[Samba] Samba loose the user forward as member Server

Rylan Merritt rylanmrrtt5 at gmail.com
Wed Sep 21 16:35:53 UTC 2016


Hi,

Is your replication between you PDC and you member server working?

You can run "samba-tool drs showrepl". Which should help you determine
if the replication is functioning correctly.

Here is a related link to the Samba wiki that may help :-)

https://wiki.samba.org/index.php/Samba_AD_DC_Troubleshooting

Best Regards,

- Rylan

On Wed, Sep 21, 2016 at 2:32 AM, admins aixtema via samba
<samba at lists.samba.org> wrote:
> Hi,
> i am at the end of my knowledge.
> Our PDC works fine all user can access the Samba Shares, Windows Logins are
> Working, all fine.
>
> But our Member Server makes me ($=%§=(%(§=.
>
> When i join the Domain all is fine and all Shares are working
>
> net rpc join -S DOMAINSERVER -U Administrator
> Using short domain name -- DOMAIN
> Joined 'SERVER1' to domain 'DOMAIN'
>
> net rpc testjoin -S DOMAINSERVER -U ADMINISTRATOR
> Join to 'DOMAIN' is OK
>
> but after some time, mostly over night the User forward to the PDC wont work
> anymore
>
> [2016/08/31 08:29:14.347232,  2]
> ../source3/rpc_server/samr/srv_samr_nt.c:4004(_samr_LookupDomain)
>     Returning domain sid for domain DOMAIN ->
> S-1-5-21-1978212312-4363474585695-122580615
> 2016/08/31 08:27:51.706586,  2]
> ../source3/lib/smbldap.c:794(smbldap_open_connection)
>     smbldap_open_connection: connection opened
> [2016/08/31 08:27:51.707693,  2]
> ../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
>     init_sam_from_ldap: Entry found for user: isso-dev-back$
> [2016/08/31 08:27:51.709160,  0]
> ../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
>     Failed to find a Unix account for isso-dev-back$
> [2016/08/31 08:27:51.710181,  0]
> ../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
>     Failed to find a Unix account for isso-dev-back$
> [2016/08/31 08:27:51.711121,  0]
> ../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
>     Failed to find a Unix account for isso-dev-back$
> [2016/08/31 08:27:51.711919,  0]
> ../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
>     Failed to find a Unix account for isso-dev-back$
> [2016/08/31 08:27:51.712797,  0]
> ../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
>     Failed to find a Unix account for isso-dev-back$
> [2016/08/31 08:27:51.717828,  2]
> ../source3/passdb/pdb_ldap.c:524(init_sam_from_ldap)
>     init_sam_from_ldap: Entry found for user: proggi4$
> [2016/08/31 08:27:51.718747,  0]
> ../source3/passdb/lookup_sid.c:1556(get_primary_group_sid)
>     Failed to find a Unix account for proggi4$
> [2016/08/31 08:27:51.719473,  1]
> ../source3/auth/server_info_sam.c:85(make_server_info_sam)
>     User proggi4$ in passdb, but getpwnam() fails!
> [2016/08/31 08:27:51.719513,  0]
> ../source3/auth/check_samsec.c:494(check_sam_security)
>     check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
> [2016/08/31 08:27:51.719549,  2]
> ../source3/auth/auth.c:315(auth_check_ntlm_password)
>     check_sam_security: make_server_info_sam() failed with
> 'NT_STATUS_NO_SUCH_USER'
> [2016/08/31 08:29:28.291279,  2]
> ../source3/auth/auth.c:315(auth_check_ntlm_password)
>     check_ntlm_password:  Authentication for user [PC1$] -> [PC1$] FAILED
> with error NT_STATUS_NO_SUCH_USER
>
> the only thing what then works is to rejoin the domain
> net rpc join -S DOMAINSERVER -U Administrator
> after that all Shares work again, but that is not a solotuin to work with.
>
> smbclient -L \\memberserver  -N
> Anonymous login successful
> Domain=[DOMAIn] OS=[Windows 6.1] Server=[Samba 4.5.0]
>
>           Sharename       Type      Comment
>           ---------       ----      -------
>           dev         Disk      Develop
>           IPC$            IPC       IPC Service (Samba Server Version 4.5.0)
>
> gives this and after around 1 min he stops
>
> after domain join
> Domain=[GALAXY] OS=[Windows 6.1] Server=[Samba 4.5.0]
>
>           Sharename       Type      Comment
>           ---------       ----      -------
>           dev                   Disk      dev
>           IPC$            IPC       IPC Service (Samba Server Version 4.5.0)
> Anonymous login successful
> Domain=[DOMAIN] OS=[Windows 6.1] Server=[Samba 4.5.0]
>
>           Server               Comment
>           ---------            -------
>           MEMBERSERVER        Samba Server Version 4.5.0
>           DOMAIN              DOMAIN
>
>           Workgroup            Master
