[Samba] New Domain can't connect to localhost

L.P.H. van Belle belle at bazuin.nl
Fri Aug 23 15:52:49 UTC 2019 

Hai, 

A quick reply, i was almost out of the office here.. 

Your config looks ok except one thing. 

You can try switching the hosts, like this. 
/etc/nsswitch.conf 
hosts:          files dns mdns4_minimal [NOTFOUND=return]

I suggest you verify the dns A PTR NS records of the servers. 
https://wiki.samba.org/index.php/DNS_Administration 

https://wiki.samba.org/index.php/Testing_the_DNS_Name_Resolution 

Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Robert A Wooldridge via samba
> Verzonden: vrijdag 23 augustus 2019 17:44
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] New Domain can't connect to localhost
> 
> On 08/23/2019 01:48 AM, L.P.H. van Belle via samba wrote:
> > Hai,
> >
> > Still problems in your resolving setup?
> > Try //FQDN/netlogon
> No, this doesn't work either.  Tried both //athena/netlogon and 
> //athena.edm-inc.com/netlogon
> >
> > But that said, my 4.10.6 works fine.
> >
> > smbclient //localhost/netlogon -UAdministrator -c 'ls'
> > Enter NTDOM\Administrator's password:
> >    .                                   D        0  Tue Feb 
> 13 14:14:08 2018
> >    ..                                  D        0  Fri Jul 
> 26 09:39:59 2019
> >    firefox_startup.vbs.off             A    25091  Sun Jul  
> 3 03:56:20 2016
> >
> >
> > Can you run :
> > 
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-c
ollect-debug-info.sh
> > And post the output, anonimize it where needed.
> Results:
> Collected config  --- 2019-08-23-10:33 -----------
> 
> Hostname: athena
> DNS Domain: edm-inc.com
> FQDN: athena.edm-inc.com
> ipaddress: 10.10.1.10
> 
> -----------
> 
> Samba is running as an AD DC
> 
> -----------
>         Checking file: /etc/os-release
> 
> PRETTY_NAME="Debian GNU/Linux 10 (buster)"
> NAME="Debian GNU/Linux"
> VERSION_ID="10"
> VERSION="10 (buster)"
> VERSION_CODENAME=buster
> ID=debian
> HOME_URL="https://www.debian.org/"
> SUPPORT_URL="https://www.debian.org/support"
> BUG_REPORT_URL="https://bugs.debian.org/"
> 
> -----------
> 
> 
> This computer is running Debian 10.0 x86_64
> 
> -----------
> running command : ip a
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
> group default qlen 1000
>      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
>      inet 127.0.0.1/8 scope host lo
>      inet6 ::1/128 scope host
> 2: enp0s25: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc 
> pfifo_fast state DOWN group default qlen 1000
>      link/ether 00:1c:c0:ec:25:25 brd ff:ff:ff:ff:ff:ff
>      inet 10.10.1.10/16 brd 10.10.255.255 scope global 
> noprefixroute enp0s25
>      inet6 fe80::21c:c0ff:feec:2525/64 scope link noprefixroute
> 
> -----------
>         Checking file: /etc/hosts
> 
> 127.0.0.1    localhost
> 10.10.1.10    athena.edm-inc.com    athena
> 
> # The following lines are desirable for IPv6 capable hosts
> ::1     localhost ip6-localhost ip6-loopback
> ff02::1 ip6-allnodes
> ff02::2 ip6-allrouters
> 
> -----------
> 
>         Checking file: /etc/resolv.conf
> 
> nameserver 10.10.1.10
> search edm-inc.com
> 
> -----------
> 
>         Checking file: /etc/krb5.conf
> 
> [libdefaults]
>      default_realm = EDM-INC.COM
>      dns_lookup_realm = false
>      dns_lookup_kdc = true
> 
> -----------
> 
>         Checking file: /etc/nsswitch.conf
> 
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages 
> installed, try:
> # `info libc "Name Service Switch"' for information about this file.
> 
> passwd:         files systemd
> group:          files systemd
> shadow:         files
> gshadow:        files
> 
> hosts:          files mdns4_minimal [NOTFOUND=return] dns
> networks:       files
> 
> protocols:      db files
