[Samba] Samba loose the user forward as member Server
admins aixtema
admins at aixtema.de
Wed Sep 21 08:32:59 UTC 2016
Hi,
i am at the end of my knowledge.
Our PDC works fine all user can access the Samba Shares, Windows Logins
are Working, all fine.
But our Member Server makes me ($=%§=(%(§=.
When i join the Domain all is fine and all Shares are working
net rpc join -S DOMAINSERVER -U Administrator
Using short domain name -- DOMAIN
Joined 'SERVER1' to domain 'DOMAIN'
net rpc testjoin -S DOMAINSERVER -U ADMINISTRATOR
Join to 'DOMAIN' is OK
but after some time, mostly over night the User forward to the PDC wont
work anymore
[2016/08/31 08:29:14.347232, 2]
../source3/rpc_server/samr/srv_samr_nt.c:4004(_samr_LookupDomain)
Returning domain sid for domain DOMAIN ->
S-1-5-21-1978212312-4363474585695-122580615
2016/08/31 08:27:51.706586, 2]
../source3/lib/smbldap.c:794(smbldap_open_connection)
smbldap_open_connection: connection opened
[2016/08/31 08:27:51.707693, 2]
../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: isso-dev-back$
[2016/08/31 08:27:51.709160, 0]
../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
Failed to find a Unix account for isso-dev-back$
[2016/08/31 08:27:51.710181, 0]
../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
Failed to find a Unix account for isso-dev-back$
[2016/08/31 08:27:51.711121, 0]
../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
Failed to find a Unix account for isso-dev-back$
[2016/08/31 08:27:51.711919, 0]
../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
Failed to find a Unix account for isso-dev-back$
[2016/08/31 08:27:51.712797, 0]
../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
Failed to find a Unix account for isso-dev-back$
[2016/08/31 08:27:51.717828, 2]
../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
init_sam_from_ldap: Entry found for user: proggi4$
[2016/08/31 08:27:51.718747, 0]
../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
Failed to find a Unix account for proggi4$
[2016/08/31 08:27:51.719473, 1]
../source3/auth/server_info_sam.c:85(make_server_info_sam)
User proggi4$ in passdb, but getpwnam() fails!
[2016/08/31 08:27:51.719513, 0]
../source3/auth/check_samsec.c:494(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2016/08/31 08:27:51.719549, 2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2016/08/31 08:29:28.291279, 2]
../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [PC1$] -> [PC1$]
FAILED with error NT_STATUS_NO_SUCH_USER
the only thing what then works is to rejoin the domain
net rpc join -S DOMAINSERVER -U Administrator
after that all Shares work again, but that is not a solotuin to work with.
smbclient -L \\memberserver -N
Anonymous login successful
Domain=[DOMAIn] OS=[Windows 6.1] Server=[Samba 4.5.0]
Sharename Type Comment
--------- ---- -------
dev Disk Develop
IPC$ IPC IPC Service (Samba Server Version
4.5.0)
gives this and after around 1 min he stops
after domain join
Domain=[GALAXY] OS=[Windows 6.1] Server=[Samba 4.5.0]
Sharename Type Comment
--------- ---- -------
dev Disk dev
IPC$ IPC IPC Service (Samba Server Version
4.5.0)
Anonymous login successful
Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.5.0]
Server Comment
--------- -------
MEMBERSERVER Samba Server Version 4.5.0
DOMAIN DOMAIN
Workgroup Master
--------- -------
DOMAIN PDC
and all works fine
Does anyone of you have a idea what is wrong?
