[Samba] authentication problems sernet-samba

Lulzim KELMENI lkelmeni at mairie-saint-ouen.fr
Fri Oct 2 13:34:52 UTC 2015 

 

No, it is in production, i just change the real domain name by
DCTEST for confidentiality. 

*Avahi is not installed in our server
(print server is in an other server) 

*resolv.conf is good. 

* I read
the documentation here
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
[1] , and i can't find where it is said to modify the nsswitch.conf in
a server which is ONLY domain controller. We have modified it in an
other ubuntu server (the domain member) as descibed here
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server [2]


*We have not iTunes installed in our PC. 

When this problem occurs,
no computer can authenticate in the domain (we have actually 170 PC in
the domain and it will soon grow to 700). The only solution is to
restart samba. I can NOT reproduce the problem : i have to wait until it
occurs. This authetication problem happend 7 times from 04/06/2015 until
now. 

Cordialement,

KELMENI Lulzim
Direction des Systèmes
d'Information
Service Systèmes, Réseaux, Bases de données
Mairie de
Saint-Ouen

Le 02/10/2015 10:43, L.P.H. van Belle a écrit : 

> It this
a test environment ? 
> 
> ... dctest.local 
> 
> Dont use .local
reserved name of apples mDNS. 
> 
> Remove avahi from your server. 
>
Recheck nsswitch.conf so it starts like : passwd: compat winbind 
> ( so
if needed change the order ) 
> 
> Recheck you resolv.conf 
> Should be
: 
> Search dominname 
> Nameserver IP_DC1
> 
> And i you have itunes on
your pc, remove it. 
> And try again, this is not a samba problem but a
configuration problem. 
> 
> Greetz, 
> 
> Louis
> 
>>
-----Oorspronkelijk bericht----- Van: samba
[mailto:samba-bounces at lists.samba.org] Namens Lulzim KELMENI Verzonden:
vrijdag 2 oktober 2015 10:36 Aan: samba at lists.samba.orgOnderwerp: Re:
[Samba] authentication problems sernet-samba Hello L.P.H, The "Wait for
Network" policy is already set and applied to all domain computers. By
the way, when we restart samba (service sernet-samba-ad restart) GPO are
applied and users can connect without problem and the strange logs stop
in /var/log/samba/log.samba Cordialement, KELMENI Lulzim Direction des
Systèmes d'Information Service Systèmes, Réseaux, Bases de données
Mairie de Saint-Ouen Le 02/10/2015 09:12, L.P.H. van Belle a écrit : 
>>

>>> Hai, see
>> the commented. 
>> 
>>> And as extra, disable
powersaving on the network
>> card. * When users try to connect to
domain, they have a warning saying that the user session have been opend
using local copy of profile.[L.P.H. v
>> 
>>> idth:100%">[L.P.H. van
Belle] case above, solution also.
>> width:100%">* In event viewer of
client computer,
server.dctest.local/dctest.local at DCTEST.LOCAL">ldap/server.dctest.local/dc



Links:
------
[1]
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
[2]
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server

More information about the samba mailing list