> services:       db files
> ethers:         db files
> rpc:            db files
> 
> netgroup:       nis
> 
> -----------
> 
>         Checking file: /etc/samba/smb.conf
> 
> # Global parameters
> [global]
>      dns forwarder = 10.10.1.1
>      netbios name = ATHENA
>      realm = EDM-INC.COM
>      server role = active directory domain controller
>      workgroup = EDM
>      idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
>      path = /var/lib/samba/sysvol/edm-inc.com/scripts
>      read only = No
> 
> [sysvol]
>      path = /var/lib/samba/sysvol
>      read only = No
> 
> -----------
> 
> BIND_DLZ not detected in smb.conf
> 
> -----------
> 
> Installed packages:
> ii  acl 2.2.53-4                        amd64        access 
> control list 
> - utilities
> ii  attr 1:2.4.48-4                      amd64        utilities for 
> manipulating filesystem extended attributes
> ii  fonts-quicksand 0.2016-2                        all          
> sans-serif font with round attributes
> ii  krb5-config 2.6                             all          
> Configuration files for Kerberos Version 5
> ii  krb5-locales 1.17-3                          all          
> internationalization support for MIT Kerberos
> ii  krb5-user 1.17-6                          amd64        basic 
> programs to authenticate using MIT Kerberos
> ii  libacl1:amd64 2.2.53-4                        amd64        access 
> control list - shared library
> ii  libattr1:amd64 1:2.4.48-4                      amd64      
>   extended 
> attribute handling - shared library
> ii  libgssapi-krb5-2:amd64 1.17-6                          
> amd64        
> MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
> ii  libkrb5-3:amd64 1.17-6                          amd64        MIT 
> Kerberos runtime libraries
> ii  libkrb5support0:amd64 1.17-6                          
> amd64        
> MIT Kerberos runtime libraries - Support library
> ii  libnss-winbind:amd64 2:4.9.11+dfsg-1                 amd64        
> Samba nameservice integration plugins
> ii  libpam-krb5:amd64 4.8-2                           amd64   
     PAM 
> module for MIT Kerberos
> ii  libpam-winbind:amd64 2:4.9.11+dfsg-1                 amd64        
> Windows domain authentication integration plugin
> ii  libsmbclient:amd64 2:4.9.11+dfsg-1                 amd64        
> shared library for communication with SMB/CIFS servers
> ii  libwbclient0:amd64 2:4.9.11+dfsg-1                 amd64        
> Samba winbind client library
> ii  python-samba 2:4.9.11+dfsg-1                 amd64        Python 
> bindings for Samba
> ii  samba 2:4.9.11+dfsg-1                 amd64        SMB/CIFS file, 
> print, and login server for Unix
> ii  samba-common 2:4.9.11+dfsg-1                 all          common 
> files used by both the Samba server and client
> ii  samba-common-bin 2:4.9.11+dfsg-1                 amd64    
    Samba 
> common files used by both the server and the client
> ii  samba-dsdb-modules:amd64 2:4.9.11+dfsg-1                 
> amd64        Samba Directory Services Database
> ii  samba-libs:amd64 2:4.9.11+dfsg-1                 amd64    
    Samba 
> core libraries
> ii  samba-vfs-modules:amd64 2:4.9.11+dfsg-1                 
> amd64        
> Samba Virtual FileSystem plugins
> ii  smbc 1.2.2-4+b3                      amd64        
> samba-commander - 
> curses based samba network browser
> ii  smbclient 2:4.9.11+dfsg-1                 amd64        
> command-line 
> SMB/CIFS clients for Unix
> ii  winbind 2:4.9.11+dfsg-1                 amd64        service to 
> resolve user and group information from Windows NT servers
> 
> -----------
> 
> -- 
> Bob Wooldridge
> EDM Incorporated
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

More information about the samba mailing list