[Samba] Member server losing smb connection

L.P.H. van Belle belle at bazuin.nl
Mon Nov 14 15:47:03 UTC 2016 

Ah, ok. 

Fist configure the standalone like this :

    preferred master = no
    domain master = no 


configure ONE and only one!!  AD member like this.  
Preferred a member of the AD domain, i did choose my user profile server. 

    preferred master = yes
    domain master = yes
    dns proxy = yes

and remove the wins server lines. 
Reboot that member and check again. 

Best it not to use : 
\\hostname\share 
And also not 
\\IP_NUMBER\share

But 
\\FQ.DN\share

And please setup the TLS for your servers. 
It really really helps a lot.


Make sure your dns resolving is correct and read the man smb.conf for the dns proxy paramter. 

That should help out for you. 

Greetz, 

Louis


> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson
> Trophy via samba
> Verzonden: maandag 14 november 2016 16:21
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Member server losing smb connection
> 
> On 2016-11-14 09:04, Bob of Donelson Trophy via samba wrote:
> 
> > On 2016-11-14 08:39, L.P.H. van Belle via samba wrote:
> >
> > Is this on a windows 7 or 10 client or both?
> > Are you useing \\FQ.DN\share or \\hostname\share
> > Try the FQ.DN, as Microsoft advices.
> >
> > And where are the TLS parameters in the below config.
> > Did you set this up?
> >
> > Greetz,
> >
> > Louis
> >
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Bob of Donelson
> > Trophy via samba
> > Verzonden: maandag 14 november 2016 15:18
> > Aan: SAMBA MailList
> > Onderwerp: [Samba] Member server losing smb connection
> > Urgentie: Hoog
> >
> > I have a member server running Ubuntu 16.10, Samba 4.4.5 that is serving
> > files to W10 and W7 clients. Things appear fine and suddenly the server
> > share disappears and the W clients "cannot see" the server. The client
> > error message is: "The device or resource (member hostname) is nt setup
> > to accept is not setup to accept connections on port "The file and print
> > sharing (SMB)"."
> >
> > Here is the smb.conf file from the member:
> >
> > root at dtmbr02:~# cat /etc/samba/smb.conf
> > [global]
> > workgroup = DTDOM
> > server string = Samba Server Version %v
> > security = ads
> > realm = DTSHRM.DT
> > use sendfile = true
> >
> > log level = 4
> >
> > domain master = no
> > host msdfs = no
> >
> > idmap_ldb:use rfc2307 = yes
> > idmap config * : backend = tdb
> > idmap config * : range = 50001-80000
> > ## map ids from the domain  the range may not overlap !
> > idmap config DTDOM : backend = ad
> > idmap config DTDOM : schema_mode = rfc2307
> > idmap config DTDOM : range = 10000-40000
> > winbind separator = +
> > winbind nss info = rfc2307
> > winbind trusted domains only = no
> > winbind enum users = yes
> > winbind enum groups = yes
> > winbind use default domain = yes
> > winbind refresh tickets = yes
> > winbind offline logon = yes
> >
> > wins server = 192.168.116.49    192.168.116.50
> >
> > template shell = /bin/bash
> > template homedir = /home/samba/DTDOM/users/%U
> >
> > # user Administrator workaround, without it you are unable to set
> > privileges
> > username map = /etc/samba/samba_usermapping
> >
> > # For ACL support on member file server
> >
> > vfs objects = acl_xattr
> > map acl inherit = yes
> > store dos attributes = yes
> >
> > # Share Setting Globally
> > usershare allow guests = no
> > unix extensions = no
> > reset on zero vc = yes
> > veto files = /.bash_logout/.bash_profile/.bash_history/.bashrc/
> > hide unreadable = yes
> >
> > # disable printing completely
> > load printers = no
> > printing = bsd
> > printcap name = /dev/null
> > disable spoolss = yes
> >
> > restrict anonymous = 2
> > log file = /var/log/samba/log.%m
> > max log size = 50
> >
> > #============================ Share Definitions
> > ============================
> >
> > [testshare]
> > comment = Test share
> > path = /samba/testshare
> > read only = no
> > force group = "domain users"
> > directory mask = 0770
> > force directory mode = 0770
> > create mask = 0660
> > force create mode = 0660
> > follow symlinks = yes
> > wide links = yes
> >
> > #[Myshare]    ## an example found at askubuntu.com
> > #    writeable = yes
> > #    path = /shares/office
> > #    force directory mode = 770
> > #    force create mode = 770
> > #    force group = bureau
> > #    valid users = @bureau
> > #    write list = @bureau
> >
> > [data]
> > comment = Shared DT data
> > path = /home/samba/DTDOM/companydata
> > read only = no
> > force group = "domain users"
> > directory mask = 0770
> > force directory mode = 0770
> > create mask = 0660
> > force create mode = 0660
> > follow symlinks = no
> > wide links = no
> >
> > [Demo]
> > path = /srv/samba/Demo
> > read only = no
> >
> > follow symlinks = no
> > wide links = no
> >
> > [thome]
> > path = /srv/samba/thome/
> > read only = No
> >
> > follow symlinks = no
> > wide links = no
> >
> > ##4444444444444444444444444444444444444444
> > ##4444444444444444444444444444444444444444
> >
> > [home]
> > path = /home/samba/DTDOM/users
> > read only = no
> > follow symlinks = yes
> > wide links = yes
> >
> > [profiles]
> > path = /home/samba/DTDOM/profiles
> > read only = no
> > admin users = +"DTDOM\domain admins"
> > profile acls = yes
> > csc policy = disable
> >
> > follow symlinks = no
> > wide links = no
> >
> > Everything seemed to be working fine yesterday while I was moving files
> > from old server to newer server. Then this morning I am seeing this
> > complaint.
> >
> > I have tailed log files and, being somewhat unfamiliar, cannot see
> > anything significant. As this is a member server am I wrong, it is
> > running smbd, nmbd, & winbind and NOT samba as there is no log file for
> > samba?
> >
> > I have created this smb.conf by copy/paste old server config to new. (I
> > thought I was careful.)
> >
> > Does anyone see anything that might clash with SMB services? That could
> > be creating this SMB problem?
> >
> > Have I copy/pasted a error somewhere that I am overlooking?
> >
> > --
> > _______________________________
> >
> > Bob Wooden of Donelson Trophy
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> Thanks, Louis.
> 
> The old member server was the Debian Wheezy running SernetSamba
> 4.2.whatever setup with your old script. It did not have any TLS
> parameters so, the newer member does NOT have TLS either.
> 
> Since my initial post I have discovered, via the nmbd log that a
> "standalone server" (U16.04, Samba 4.3.11) is acting a domain master.
> This "standalone server is NOT joined to the domain. When I shutdown the
> "standalone" (to see what happens) the network becomes sluggish via
> either W10 or W7 clients. However, access to the newer member server is
> NOT allowed.
> 
> (This was working yesterday just fine. I'm baffled.)
> 
> I would be using a "\\hostname\share structure".
> 
> --
> _______________________________
> 
> Bob Wooden of Donelson Trophy
> 
> Never mind, I have a hardware failure issue!
> 
> --
> _______________________________
> 
> Bob Wooden of Donelson Trophy
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list