
>>>>
>>>> How are you trying to access the server ?
>>>> What DNS are you using ?
>>>>
>>>> Rowland
>>>>
>>>>
>>> Look at the log I got this error when using dnsname not wih the ip
>>>
>>> [2015/07/27 16:50:06.225754,  1] 
>>> ../source3/librpc/crypto/gse.c:465(gse_get_server_auth_token)
>>>   gss_accept_sec_context failed with [ Miscellaneous failure (see 
>>> text): Failed to find cifs/smbfs.DOM.local at DOM.LOCAL(kvno 2) in 
>>> keytab MEMORY:cifs_srv_keytab (arcfour-hmac-md5)]
>>>
>>
>> Are you actually using a domain that ends in .local ? if so, try 
>> turning off Avahi on the member server and then try again.
>>
>> Rowland
>>
>>
> yes it end with .local
> I don't have avahi
> samba is running in the lxc container
>
>
>

Honestly don't know much about lxc containers, but isn't it something 
similar to using a VM ? i.e. you run a distro in the container inside 
another OS.
So, if you are running Jessie inside the container, you may be running 
Avahi without knowing it, Jessie starts it as standard.

You should also check that all the required samba/AD ports are open on 
the container and the container can connect to the AD DC by any and all 
means.

Rowland

More information about the samba mailing list