[Samba] authentication problems sernet-samba
Lulzim KELMENI
lkelmeni at mairie-saint-ouen.fr
Fri Oct 2 15:00:19 UTC 2015
Hello Rowland,
I think avahi-daemon is not installed as standard
in ubuntu 14.04.3 LTS
Here is in our server :
ROOT at SERVER:~# DPKG -L
|GREP AVAHI
II LIBAVAHI-CLIENT3:AMD64
0.6.31-4UBUNTU1 AMD64 AVAHI CLIENT LIBRARY
II
LIBAVAHI-COMMON-DATA:AMD64 0.6.31-4UBUNTU1
AMD64 AVAHI COMMON DATA FILES
II
LIBAVAHI-COMMON3:AMD64 0.6.31-4UBUNTU1
AMD64 AVAHI COMMON LIBRARY
root at server:~# ps aux |grep -i
avah
root 9696 0.0 0.0 11740 948 pts/0 R+ 16:40 0:00 grep --color=auto
-i avah
avahi-deamon have been installed as a dependancy of cups in our
print server (which is not the same as domain controller). But we
removed it because of strange behaviour.
> Have you looked in the
event logs of a PC when it cannot authenticate?
Yes, we can see this id
event in multiple clients :
1)id event 40960 : System have detected
authentication problem for server
ldap/server.dctest.local/dctest.local at DCTEST.LOCAL Kerberos "No
authority could be contacted for authentication. (0x80090311)"
this
event occurs many times
2) id event 1129 related to GPO that are not
applied ; as a consequances of authentication problem
As soon as i
restart samba, computers and users cans authenticates against the
domain.
cheers,
KELMENI Lulzim
Direction des Systèmes
d'Information
Service Systèmes, Réseaux, Bases de données
Mairie de
Saint-Ouen
Le 02/10/2015 16:06, Rowland Penny a écrit :
> On 02/10/15
14:34, Lulzim KELMENI wrote:
>
>> No, it is in production, i just
change the real domain name by DCTEST for confidentiality. *Avahi is not
installed in our server (print server is in an other server)
>
> You
sure about that ?
> Did you remove it after installation of the OS,
because it is installed
> as standard.
>
>> *resolv.conf is good. * I
read the documentation here
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
[1] [1] , and i can't find where it is said to modify the nsswitch.conf
in a server which is ONLY domain controller. We have modified it in an
other ubuntu server (the domain member) as descibed here
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server [2] [2]
*We have not iTunes installed in our PC. When this problem occurs, no
computer can authenticate in the domain (we have actually 170 PC in the
domain and it will soon grow to 700). The only solution is to restart
samba. I can NOT reproduce the problem : i have to wait until it occurs.
This authetication problem happend 7 times from 04/06/2015 until now.
>
> Then it is probably not a Samba problem, can you change the log level
to
> 10 and then see if something pops up.
> I take it that you just
use the DC for authentication and no files are
> served from it (as an
aside, you really should have at least two DCs,
> especially if you are
planning to grow the domain), if this is the case,
> you do not need
the nsswitch changes.
> Have you looked in the event logs of a PC when
it cannot authenticate?
>
> Rowland
Links:
------
[1]
https://wiki.samba.org/index.php/Setup_a_Samba_Active_Directory_Domain_Controller
[2]
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
More information about the samba
mailing list