[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
Luke Barone
lukebarone at gmail.com
Sat Apr 2 17:31:44 UTC 2016
OK, I'm rebooting the server now. Removed that line first.
SELinux and App Armour are not installed on the servers. Tested with the
firewall down (iptables), ulimit is not being reached, still lots of memory
and hard drive space available... Since it's the weekend, no one else is in
the building except for me.
On Sat, Apr 2, 2016 at 10:20 AM, Rowland penny <rpenny at samba.org> wrote:
> On 02/04/16 18:06, Luke Barone wrote:
>
>> OK, I've tried commenting the line out. Ran /etc/init.d/samba reload, but
>> no change. Should I try a full server reboot then?
>>
>> On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny <rpenny at samba.org <mailto:
>> rpenny at samba.org>> wrote:
>>
>> On 02/04/16 17:37, Luke Barone wrote:
>>
>> [global]
>> server max protocol = SMB2
>> # Line above added by lbarone - March 30, 2016
>> name resolve order = host wins lmhosts bcast
>> write list = @domainadmins
>> passwd chat = *new*password* %n\n *new*password* %n\n
>> *updated*
>> admin users = machine,add,lbarone, at domainadmins
>> smb ports = 139
>> lock directory = /var/cache/samba
>> preserve case = yes
>> passwd program = /usr/bin/passwd %u
>> netbios name = jmac
>> printing = lprng
>> logon script = login.bat
>> local master = yes
>> workgroup = jmc
>> os level = 255
>> printcap name = /dev/null
>> security = user
>> disable spoolss = yes
>> log file = /var/log/samba/log.%m
>> log level = 2
>> load printers = yes
>> logon drive = h:
>> domain master = yes
>> interfaces = eth1
>> encrypt passwords = true
>> wins support = yes
>> server string = jmac
>> wide links = no
>> path = /var/spool/lpd/samba
>> unix password sync = true
>> preferred master = yes
>> bind interfaces only = yes
>> pam password change = yes
>> domain logons = yes
>> dns proxy = yes
>> idmap config * : range = 1000-1999999
>> # Above line added by lbarone - March 29, 2016
>>
>> ################## SHARES ########################
>>
>> [netlogon]
>> path = /usr/local/share/netlogon
>> browseable = no
>> ##profile acls = yes
>> write list = @domainadmins
>> inherit permissions = yes
>>
>> [homes]
>> browseable = no
>> read only = no
>> path = /home/%U/
>>
>> [Programs]
>> path = /usr/local/share/Apps/NetApps
>> inherit permissions = yes
>> writeable = yes
>>
>> [Windsor]
>> path = /usr/local/share/Windsor
>> inherit permissions = yes
>> writeable = yes
>>
>> [Career]
>> path = /usr/local/share/Staff/CLA/Career
>> inherit permissions = yes
>> writeable = yes
>> comment = Career Programs
>>
>> [Office]
>> path = /usr/local/share/Office
>> writeable = yes
>> inherit permissions = yes
>>
>> [Admin]
>> path = /usr/local/share/Admin
>> inherit permissions = yes
>> writeable = yes
>>
>> [Student_Share]
>> comment = Classwork Share
>> path = /usr/local/share/Student
>> writeable = yes
>> inherit permissions = yes
>>
>> [Tech_Tips]
>> comment = Tech Applications and tips. Public to see/read.
>> path = /usr/local/share/TECH_TIPS
>> writeable = yes
>> valid users = @staff
>> inherit permissions = yes
>>
>> [Tech_Apps]
>> comment = Tech Applications.
