[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
Rowland penny
rpenny at samba.org
Sat Apr 2 17:59:37 UTC 2016
On 02/04/16 18:46, Luke Barone wrote:
> OK, this is working with the Windows 7 clients now. Looks like it was
> just a reboot. Now I have an issue with the Windows 10 clients... I'll
> open a new thread about that...
>
> On Sat, Apr 2, 2016 at 10:31 AM, Luke Barone <lukebarone at gmail.com
> <mailto:lukebarone at gmail.com>> wrote:
>
> OK, I'm rebooting the server now. Removed that line first.
>
> SELinux and App Armour are not installed on the servers. Tested
> with the firewall down (iptables), ulimit is not being reached,
> still lots of memory and hard drive space available... Since it's
> the weekend, no one else is in the building except for me.
>
> On Sat, Apr 2, 2016 at 10:20 AM, Rowland penny <rpenny at samba.org
> <mailto:rpenny at samba.org>> wrote:
>
> On 02/04/16 18:06, Luke Barone wrote:
>
> OK, I've tried commenting the line out. Ran
> /etc/init.d/samba reload, but no change. Should I try a
> full server reboot then?
>
> On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny
> <rpenny at samba.org <mailto:rpenny at samba.org>
> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>> wrote:
>
> On 02/04/16 17:37, Luke Barone wrote:
>
> [global]
> server max protocol = SMB2
> # Line above added by lbarone - March 30, 2016
> name resolve order = host wins lmhosts bcast
> write list = @domainadmins
> passwd chat = *new*password* %n\n
> *new*password* %n\n
> *updated*
> admin users =
> machine,add,lbarone, at domainadmins
> smb ports = 139
> lock directory = /var/cache/samba
> preserve case = yes
> passwd program = /usr/bin/passwd %u
> netbios name = jmac
> printing = lprng
> logon script = login.bat
> local master = yes
> workgroup = jmc
> os level = 255
> printcap name = /dev/null
> security = user
> disable spoolss = yes
> log file = /var/log/samba/log.%m
> log level = 2
> load printers = yes
> logon drive = h:
> domain master = yes
> interfaces = eth1
> encrypt passwords = true
> wins support = yes
> server string = jmac
> wide links = no
> path = /var/spool/lpd/samba
> unix password sync = true
> preferred master = yes
> bind interfaces only = yes
> pam password change = yes
> domain logons = yes
> dns proxy = yes
> idmap config * : range = 1000-1999999
> # Above line added by lbarone - March 29, 2016
>
> ################## SHARES ########################
>
> [netlogon]
> path = /usr/local/share/netlogon
> browseable = no
> ##profile acls = yes
> write list = @domainadmins
> inherit permissions = yes
>
> [homes]
> browseable = no
> read only = no
> path = /home/%U/
>
> [Programs]
> path = /usr/local/share/Apps/NetApps
> inherit permissions = yes
> writeable = yes
>
> [Windsor]
> path = /usr/local/share/Windsor
> inherit permissions = yes
> writeable = yes
>
> [Career]
> path = /usr/local/share/Staff/CLA/Career
> inherit permissions = yes
> writeable = yes
> comment = Career Programs
>
> [Office]
> path = /usr/local/share/Office
> writeable = yes
> inherit permissions = yes
>
> [Admin]
> path = /usr/local/share/Admin
> inherit permissions = yes
> writeable = yes
>
> [Student_Share]
> comment = Classwork Share
> path = /usr/local/share/Student
> writeable = yes
> inherit permissions = yes
>
> [Tech_Tips]
> comment = Tech Applications and tips.
> Public to see/read.
> path = /usr/local/share/TECH_TIPS
> writeable = yes
> valid users = @staff
> inherit permissions = yes
>
> [Tech_Apps]
> comment = Tech Applications.
