[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
Luke Barone
lukebarone at gmail.com
Sat Apr 2 17:46:47 UTC 2016
OK, this is working with the Windows 7 clients now. Looks like it was just
a reboot. Now I have an issue with the Windows 10 clients... I'll open a
new thread about that...
On Sat, Apr 2, 2016 at 10:31 AM, Luke Barone <lukebarone at gmail.com> wrote:
> OK, I'm rebooting the server now. Removed that line first.
>
> SELinux and App Armour are not installed on the servers. Tested with the
> firewall down (iptables), ulimit is not being reached, still lots of memory
> and hard drive space available... Since it's the weekend, no one else is in
> the building except for me.
>
> On Sat, Apr 2, 2016 at 10:20 AM, Rowland penny <rpenny at samba.org> wrote:
>
>> On 02/04/16 18:06, Luke Barone wrote:
>>
>>> OK, I've tried commenting the line out. Ran /etc/init.d/samba reload,
>>> but no change. Should I try a full server reboot then?
>>>
>>> On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny <rpenny at samba.org <mailto:
>>> rpenny at samba.org>> wrote:
>>>
>>> On 02/04/16 17:37, Luke Barone wrote:
>>>
>>> [global]
>>> server max protocol = SMB2
>>> # Line above added by lbarone - March 30, 2016
>>> name resolve order = host wins lmhosts bcast
>>> write list = @domainadmins
>>> passwd chat = *new*password* %n\n *new*password* %n\n
>>> *updated*
>>> admin users = machine,add,lbarone, at domainadmins
>>> smb ports = 139
>>> lock directory = /var/cache/samba
>>> preserve case = yes
>>> passwd program = /usr/bin/passwd %u
>>> netbios name = jmac
>>> printing = lprng
>>> logon script = login.bat
>>> local master = yes
>>> workgroup = jmc
>>> os level = 255
>>> printcap name = /dev/null
>>> security = user
>>> disable spoolss = yes
>>> log file = /var/log/samba/log.%m
>>> log level = 2
>>> load printers = yes
>>> logon drive = h:
>>> domain master = yes
>>> interfaces = eth1
>>> encrypt passwords = true
>>> wins support = yes
>>> server string = jmac
>>> wide links = no
>>> path = /var/spool/lpd/samba
>>> unix password sync = true
>>> preferred master = yes
>>> bind interfaces only = yes
>>> pam password change = yes
>>> domain logons = yes
>>> dns proxy = yes
>>> idmap config * : range = 1000-1999999
>>> # Above line added by lbarone - March 29, 2016
>>>
>>> ################## SHARES ########################
>>>
>>> [netlogon]
>>> path = /usr/local/share/netlogon
>>> browseable = no
>>> ##profile acls = yes
>>> write list = @domainadmins
>>> inherit permissions = yes
>>>
>>> [homes]
>>> browseable = no
>>> read only = no
>>> path = /home/%U/
>>>
>>> [Programs]
>>> path = /usr/local/share/Apps/NetApps
>>> inherit permissions = yes
>>> writeable = yes
>>>
>>> [Windsor]
>>> path = /usr/local/share/Windsor
>>> inherit permissions = yes
>>> writeable = yes
>>>
>>> [Career]
>>> path = /usr/local/share/Staff/CLA/Career
>>> inherit permissions = yes
>>> writeable = yes
>>> comment = Career Programs
>>>
>>> [Office]
>>> path = /usr/local/share/Office
>>> writeable = yes
>>> inherit permissions = yes
>>>
>>> [Admin]
>>> path = /usr/local/share/Admin
>>> inherit permissions = yes
>>> writeable = yes
>>>
>>> [Student_Share]
>>> comment = Classwork Share
>>> path = /usr/local/share/Student
>>> writeable = yes
>>> inherit permissions = yes
>>>
>>> [Tech_Tips]
>>> comment = Tech Applications and tips. Public to see/read.
>>> path = /usr/local/share/TECH_TIPS
>>> writeable = yes
>>> valid users = @staff
>>> inherit permissions = yes
>>>
>>> [Tech_Apps]
>>> comment = Tech Applications.
