[Samba] Upgrading Samba 3 to Samba 4 - Domain Controller unreachable
Luke Barone
lukebarone at gmail.com
Sat Apr 2 18:07:16 UTC 2016
@Sonic
# /etc/init.d/samba restart
[ ok ] Restarting nmbd (via systemctl): nmbd.service.
[ ok ] Restarting smbd (via systemctl): smbd.service.
[ ok ] Restarting samba-ad-dc (via systemctl): samba-ad-dc.service.
I may try rebooting as well, after trying @penny's fix. But that's what
I've always been doing. When I use systemctl start nmbd smbd I get no
output.
On Sat, Apr 2, 2016 at 10:59 AM, Rowland penny <rpenny at samba.org> wrote:
> On 02/04/16 18:46, Luke Barone wrote:
>
> OK, this is working with the Windows 7 clients now. Looks like it was just
> a reboot. Now I have an issue with the Windows 10 clients... I'll open a
> new thread about that...
>
> On Sat, Apr 2, 2016 at 10:31 AM, Luke Barone <lukebarone at gmail.com> wrote:
>
>> OK, I'm rebooting the server now. Removed that line first.
>>
>> SELinux and App Armour are not installed on the servers. Tested with the
>> firewall down (iptables), ulimit is not being reached, still lots of memory
>> and hard drive space available... Since it's the weekend, no one else is in
>> the building except for me.
>>
>> On Sat, Apr 2, 2016 at 10:20 AM, Rowland penny < <rpenny at samba.org>
>> rpenny at samba.org> wrote:
>>
>>> On 02/04/16 18:06, Luke Barone wrote:
>>>
>>>> OK, I've tried commenting the line out. Ran /etc/init.d/samba reload,
>>>> but no change. Should I try a full server reboot then?
>>>>
>>>> On Sat, Apr 2, 2016 at 9:51 AM, Rowland penny <rpenny at samba.org
>>>> <mailto:rpenny at samba.org>> wrote:
>>>>
>>>> On 02/04/16 17:37, Luke Barone wrote:
>>>>
>>>> [global]
>>>> server max protocol = SMB2
>>>> # Line above added by lbarone - March 30, 2016
>>>> name resolve order = host wins lmhosts bcast
>>>> write list = @domainadmins
>>>> passwd chat = *new*password* %n\n *new*password* %n\n
>>>> *updated*
>>>> admin users = machine,add,lbarone, at domainadmins
>>>> smb ports = 139
>>>> lock directory = /var/cache/samba
>>>> preserve case = yes
>>>> passwd program = /usr/bin/passwd %u
>>>> netbios name = jmac
>>>> printing = lprng
>>>> logon script = login.bat
>>>> local master = yes
>>>> workgroup = jmc
>>>> os level = 255
>>>> printcap name = /dev/null
>>>> security = user
>>>> disable spoolss = yes
>>>> log file = /var/log/samba/log.%m
>>>> log level = 2
>>>> load printers = yes
>>>> logon drive = h:
>>>> domain master = yes
>>>> interfaces = eth1
>>>> encrypt passwords = true
>>>> wins support = yes
>>>> server string = jmac
>>>> wide links = no
>>>> path = /var/spool/lpd/samba
>>>> unix password sync = true
>>>> preferred master = yes
>>>> bind interfaces only = yes
>>>> pam password change = yes
>>>> domain logons = yes
>>>> dns proxy = yes
>>>> idmap config * : range = 1000-1999999
>>>> # Above line added by lbarone - March 29, 2016
>>>>
>>>> ################## SHARES ########################
>>>>
>>>> [netlogon]
>>>> path = /usr/local/share/netlogon
>>>> browseable = no
>>>> ##profile acls = yes
>>>> write list = @domainadmins
>>>> inherit permissions = yes
>>>>
>>>> [homes]
>>>> browseable = no
>>>> read only = no
>>>> path = /home/%U/
>>>>
>>>> [Programs]
>>>> path = /usr/local/share/Apps/NetApps
>>>> inherit permissions = yes
>>>> writeable = yes
>>>>
>>>> [Windsor]
>>>> path = /usr/local/share/Windsor
>>>> inherit permissions = yes
>>>> writeable = yes
>>>>
>>>> [Career]
>>>> path = /usr/local/share/Staff/CLA/Career
>>>> inherit permissions = yes
>>>> writeable = yes
>>>> comment = Career Programs
>>>>
>>>> [Office]
>>>> path = /usr/local/share/Office
>>>> writeable = yes
>>>> inherit permissions = yes
>>>>
>>>> [Admin]
>>>> path = /usr/local/share/Admin
>>>> inherit permissions = yes
>>>> writeable = yes
>>>>
>>>> [Student_Share]
>>>> comment = Classwork Share
>>>> path = /usr/local/share/Student
>>>> writeable = yes
>>>> inherit permissions = yes
>>>>
>>>> [Tech_Tips]
>>>> comment = Tech Applications and tips. Public to
>>>> see/read.
>>>> path = /usr/local/share/TECH_TIPS
>>>> writeable = yes
>>>> valid users = @staff
>>>> inherit permissions = yes
>>>>
>>>> [Tech_Apps]
>>>> comment = Tech Applications.