> path = /usr/local/share/Tech_Apps
> writeable = no
> inherit permissions = yes
> valid users = @domainadmins, at admin
> browseable = no
>
> [DropBox]
> comment = Classwork Hand-in
> path = /usr/local/share/Classwork
> writeable = yes
> create mode = 700
> force directory mode = 1777
> inherit owner = yes
>
> [SSS]
> comment = Student Support Services
> path = /usr/local/share/Staff/SSS
> writeable = yes
> inherit permissions = yes
>
> [JMC]
> comment = JMC Global Share
> path = /usr/local/share/Staff/JMC
> writeable = yes
> write list = @staff
> read list = @staff
>
> [DRC]
> comment = DRC
> path = /usr/local/share/Staff/DRC
> writeable = yes
> inherit permissions = yes
>
> [CLA]
> comment = CLA
> path = /usr/local/share/Staff/CLA
> writeable = yes
> inherit permissions = yes
>
> [YAPS]
> path = /usr/local/share/YAPS
> inherit permissions = yes
> writeable = yes
>
>
> [IMAGES]
> comment = System images. Keep out.
> path = /usr/local/share/IMAGES
> valid users = blast,lbarone, at domainadmins
> writeable = yes
> inherit permissions = yes
>
> [Printer_Drivers]
> comment = Printer Drivers for any printers
> in the
> building.
> path = /usr/local/share/Printer_Drivers
> writeable = no
> inherit permissions = yes
>
> I commented when and where I changed the file,
> based on advice
> from various forums when I was trying to figure
> out this
> issue. The upgrade occurred on March 17th, so the
> changes I
> made were after issues were reported to me.
>
> On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny
> <rpenny at samba.org <mailto:rpenny at samba.org>
> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>
> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>
> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>>> wrote:
>
> On 01/04/16 21:20, Luke Barone wrote:
>
> Anyone able to chime in? Suggestions on
> where to go?
>
> On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone
> <lukebarone at gmail.com
> <mailto:lukebarone at gmail.com> <mailto:lukebarone at gmail.com
> <mailto:lukebarone at gmail.com>>
> <mailto:lukebarone at gmail.com
> <mailto:lukebarone at gmail.com> <mailto:lukebarone at gmail.com
> <mailto:lukebarone at gmail.com>>>>
>
> wrote:
>
> Hi all,
>
> I upgraded Samba 3 to 4 when doing a
> Debian Wheezy to
> Jessie upgrade over
> the last couple of weeks. Most things
> worked, but
> now that
> staff are back,
> we're seeing more and more issues.
>
> Computers are logging in using their
> cached
> credentials
> only. The
> computers are not using updated password
> information from
> the server
> anymore. The computers will not
> connect to the
> server via
> it's NetBIOS name
> unless I add the entry under the hosts
> and lmhosts
> file on
> each workstation
> (which is a pain...). My remote
> management won't work
> either for using the
> server credentials, I need to use a
> local username and
> password.
>
> It's running Samba 4.1.17-debian, as a
> Windows NT
> Domain
> Controller, NOT
> Active Directory.
>
> I have also edited the
> /etc/nsswitch.conf file so
> that:
>
> passwd: files winbind
> shadow: files
> group: files winbind
> hosts: files wins
>
> instead of:
> passwd: compat
> group: compat
> shadow: compat
> hosts: files dns
>
>
> ... based on advice around the
> getpwuid error that
> seems
> so famous.
>
> My goal is to get this up and running
> *properly*
> without
> needing to touch
> every computer, and so that user
> changes (i.e.
> password
> changes, new users,
> users getting deleted, etc) take
> effect immediately.
>
> If I need to post other config files,
> please let
> me know
>
>
> OK, lets start with the smb.conf, please post it.
> I take it you haven't modified it after the
> upgrade.
>
> Rowland
>
> -- To unsubscribe from this list go to the
> following
> URL and read the
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
>
> OK, try removing this line:
>
> smb ports = 139
>
> You have turned off port 445
>
>
> Rowland
> -- To unsubscribe from this list go to the
> following URL and read the
> instructions:
> https://lists.samba.org/mailman/options/samba
>
>
>
> Worth trying, the only other thing that I can see that is sort
> of wrong, is this:
>
> path = /var/spool/lpd/samba
>
> It is in [global] and really only belongs in a share.
>
> After that I would start looking at the OS and the computer,
> is Apparmor running and stopping something, is a firewall
> running and blocking ports, is something going wrong with the
> computer, memory, HD etc
>
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
Try removing the 'server max protocol' line, windows 10 needs SMB3 + a
reg hack
Rowland
More information about the samba
mailing list