>>> path = /usr/local/share/Tech_Apps
>>> writeable = no
>>> inherit permissions = yes
>>> valid users = @domainadmins, at admin
>>> browseable = no
>>>
>>> [DropBox]
>>> comment = Classwork Hand-in
>>> path = /usr/local/share/Classwork
>>> writeable = yes
>>> create mode = 700
>>> force directory mode = 1777
>>> inherit owner = yes
>>>
>>> [SSS]
>>> comment = Student Support Services
>>> path = /usr/local/share/Staff/SSS
>>> writeable = yes
>>> inherit permissions = yes
>>>
>>> [JMC]
>>> comment = JMC Global Share
>>> path = /usr/local/share/Staff/JMC
>>> writeable = yes
>>> write list = @staff
>>> read list = @staff
>>>
>>> [DRC]
>>> comment = DRC
>>> path = /usr/local/share/Staff/DRC
>>> writeable = yes
>>> inherit permissions = yes
>>>
>>> [CLA]
>>> comment = CLA
>>> path = /usr/local/share/Staff/CLA
>>> writeable = yes
>>> inherit permissions = yes
>>>
>>> [YAPS]
>>> path = /usr/local/share/YAPS
>>> inherit permissions = yes
>>> writeable = yes
>>>
>>>
>>> [IMAGES]
>>> comment = System images. Keep out.
>>> path = /usr/local/share/IMAGES
>>> valid users = blast,lbarone, at domainadmins
>>> writeable = yes
>>> inherit permissions = yes
>>>
>>> [Printer_Drivers]
>>> comment = Printer Drivers for any printers in the
>>> building.
>>> path = /usr/local/share/Printer_Drivers
>>> writeable = no
>>> inherit permissions = yes
>>>
>>> I commented when and where I changed the file, based on advice
>>> from various forums when I was trying to figure out this
>>> issue. The upgrade occurred on March 17th, so the changes I
>>> made were after issues were reported to me.
>>>
>>> On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny
>>> <rpenny at samba.org <mailto:rpenny at samba.org>
>>> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>> wrote:
>>>
>>> On 01/04/16 21:20, Luke Barone wrote:
>>>
>>> Anyone able to chime in? Suggestions on where to go?
>>>
>>> On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone
>>> <lukebarone at gmail.com <mailto:lukebarone at gmail.com>
>>> <mailto:lukebarone at gmail.com <mailto:lukebarone at gmail.com>>>
>>>
>>> wrote:
>>>
>>> Hi all,
>>>
>>> I upgraded Samba 3 to 4 when doing a Debian Wheezy to
>>> Jessie upgrade over
>>> the last couple of weeks. Most things worked, but
>>> now that
>>> staff are back,
>>> we're seeing more and more issues.
>>>
>>> Computers are logging in using their cached
>>> credentials
>>> only. The
>>> computers are not using updated password
>>> information from
>>> the server
>>> anymore. The computers will not connect to the
>>> server via
>>> it's NetBIOS name
>>> unless I add the entry under the hosts and lmhosts
>>> file on
>>> each workstation
>>> (which is a pain...). My remote management won't work
>>> either for using the
>>> server credentials, I need to use a local username
>>> and
>>> password.
>>>
>>> It's running Samba 4.1.17-debian, as a Windows NT
>>> Domain
>>> Controller, NOT
>>> Active Directory.
>>>
>>> I have also edited the /etc/nsswitch.conf file so
>>> that:
>>>
>>> passwd: files winbind
>>> shadow: files
>>> group: files winbind
>>> hosts: files wins
>>>
>>> instead of:
>>> passwd: compat
>>> group: compat
>>> shadow: compat
>>> hosts: files dns
>>>
>>>
>>> ... based on advice around the getpwuid error that
>>> seems
>>> so famous.
>>>
>>> My goal is to get this up and running *properly*
>>> without
>>> needing to touch
>>> every computer, and so that user changes (i.e.
>>> password
>>> changes, new users,
>>> users getting deleted, etc) take effect immediately.
>>>
>>> If I need to post other config files, please let
>>> me know
>>>
>>>
>>> OK, lets start with the smb.conf, please post it.
>>> I take it you haven't modified it after the upgrade.
>>>
>>> Rowland
>>>
>>> -- To unsubscribe from this list go to the following
>>> URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>>> OK, try removing this line:
>>>
>>> smb ports = 139
>>>
>>> You have turned off port 445
>>>
>>>
>>> Rowland
>>> -- To unsubscribe from this list go to the following URL and
>>> read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>>
>>>
>> Worth trying, the only other thing that I can see that is sort of wrong,
>> is this:
>>
>> path = /var/spool/lpd/samba
>>
>> It is in [global] and really only belongs in a share.
>>
>> After that I would start looking at the OS and the computer, is Apparmor
>> running and stopping something, is a firewall running and blocking ports,
>> is something going wrong with the computer, memory, HD etc
>>
>>
>> Rowland
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
>
More information about the samba
mailing list