The last idea i have is to change from member Server to Standalone
Server but this is only a workaround not a solution
Systems (booth gentoo)
PDC (NOT AD DC still old samba DC)
net-fs/samba-4.2.12 USE="acl aio client cups fam gnutls ldap pam
system-mitkrb5 systemd winbind -addc -addns -ads -avahi -cluster -dmapi
-iprint -quota (-selinux) -syslog {-test}" ABI_X86="32 (64) (-x32)"
PYTHON_TARGETS="python2_7"
memberserver
net-fs/samba-4.5.0::gentoo USE="acl client fam gnutls ldap pam
system-mitkrb5 systemd -addc -addns -ads -avahi -cluster -cups -dmapi
-iprint -quota (-selinux) -syslog {-test} -winbind" ABI_X86="32 (64)
(-x32)" PYTHON_TARGETS="python2_7" 0 KiB
Samba PDC 4.1.12
global]
panic action = /usr/share/samba/panic-action %d
dos charset = cp1255
unix charset = utf-8
workgroup = DOMAIN
netbios name = HOSTNAME
# interfaces = bond0 lo eth5
interfaces = 192.168.1.2/24
bind interfaces only = yes
hosts allow = 192.168.1.
socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
SO_RCVBUF=4096
# new from samba 3.6
client ntlmv2 auth = yes
#client use spnego principal = no
#send spnego principal = no
#max protocol = smb2
## notwendig für Windows 10
max protocol = NT1
# use client driver = no
# WINNT specific
# security = domain
# domain logins = yes
server string = PHOENIX
load printers = yes
printing = cups
printcap = cups
syslog only = no
syslog = 1
log level = 2
log file = /var/log/samba/log.%m
max log size = 1000
encrypt passwords = true
# null passwords = no
wins support = yes
domain master = yes
local master = yes
# preferred master = yes
enhanced browsing = yes
browse list = yes
name resolve order = lmhosts host wins bcast
domain logons = yes
os level = 64
# Domain Config
allow trusted domains = yes
logon home = \\%L\homes
logon drive = H:
logon script = %U.bat
logon path = \\%L\%U\profiles
dns proxy = no
preserve case = yes
short preserve case = yes
## getpeername fails
# use sendfile = no
# large readwrite = no
# max xmit = 16644
# LDAP
# ldap trust ids = Yes
# ldapsam:trusted=yes
ldap ssl = off
passdb backend = ldapsam:ldap://127.0.0.1/
ldap admin dn = cn=admin,o=company,c=de
ldap suffix = ou=company,o=company,c=de
ldap user suffix = ou=people
ldap group suffix = ou=group
ldap machine suffix = ou=computers
idmap backend = ldap:ldap://127.0.0.1/
ldap idmap suffix = ou=idMap
idmap uid = 40000-50000
idmap gid = 40000-50000
ldap passwd sync = yes
check password script = /sbin/crackcheck -c -d
/usr/lib64/cracklib_dict
MEMBER SERVER
Samba 4.1.12 /.14 / 4.5.0
[global]
workgroup = DOMAIN
realm = DOMAIN
#netbios name = %h
server string = Samba Server Version %v
#security = user
security = domain
server role = member server
ntlm auth = No
log file = /var/log/samba/log.%m
max log size = 50
idmap config * : backend = tdb
cups options = raw
interfaces = 192.168.1.20/24
hosts allow = 192.168.1.
#wins support = Yes
[dev]
comment = dev
browsable = yes
writeable = yes
public = yes
read only = no
valid users = USER
# delete readonly = yes
create mode = 0774
directory mode = 0775
create mode = 0774
directory mode = 0775
force create mode = 0600
force group = USER
path = /mnt/folder
Mit freundlichen Grüßen,
René Fuchs
--
***********************************************
aixtema GmbH
René Fuchs
Philipsstr. 8, 52068 Aachen, Germany
Tel.: +49 241 70515-1323, Fax: +49 241 70515-15
mailto:r.fuchs at aixtema.de
WWW: http://www.aixtema.de
Shop: http://shop.aixtema.de
Geschaeftsfuehrer: Oliver Rossbruch
HRB 8201, Amtsgericht Aachen
USt.-Id-Nr. DE 210 906 744
St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt
***********************************************
More information about the samba
mailing list