[Samba] Can't setup shares on domain member server samba4
Telium Technical Support
support at telium.ca
Mon Jan 23 19:16:35 UTC 2017
I have a new CentOS 7 installation which I joined to my domain using 'realm
join mydomain.com'. That worked great. I can get a ticket with 'kinit
administrator at mydomain.com'.
But my samba shares don't work. In fact, when I browse (from windows 7
domain member) to the host (lserver), it just times out. Similarly, when I
try from another Linux server:
smbclient //lserver/test -U administrator at ocg.ca
Enter administrator at ocg.ca's password:
session setup failed: NT_STATUS_NO_LOGON_SERVERS
I've gone in circles adding nmb, windbind, changing smb.conf options, etc.
After 3 days I'm pulling my hair out. My exact same configuration works
fine on Centos 6. I've included some output from a samba log showing the
smbclient failure.
I would appreciate any help! Not sure where to go next. (domain name
disguised below FYI)
------------------smb log for attempts
above-----------------------------------
[2017/01/23 14:11:21.441423, 0, pid=19581, effective(0, 0), real(0, 0),
class=auth]
../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client
session to machine DC.MYDOMAIN.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2017/01/23 14:11:21.441541, 0, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_domain.c:184(domain_client_validate)
domain_client_validate: Domain password server not available.
[2017/01/23 14:11:21.441575, 5, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
check_ntlm_password: winbind authentication for user [administrator]
FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441588, 2, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [administrator] ->
[administrator] FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441598, 5, pid=19581, effective(0, 0), real(0, 0)]
../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
Checking NTLMSSP password for MYDOMAIN\administrator failed:
NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441614, 5, pid=19581, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
../auth/ntlmssp/ntlmssp_server.c:737: Checking NTLMSSP password for
MYDOMAIN\administrator failed: NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441626, 2, pid=19581, effective(0, 0), real(0, 0)]
../auth/gensec/spnego.c:719(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS
------------------------------smb.conf--------------------------------------
---
[global]
password server = 172.31.254.31
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind offline logon = true
workgroup = MYDOMAIN
realm = mydomain.com
hosts allow = 127. 172.31.
server string = Linux Server
log file = /var/log/samba/%m.log
max log size = 50
log level = 10
unix extensions = no
wide links = yes
load printers = No
cups options = raw
printcap name = /dev/null
encrypt passwords = yes
passdb backend = tdbsam
guest ok = yes
guest account = nobody
wins support = yes
wins server = 172.31.243.31
kerberos method = secrets and keytab
[test]
comment = Root of filesystem
path = /test
valid users = @"domain
admins"@mydomain.com,"myuser"@mydomain.com,root
-------------------------------krb5.conf-----------------------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.COM
ticket_lifetime = 24h
forwardable = yes
[realms]
MYDOMAIN.COM = {
kdc = dc.MYDOMAIN.COM
master_kdc = dc.MYDOMAIN.COM
admin_server = dc.MYDOMAIN.COM
default_domain = MYDOMAIN.COM
}
[domain_realm]
.MYDOMAIN.COM = MYDOMAIN.COM
MYDOMAIN.COM = MYDOMAIN.COM
More information about the samba
mailing list