[Samba] mount.cifs STATUS_NO_LOGON_SERVERS

Rowland Penny rpenny at samba.org
Wed Aug 11 16:19:23 UTC 2021 

On Wed, 2021-08-11 at 18:01 +0200, Mark Amundsen via samba wrote:
> Hi and thanks for your time
> 
> 
> First of all, I cleaned up the krb5.conf according to the samba wiki
> and after that I can connect with smbclient using the three part
> style of the credentials file, i.e
> username=me
> password=thesecret
> domain=domain.example.com
> 
> but mount.cifs still says STATUS_NO_LOGON_SERVERS
> 
> 
> 
> > Is the 'linux box' joined to the domain ? If not, why not ?
> It is joined to the domain.
> 
> 
> > Lets start by you posting the smb.conf from all three machines
> > (hint:
> > post the output from 'samba-tool testparm --suppress-prompt' on the
> > DC
> > and 'testparm -s' on the others)
> 
> Here are the outputs you asked for. some info anonymized.
> 
> AD DC:
> root at doc:~# samba-tool testparm --suppress-prompt
> INFO 2021-08-11 17:18:37,355 pid:3345
> /usr/local/samba/lib/python3.7/site-packages/samba/netcmd/testparm.py 
> #96: Loaded smb config files from /etc/samba/smb.conf
> INFO 2021-08-11 17:18:37,355 pid:3345
> /usr/local/samba/lib/python3.7/site-packages/samba/netcmd/testparm.py 
> #97: Loaded services file OK.
> # Global parameters
> [global]
> dns forwarder = 1.2.3.4
> netbios name = DOC
> realm = THEDOMAIN.EXAMPLE.COM
> server role = active directory domain controller
> workgroup = THEDOMAIN
> idmap_ldb:use rfc2307 = yes
> 
> [netlogon]
> path =
> /usr/local/samba/var/locks/sysvol/thedomain.example.com/scripts
> read only = No
> 
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
> 
> 
> Fileserver:
> root at sneezy:~# testparm -s
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Weak crypto is allowed
> 
> Server role: ROLE_DOMAIN_MEMBER
> 
> # Global parameters
> [global]
> log file = /var/log/samba/%m.log
> realm = THEDOMAIN.EXAMPLE.COM
> security = ADS
> username map = /etc/samba/user.map
> winbind use default domain = Yes
> workgroup = THEDOMAIN
> idmap config thedomain: range = 10000-999999
> idmap config thedomain: backend = rid
> idmap config * : range = 3000-7999
> idmap config * : backend = tdb
> map acl inherit = Yes
> vfs objects = acl_xattr
> 
> 
> [Data]
> path = /var/mntsamba/samba/Data/
> read only = No
> 
> 
> The 'linux-box' that no longer mounts shares (I wasn't aware that
> mount.cifs uses the smb.conf so it is basicly default debian conf)
> root at pluto:~# testparm -s
> Registered MSG_REQ_POOL_USAGE
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Load smb config files from /etc/samba/smb.conf
> Loaded services file OK.
> Server role: ROLE_STANDALONE
> # Global parameters
> [global]
>         log file = /var/log/samba/log.%m
>         logging = file
>         map to guest = Bad User
>         max log size = 1000
>         obey pam restrictions = Yes
>         pam password change = Yes
>         panic action = /usr/share/samba/panic-action %d
>         passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>         passwd program = /usr/bin/passwd %u
>         server role = standalone server
>         unix password sync = Yes
>         usershare allow guests = Yes
>         workgroup = THEDOMAIN
>         idmap config * : backend = tdb
>         create mask = 0700
>         directory mask = 0700
>         valid users = %S
> 
> 
> 
> cheers
> Mark
> 

OK, the two machines running 4.14.6 use SMBv2 as a minimum, your
standalone server uses SMBv1 as a minimum, so you may have to add
'vers=2' to your mount command.

Your three machines are using the same workgroup name, but the
standalone server will have a different SID than the other two, can I
suggest you join the standalone server to the domain, it makes more
sense. I would only use a standalone server in a workgroup or ad-hoc
setup.

Rowland

More information about the samba mailing list