>> path = /usr/local/share/Tech_Apps
>> writeable = no
>> inherit permissions = yes
>> valid users = @domainadmins, at admin
>> browseable = no
>>
>> [DropBox]
>> comment = Classwork Hand-in
>> path = /usr/local/share/Classwork
>> writeable = yes
>> create mode = 700
>> force directory mode = 1777
>> inherit owner = yes
>>
>> [SSS]
>> comment = Student Support Services
>> path = /usr/local/share/Staff/SSS
>> writeable = yes
>> inherit permissions = yes
>>
>> [JMC]
>> comment = JMC Global Share
>> path = /usr/local/share/Staff/JMC
>> writeable = yes
>> write list = @staff
>> read list = @staff
>>
>> [DRC]
>> comment = DRC
>> path = /usr/local/share/Staff/DRC
>> writeable = yes
>> inherit permissions = yes
>>
>> [CLA]
>> comment = CLA
>> path = /usr/local/share/Staff/CLA
>> writeable = yes
>> inherit permissions = yes
>>
>> [YAPS]
>> path = /usr/local/share/YAPS
>> inherit permissions = yes
>> writeable = yes
>>
>>
>> [IMAGES]
>> comment = System images. Keep out.
>> path = /usr/local/share/IMAGES
>> valid users = blast,lbarone, at domainadmins
>> writeable = yes
>> inherit permissions = yes
>>
>> [Printer_Drivers]
>> comment = Printer Drivers for any printers in the
>> building.
>> path = /usr/local/share/Printer_Drivers
>> writeable = no
>> inherit permissions = yes
>>
>> I commented when and where I changed the file, based on advice
>> from various forums when I was trying to figure out this
>> issue. The upgrade occurred on March 17th, so the changes I
>> made were after issues were reported to me.
>>
>> On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny
>> <rpenny at samba.org <mailto:rpenny at samba.org>
>> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>> wrote:
>>
>> On 01/04/16 21:20, Luke Barone wrote:
>>
>> Anyone able to chime in? Suggestions on where to go?
>>
>> On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone
>> <lukebarone at gmail.com <mailto:lukebarone at gmail.com>
>> <mailto:lukebarone at gmail.com <mailto:lukebarone at gmail.com>>>
>>
>> wrote:
>>
>> Hi all,
>>
>> I upgraded Samba 3 to 4 when doing a Debian Wheezy to
>> Jessie upgrade over
>> the last couple of weeks. Most things worked, but
>> now that
>> staff are back,
>> we're seeing more and more issues.
>>
>> Computers are logging in using their cached
>> credentials
>> only. The
>> computers are not using updated password
>> information from
>> the server
>> anymore. The computers will not connect to the
>> server via
>> it's NetBIOS name
>> unless I add the entry under the hosts and lmhosts
>> file on
>> each workstation
>> (which is a pain...). My remote management won't work
>> either for using the
>> server credentials, I need to use a local username and
>> password.
>>
>> It's running Samba 4.1.17-debian, as a Windows NT
>> Domain
>> Controller, NOT
>> Active Directory.
>>
>> I have also edited the /etc/nsswitch.conf file so
>> that:
>>
>> passwd: files winbind
>> shadow: files
>> group: files winbind
>> hosts: files wins
>>
>> instead of:
>> passwd: compat
>> group: compat
>> shadow: compat
>> hosts: files dns
>>
>>
>> ... based on advice around the getpwuid error that
>> seems
>> so famous.
>>
>> My goal is to get this up and running *properly*
>> without
>> needing to touch
>> every computer, and so that user changes (i.e.
>> password
>> changes, new users,
>> users getting deleted, etc) take effect immediately.
>>
>> If I need to post other config files, please let
>> me know
>>
>>
>> OK, lets start with the smb.conf, please post it.
>> I take it you haven't modified it after the upgrade.
>>
>> Rowland
>>
>> -- To unsubscribe from this list go to the following
>> URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
>> OK, try removing this line:
>>
>> smb ports = 139
>>
>> You have turned off port 445
>>
>>
>> Rowland
>> -- To unsubscribe from this list go to the following URL and read
>> the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>>
> Worth trying, the only other thing that I can see that is sort of wrong,
> is this:
>
> path = /var/spool/lpd/samba
>
> It is in [global] and really only belongs in a share.
>
> After that I would start looking at the OS and the computer, is Apparmor
> running and stopping something, is a firewall running and blocking ports,
> is something going wrong with the computer, memory, HD etc
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list