[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable

Luke Barone lukebarone at gmail.com
Sat Apr 2 17:06:42 UTC 2016 

OK, I've tried commenting the line out. Ran /etc/init.d/samba reload, but
no change. Should I try a full server reboot then?

On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny <rpenny at samba.org> wrote:

> On 02/04/16 17:37, Luke Barone wrote:
>
>> [global]
>>         server max protocol = SMB2
>> # Line above added by lbarone - March 30, 2016
>>         name resolve order = host wins lmhosts bcast
>>         write list = @domainadmins
>>         passwd chat = *new*password* %n\n *new*password* %n\n *updated*
>>         admin users = machine,add,lbarone, at domainadmins
>>         smb ports = 139
>>         lock directory = /var/cache/samba
>>         preserve case = yes
>>         passwd program = /usr/bin/passwd %u
>>         netbios name = jmac
>>         printing = lprng
>>         logon script = login.bat
>>         local master = yes
>>         workgroup = jmc
>>         os level = 255
>>         printcap name = /dev/null
>>         security = user
>>         disable spoolss = yes
>>         log file = /var/log/samba/log.%m
>>         log level = 2
>>         load printers = yes
>>         logon drive = h:
>>         domain master = yes
>>         interfaces = eth1
>>         encrypt passwords = true
>>         wins support = yes
>>         server string = jmac
>>         wide links = no
>>         path = /var/spool/lpd/samba
>>         unix password sync = true
>>         preferred master = yes
>>         bind interfaces only = yes
>>         pam password change = yes
>>         domain logons = yes
>>         dns proxy = yes
>> idmap config * : range = 1000-1999999
>> # Above line added by lbarone - March 29, 2016
>>
>> ################## SHARES ########################
>>
>> [netlogon]
>>         path = /usr/local/share/netlogon
>>         browseable = no
>>         ##profile acls = yes
>>         write list = @domainadmins
>>         inherit permissions = yes
>>
>> [homes]
>>         browseable = no
>>         read only = no
>>         path = /home/%U/
>>
>> [Programs]
>>         path = /usr/local/share/Apps/NetApps
>>         inherit permissions = yes
>>         writeable = yes
>>
>> [Windsor]
>>         path = /usr/local/share/Windsor
>>         inherit permissions = yes
>>         writeable = yes
>>
>> [Career]
>>         path = /usr/local/share/Staff/CLA/Career
>>         inherit permissions = yes
>>         writeable = yes
>>         comment = Career Programs
>>
>> [Office]
>>         path = /usr/local/share/Office
>>         writeable = yes
>>         inherit permissions = yes
>>
>> [Admin]
>>         path = /usr/local/share/Admin
>>         inherit permissions = yes
>>         writeable = yes
>>
>> [Student_Share]
>>         comment = Classwork Share
>>         path = /usr/local/share/Student
>>         writeable = yes
>>         inherit permissions = yes
>>
>> [Tech_Tips]
>>         comment = Tech Applications and tips. Public to see/read.
>>         path = /usr/local/share/TECH_TIPS
>>         writeable = yes
>>         valid users = @staff
>>         inherit permissions = yes
>>
>> [Tech_Apps]
>>         comment = Tech Applications.
>>         path = /usr/local/share/Tech_Apps
>>         writeable = no
>>         inherit permissions = yes
>>         valid users = @domainadmins, at admin
>>         browseable = no
>>
>> [DropBox]
>>         comment = Classwork Hand-in
>>         path = /usr/local/share/Classwork
>>         writeable = yes
>>         create mode = 700
>>         force directory mode = 1777
>>         inherit owner = yes
>>
>> [SSS]
>>         comment = Student Support Services
>>         path = /usr/local/share/Staff/SSS
>>         writeable = yes
>>         inherit permissions = yes
>>
>> [JMC]
>>         comment = JMC Global Share
>>         path = /usr/local/share/Staff/JMC
>>         writeable = yes
>>         write list = @staff
>>         read list = @staff
>>
>> [DRC]
>>         comment = DRC
>>         path = /usr/local/share/Staff/DRC
>>         writeable = yes
>>         inherit permissions = yes
>>
>> [CLA]
>>         comment = CLA
>>         path = /usr/local/share/Staff/CLA
>>         writeable = yes
>>         inherit permissions = yes
>>
>> [YAPS]
>>         path = /usr/local/share/YAPS
>>         inherit permissions = yes
>>         writeable = yes
>>
>>
>> [IMAGES]
>>         comment = System images. Keep out.
>>         path = /usr/local/share/IMAGES
>>         valid users = blast,lbarone, at domainadmins
>>         writeable = yes
>>         inherit permissions = yes
>>
>> [Printer_Drivers]
>>         comment = Printer Drivers for any printers in the building.
>>         path = /usr/local/share/Printer_Drivers
>>         writeable = no
>>         inherit permissions = yes
>>
>> I commented when and where I changed the file, based on advice from
>> various forums when I was trying to figure out this issue. The upgrade
>> occurred on March 17th, so the changes I made were after issues were
>> reported to me.
>>
>> On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny <rpenny at samba.org <mailto:
>> rpenny at samba.org>> wrote:
>>
>>     On 01/04/16 21:20, Luke Barone wrote:
>>
>>         Anyone able to chime in? Suggestions on where to go?
>>
>>         On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone
>>         <lukebarone at gmail.com <mailto:lukebarone at gmail.com>> wrote:
>>
>>             Hi all,
>>
>>             I upgraded Samba 3 to 4 when doing a Debian Wheezy to
>>             Jessie upgrade over
>>             the last couple of weeks. Most things worked, but now that
>>             staff are back,
>>             we're seeing more and more issues.
>>
>>             Computers are logging in using their cached credentials
>>             only. The
>>             computers are not using updated password information from
>>             the server
>>             anymore. The computers will not connect to the server via
>>             it's NetBIOS name
>>             unless I add the entry under the hosts and lmhosts file on
>>             each workstation
>>             (which is a pain...). My remote management won't work
>>             either for using the
>>             server credentials, I need to use a local username and
>>             password.
>>
>>             It's running Samba 4.1.17-debian, as a Windows NT Domain
>>             Controller, NOT
>>             Active Directory.
>>
>>             I have also edited the /etc/nsswitch.conf file so that:
>>
>>             passwd:       files winbind
>>             shadow:       files
>>             group:        files winbind
>>             hosts:          files wins
>>
>>             instead of:
>>             passwd:         compat
>>             group:          compat
>>             shadow:         compat
>>             hosts:         files dns
>>
>>
>>             ... based on advice around the getpwuid error that seems
>>             so famous.
>>
>>             My goal is to get this up and running *properly* without
>>             needing to touch
>>             every computer, and so that user changes (i.e. password
>>             changes, new users,
>>             users getting deleted, etc) take effect immediately.
>>
>>             If I need to post other config files, please let me know
>>
>>
>>     OK, lets start with the smb.conf, please post it.
>>     I take it you haven't modified it after the upgrade.
>>
>>     Rowland
>>
>>     --     To unsubscribe from this list go to the following URL and read
>> the
>>     instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> OK, try removing this line:
>
>         smb ports = 139
>
> You have turned off port 445
>
>
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list