[Samba] Developed an issue with Samba File Server integrated with Samba-AD

Anantha Raghava raghav at exzatechconsulting.com
Sat Jun 30 15:39:07 UTC 2018

Hello Rowland,
> On Sat, 30 Jun 2018 14:51:48 +0530
> Anantha Raghava via samba <samba at lists.samba.org> wrote:
>> Hi,
>> We have been using Samba File Server (Version 4.3.11 Ubuntu 14.04
>> LTS) for quite sometime now. We recently installed Samba-AD (Samba AD
>> Version 4.7.6) and made the file server a member of the Domain.
>> Everything was fine till around 11:15 am yesterday. We just added one
>> more share folder and gave access to three users and restarted Samba
>> File Server services
>> - smbd, nmbd and winbindd - services and we lost the file server.
>> None of the domain user is able to login to file server and access
>> their shares. If we access the shares from a non-domain member PC,
>> shares are accessible.
>> File server when accessed asks for user name & password. Once the
>> user feeds his credentials, the login fails and again the file server
>> will ask for user credentials. This is really surprising.
>> We enabled log level 3 on both samba servers (File & AD Server) and
>> we see nothing with respect to this error.
>> Our smb.conf (samba file server) and Samba-AD (AD-smb.conf) are
>> attached.
>> I am aware that Samba file server is very old and it's time to
>> upgrade. However, getting it back live is now critical for us.
>> Look forward for any guidance.
>> Thanks & Regards,
>> Anantha Raghava
>> Do not print this e-mail unless required. Save Paper & trees.
> There doesn't seen to be anything really wrong with the Unix domain
> member smb.conf, apart from it having a netlogon share (this in my
> opinion should only be on a PDC or DC). I would leave the domain,
> remove the netlogon share, remove all Samba .ldb and .tdb files
> (usually in /var/lib/samba), then rejoin the domain and restart the
> samba deamons (nmbd, smbd and winbindd), this will recreate all the
> Samba databases.
> If this doesn't work, add 'log level = 10' to smb.conf on the Unix
> domain member and see if anything pops out.
> I have however noticed this:
> DC smb.conf:
>   	realm = XXXX.COM
> 	workgroup = XXXX
> [netlogon]
> 	path = /usr/local/samba/var/locks/sysvol/exza.com/scripts
> Unix domain member smb.conf:
>      workgroup = CSAEROTHERM
>      realm = CSAEROTHERM.COM
> On the DC, the realm appears to actually be 'exza.com' but on the Unix
> domain member it is set to 'CSAEROTHERM.COM', these must match, yours
> don't.
This is matching. I was just comparing the smb.conf of AD DC on exza.com 
server with that of CSAEROTHERM.COM. Since it was same, I just copied 
smb.conf from exza.com server and attached to the mail.

I tried the your suggestion. I attempted to leave domain. it resulted in:

root at samba-64:/var/lib/samba# net ads leave -U administrator
No realm set, are we joined ?

& If I try to join the domain, it results in :

root at samba-64:/var/lib/samba# net ads join -U administrator
Host is not configured as a member server.
Invalid configuration.  Exiting....
Failed to join domain: This operation is only allowed for the PDC of the 

> Rowland

Anantha Raghava

More information about the samba mailing list