[Samba] No logon servers avaialbe
CJ Keist
cj.keist at colostate.edu
Thu Aug 25 21:23:48 UTC 2016
Thank you! Switching to ADS for security fixed it. So is "security =
DOMAIN" being phased out?
On 8/25/16 3:02 PM, Rowland Penny via samba wrote:
> On Thu, 25 Aug 2016 14:34:26 -0600
> CJ Keist via samba <samba at lists.samba.org> wrote:
>
>> We applied latest MS security patches on our Windows 2008 R2 domain
>> controllers. That had unexpected consequence of breaking all our
>> Samba servers. They no longer can authenticate with our domain
>> controllers. Looking into this we think it has to do with the BADLOCK
>> security patch.
>>
>> We tried installing the latest Samba, version 4.4.5 which is supposed
>> to be patched for the BADLOCK, but it is still unable to authenticate
>> with AD. Error on windows is "no logon servers found".
>>
>> So just checking if anyone else has run into this and found a
>> solution?
>>
>> smb.conf:
>>
>> [global]
>> workgroup = ENGR_DOM
>> server string = Web Server
>> security = DOMAIN
>> passdb backend = smbpasswd
>> map untrusted to domain = Yes
>> log level = 1
>> log file = /var/log/samba/logs/log.%m
>> name resolve order = host bcast
>> unix extensions = No
>> keepalive = 0
>> max open files = 10000
>> socket options = TCP_NODELAY SO_KEEPALIVE
>> load printers = No
>> dns proxy = No
>> lock spin time = 3
>> idmap config * : range =
>> idmap config * : backend = tdb
>> strict locking = No
>>
>>
> See here for setting up an AD domain member:
> https://wiki.samba.org/index.php/Setup_Samba_as_an_AD_Domain_Member
>
> You will also need to run winbind if you are not already running it.
>
> Rowland
>
--
C. J. Keist Email: cj.keist at colostate.edu
Systems Group Manager Solaris 10 OS (SAI)
Engineering Network Services Phone: 970-491-0630
College of Engineering, CSU Fax: 970-491-5569
Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'
More information about the samba
mailing list