>>>> path = /usr/local/share/Tech_Apps
>>>> writeable = no
>>>> inherit permissions = yes
>>>> valid users = @domainadmins, at admin
>>>> browseable = no
>>>>
>>>> [DropBox]
>>>> comment = Classwork Hand-in
>>>> path = /usr/local/share/Classwork
>>>> writeable = yes
>>>> create mode = 700
>>>> force directory mode = 1777
>>>> inherit owner = yes
>>>>
>>>> [SSS]
>>>> comment = Student Support Services
>>>> path = /usr/local/share/Staff/SSS
>>>> writeable = yes
>>>> inherit permissions = yes
>>>>
>>>> [JMC]
>>>> comment = JMC Global Share
>>>> path = /usr/local/share/Staff/JMC
>>>> writeable = yes
>>>> write list = @staff
>>>> read list = @staff
>>>>
>>>> [DRC]
>>>> comment = DRC
>>>> path = /usr/local/share/Staff/DRC
>>>> writeable = yes
>>>> inherit permissions = yes
>>>>
>>>> [CLA]
>>>> comment = CLA
>>>> path = /usr/local/share/Staff/CLA
>>>> writeable = yes
>>>> inherit permissions = yes
>>>>
>>>> [YAPS]
>>>> path = /usr/local/share/YAPS
>>>> inherit permissions = yes
>>>> writeable = yes
>>>>
>>>>
>>>> [IMAGES]
>>>> comment = System images. Keep out.
>>>> path = /usr/local/share/IMAGES
>>>> valid users = blast,lbarone, at domainadmins
>>>> writeable = yes
>>>> inherit permissions = yes
>>>>
>>>> [Printer_Drivers]
>>>> comment = Printer Drivers for any printers in the
>>>> building.
>>>> path = /usr/local/share/Printer_Drivers
>>>> writeable = no
>>>> inherit permissions = yes
>>>>
>>>> I commented when and where I changed the file, based on advice
>>>> from various forums when I was trying to figure out this
>>>> issue. The upgrade occurred on March 17th, so the changes I
>>>> made were after issues were reported to me.
>>>>
>>>> On Fri, Apr 1, 2016 at 1:53 PM, Rowland penny
>>>> <rpenny at samba.org <mailto:rpenny at samba.org>
>>>> <mailto:rpenny at samba.org <mailto:rpenny at samba.org>>> wrote:
>>>>
>>>> On 01/04/16 21:20, Luke Barone wrote:
>>>>
>>>> Anyone able to chime in? Suggestions on where to go?
>>>>
>>>> On Thu, Mar 31, 2016 at 11:21 AM, Luke Barone
>>>> <lukebarone at gmail.com <mailto:lukebarone at gmail.com>
>>>> <mailto:lukebarone at gmail.com <mailto:lukebarone at gmail.com>>>
>>>>
>>>> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> I upgraded Samba 3 to 4 when doing a Debian Wheezy
>>>> to
>>>> Jessie upgrade over
>>>> the last couple of weeks. Most things worked, but
>>>> now that
>>>> staff are back,
>>>> we're seeing more and more issues.
>>>>
>>>> Computers are logging in using their cached
>>>> credentials
>>>> only. The
>>>> computers are not using updated password
>>>> information from
>>>> the server
>>>> anymore. The computers will not connect to the
>>>> server via
>>>> it's NetBIOS name
>>>> unless I add the entry under the hosts and lmhosts
>>>> file on
>>>> each workstation
>>>> (which is a pain...). My remote management won't
>>>> work
>>>> either for using the
>>>> server credentials, I need to use a local username
>>>> and
>>>> password.
>>>>
>>>> It's running Samba 4.1.17-debian, as a Windows NT
>>>> Domain
>>>> Controller, NOT
>>>> Active Directory.
>>>>
>>>> I have also edited the /etc/nsswitch.conf file so
>>>> that:
>>>>
>>>> passwd: files winbind
>>>> shadow: files
>>>> group: files winbind
>>>> hosts: files wins
>>>>
>>>> instead of:
>>>> passwd: compat
>>>> group: compat
>>>> shadow: compat
>>>> hosts: files dns
>>>>
>>>>
>>>> ... based on advice around the getpwuid error that
>>>> seems
>>>> so famous.
>>>>
>>>> My goal is to get this up and running *properly*
>>>> without
>>>> needing to touch
>>>> every computer, and so that user changes (i.e.
>>>> password
>>>> changes, new users,
>>>> users getting deleted, etc) take effect immediately.
>>>>
>>>> If I need to post other config files, please let
>>>> me know
>>>>
>>>>
>>>> OK, lets start with the smb.conf, please post it.
>>>> I take it you haven't modified it after the upgrade.
>>>>
>>>> Rowland
>>>>
>>>> -- To unsubscribe from this list go to the following
>>>> URL and read the
>>>> instructions:
>>>> <https://lists.samba.org/mailman/options/samba>
>>>> https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>>
>>>> OK, try removing this line:
>>>>
>>>> smb ports = 139
>>>>
>>>> You have turned off port 445
>>>>
>>>>
>>>> Rowland
>>>> -- To unsubscribe from this list go to the following URL and
>>>> read the
>>>> instructions: https://lists.samba.org/mailman/options/samba
>>>>
>>>>
>>>>
>>> Worth trying, the only other thing that I can see that is sort of wrong,
>>> is this:
>>>
>>> path = /var/spool/lpd/samba
>>>
>>> It is in [global] and really only belongs in a share.
>>>
>>> After that I would start looking at the OS and the computer, is Apparmor
>>> running and stopping something, is a firewall running and blocking ports,
>>> is something going wrong with the computer, memory, HD etc
>>>
>>>
>>> Rowland
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions: https://lists.samba.org/mailman/options/samba
>>>
>>
>>
>
> Try removing the 'server max protocol' line, windows 10 needs SMB3 + a reg
> hack
>
> Rowland
>
>
More information about the samba
mailing list