>           ---------            -------
>           DOMAIN               PDC
>
> and all works fine
>
>
> Does anyone of you have a idea what is wrong?
> The last idea i have is to change from member Server to Standalone Server
> but this is only a workaround not a solution
>
> Systems (booth gentoo)
>
> PDC (NOT AD DC still old samba DC)
>    net-fs/samba-4.2.12  USE="acl aio client cups fam gnutls ldap pam
> system-mitkrb5 systemd winbind -addc -addns -ads -avahi -cluster -dmapi
> -iprint -quota (-selinux) -syslog {-test}" ABI_X86="32 (64) (-x32)"
> PYTHON_TARGETS="python2_7"
>
> memberserver
> net-fs/samba-4.5.0::gentoo  USE="acl client fam gnutls ldap pam
> system-mitkrb5 systemd -addc -addns -ads -avahi -cluster -cups -dmapi
> -iprint -quota (-selinux) -syslog {-test} -winbind" ABI_X86="32 (64) (-x32)"
> PYTHON_TARGETS="python2_7" 0 KiB
>
> Samba PDC 4.1.12
>
> global]
>      panic action = /usr/share/samba/panic-action %d
>      dos charset = cp1255
>      unix charset = utf-8
>      workgroup = DOMAIN
>      netbios name = HOSTNAME
>      # interfaces = bond0 lo eth5
>      interfaces = 192.168.1.2/24
>      bind interfaces only = yes
>      hosts allow = 192.168.1.
>      socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096
> SO_RCVBUF=4096
>
> # new from samba 3.6
> client ntlmv2 auth = yes
> #client use spnego principal = no
> #send spnego principal = no
>
> #max protocol = smb2
> ## notwendig für Windows 10
>      max protocol = NT1
>
> # use client driver = no
>
> # WINNT specific
> #  security = domain
> #  domain logins = yes
>      server string =  PHOENIX
>      load printers = yes
>      printing = cups
>      printcap = cups
>      syslog only = no
>      syslog = 1
>      log level = 2
>      log file = /var/log/samba/log.%m
>      max log size = 1000
>      encrypt passwords = true
> #  null passwords = no
>      wins support = yes
>      domain master = yes
>      local master = yes
> #  preferred master = yes
>      enhanced browsing = yes
>      browse list = yes
>      name resolve order = lmhosts host wins bcast
>      domain logons = yes
>      os level = 64
> # Domain Config
>      allow trusted domains = yes
>      logon home = \\%L\homes
>      logon drive = H:
>      logon script = %U.bat
>      logon path = \\%L\%U\profiles
>      dns proxy = no
>      preserve case = yes
>      short preserve case =  yes
>
> ## getpeername fails
> #   use sendfile = no
> #   large readwrite = no
> #   max xmit = 16644
>
> # LDAP
> #   ldap trust ids = Yes
> #   ldapsam:trusted=yes
>      ldap ssl = off
>      passdb backend = ldapsam:ldap://127.0.0.1/
>      ldap admin dn = cn=admin,o=company,c=de
>      ldap suffix = ou=company,o=company,c=de
>      ldap user suffix = ou=people
>      ldap group suffix = ou=group
>      ldap machine suffix = ou=computers
>      idmap backend     = ldap:ldap://127.0.0.1/
>      ldap idmap suffix = ou=idMap
>      idmap uid         = 40000-50000
>      idmap gid         = 40000-50000
>      ldap passwd sync = yes
>      check password script = /sbin/crackcheck -c -d /usr/lib64/cracklib_dict
>
>
> MEMBER SERVER
> Samba 4.1.12 /.14 / 4.5.0
>
> [global]
>
> workgroup = DOMAIN
> realm = DOMAIN
> #netbios name = %h
> server string = Samba Server Version %v
> #security = user
> security = domain
> server role = member server
> ntlm auth = No
> log file = /var/log/samba/log.%m
> max log size = 50
> idmap config * : backend = tdb
> cups options = raw
> interfaces = 192.168.1.20/24
> hosts allow = 192.168.1.
> #wins support = Yes
>
>
> [dev]
>      comment = dev
>      browsable = yes
>      writeable = yes
>      public = yes
>      read only = no
>      valid users =  USER
>      #   delete readonly = yes
>      create mode = 0774
>      directory mode = 0775
>      create mode = 0774
>      directory mode = 0775
>      force create mode = 0600
>      force group = USER
>      path = /mnt/folder
>
>
> Mit freundlichen Grüßen,
> René Fuchs
>
>
> --
> ***********************************************
> aixtema GmbH
> René Fuchs
> Philipsstr. 8, 52068 Aachen, Germany
> Tel.: +49 241 70515-1323, Fax: +49 241 70515-15
> mailto:r.fuchs at aixtema.de
>
> WWW: http://www.aixtema.de
> Shop: http://shop.aixtema.de
>
> Geschaeftsfuehrer: Oliver Rossbruch
> HRB 8201, Amtsgericht Aachen
> USt.-Id-Nr. DE 210 906 744
> St.-Nr. 201/5942/3737, Finanzamt Aachen Stadt
> ***********************************************
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba



More information about the samba mailing list