[Samba] Developed an issue with Samba File Server integrated with Samba-AD

Rowland Penny rpenny at samba.org
Sat Jun 30 11:43:20 UTC 2018 

On Sat, 30 Jun 2018 14:51:48 +0530
Anantha Raghava via samba <samba at lists.samba.org> wrote:

> Hi,
> 
> We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04
> LTS) for quite sometime now. We recently installed Samba-AD (Samba AD
> Version 4.7.6) and made the file server a member of the Domain.
> Everything was fine till around 11:15 am yesterday. We just added one
> more share folder and gave access to three users and restarted Samba
> File Server services 
> - smbd, nmbd and winbindd - services and we lost the file server.
> None of the domain user is able to login to file server and access
> their shares. If we access the shares from a non-domain member PC,
> shares are accessible.
> 
> File server when accessed asks for user name & password. Once the
> user feeds his credentials, the login fails and again the file server
> will ask for user credentials. This is really surprising.
> 
> We enabled log level 3 on both samba servers (File & AD Server) and
> we see nothing with respect to this error.
> 
> Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are
> attached.
> 
> I am aware that Samba file server is very old and it's time to
> upgrade. However, getting it back live is now critical for us.
> 
> Look forward for any guidance.
> 
> 
> Thanks & Regards,
> 
> 
> Anantha Raghava
> 
> 
> Do not print this e-mail unless required. Save Paper & trees.
> 

There doesn't seen to be anything really wrong with the Unix domain
member smb.conf, apart from it having a netlogon share (this in my
opinion should only be on a PDC or DC). I would leave the domain,
remove the netlogon share, remove all Samba .ldb and .tdb files
(usually in /var/lib/samba), then rejoin the domain and restart the
samba deamons (nmbd, smbd and winbindd), this will recreate all the
Samba databases.

If this doesn't work, add 'log level = 10' to smb.conf on the Unix
domain member and see if anything pops out.

I have however noticed this:

DC smb.conf:

 	realm = XXXX.COM
	workgroup = XXXX

[netlogon]
	path = /usr/local/samba/var/locks/sysvol/exza.com/scripts

Unix domain member smb.conf:

    workgroup = CSAEROTHERM
    realm = CSAEROTHERM.COM

On the DC, the realm appears to actually be 'exza.com' but on the Unix
domain member it is set to 'CSAEROTHERM.COM', these must match, yours
don't.

Rowland

More information about the samba mailing list