[Samba] Samba 4.10 member: SMB login no longer working

[Rowland penny]

On 26/06/2019 18:44, Matthew Delfino via samba wrote:
> Thank you, Louis, for your reply.
>
>
> By simply asking me to provide outputs of the aforementioned files, I found the cause of my first problem (auth failing). It was my /etc/hosts file on dc1.
>
>
> All of them should look like this, and indeed DC2 and DC3's *did* look like this:
Sorry, but no they shouldn't look like that
> # cat /etc/hosts
>> 127.0.0.1       localhost.samdom.mycompany.net  localhost
>> 192.168.3.201 dc1.samdom.mycompany.net dc1
>> 192.168.3.202 dc2.samdom.mycompany.net dc2
>> 192.168.3.203 dc3.samdom.mycompany.net dc3
>>   
>> # The following lines are desirable for IPv6 capable hosts
>> ::1     localhost ip6-localhost ip6-loopback
>> ff02::1 ip6-allnodes
>> ff02::2 ip6-allrouters

They should look like this:

127.0.0.1       localhost
192.168.3.201 dc1.samdom.mycompany.net dc1

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Replace the DC's info with correct info for the DC it is on.

You do not need all the DC's in every /etc/hosts

> But, I still see this whenever I compare any of my DCs to DC1:
>
>
>
> # samba-tool ldapcmp ldap://dc1 ldap://dc2 -Uadministrator
>> Password for [SAMDOM\administrator]:
>>   
>> * Comparing [DOMAIN] context...
>>   
>> * Objects to be compared: 1723
>>   
>> Comparing:
>> 'CN=DC2,OU=DOMAIN CONTROLLERS,DC=SAMDOM,DC=MYCOMPANY,DC=NET' [ldap://dc1]
>> 'CN=DC2,OU=DOMAIN CONTROLLERS,DC=SAMDOM,DC=MYCOMPANY,DC=NET' [ldap://dc2]
>>      Attributes found only in ldap://dc2:        SERVERREFERENCEBL
>>   
>>      FAILED
>>   
>> * Result for [DOMAIN]: FAILURE
>>   
>> SUMMARY
>> ---------
>>   
>> Attributes found only in ldap://dc2:
>>   
>>      SERVERREFERENCEBL

I think this is another of attributes that got clobered by the 'oops, we 
uppercased a lot of the attribute names' bug, or,to put it another way, 
you can ignore it ;-)

Rowland