[Samba] Windows 10 cannot connect without SMB1
K. R. Foley
kr at cybsft.com
Sun Feb 28 19:17:02 UTC 2021
On 2/28/21 12:31 PM, K. R. Foley via samba wrote:
>
> On 2/28/21 11:12 AM, Rowland penny via samba wrote:
>> On 28/02/2021 17:01, K. R. Foley wrote
>>> One other thing that might be worth mentioning, I am not sure. I
>>> migrated an NT4 domain using the classicupgrade. This was a new
>>> server that I copied the data to from an existing server and then
>>> ran the classic upgrade.
>>
>>
>> I wonder if everything else is set up correctly, Bind9 for instance.
>> Can you download this script:
>>
>> https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh
>>
>> Run it on the DC and then post the output in a reply to this,
>> sanitise it if you want, but do not attach it, this list strips
>> attachments.
>>
>> Rowland
>>
> As soon as it tried to test the _kerberos._tcp records it blew apart.
> I have run the configuration / migration multiple times playing around
> with different domains. Maybe I screwed something up or missed a step
> along the way. I am going to start from scratch again and I will
> report back after I am done. Thanks.
>
Okay. Turns out the problem with the script was that the
/etc/resolv.conf had been overwritten. After I resolved that, I was able
to run the script and capture the output below:
Collected config --- 2021-02-28-12:54 -----------
Hostname: ss-prod
DNS Domain: local.richardshapiro.com
FQDN: ss-prod.local.richardshapiro.com
ipaddress: 10.50.20.87
-----------
Kerberos SRV _kerberos._tcp.local.richardshapiro.com record verified ok,
sample output:
Server: 10.50.20.87
Address: 10.50.20.87#53
_kerberos._tcp.local.richardshapiro.com service = 0 100 88
ss-prod.local.richardshapiro.com.
Samba is running as an AD DC
-----------
Checking file: /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
-----------
This computer is running an unknown distribution x86_64
-----------
running command : ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: ens5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9001 qdisc mq state UP
group default qlen 1000
link/ether 12:ef:f5:d8:2b:d5 brd ff:ff:ff:ff:ff:ff
inet 10.50.20.87/24 brd 10.50.20.255 scope global dynamic ens5
valid_lft 2623sec preferred_lft 2623sec
inet6 fe80::10ef:f5ff:fed8:2bd5/64 scope link
-----------
Checking file: /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4
localhost4.localdomain4
::1 localhost localhost.localdomain localhost6
localhost6.localdomain6
10.50.20.87 ss-prod.local.richardshapiro.com ss-prod
-----------
Checking file: /etc/resolv.conf
; generated by /usr/sbin/dhclient-script
search local.richardshapiro.com
nameserver 10.50.20.87
-----------
Checking file: /etc/krb5.conf
[libdefaults]
default_realm = LOCAL.RICHARDSHAPIRO.COM
dns_lookup_realm = false
dns_lookup_kdc = true
-----------
Checking file: /etc/nsswitch.conf
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Valid entries include:
#
# nisplus Use NIS+ (NIS version 3)
# nis Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files sss
shadow: files sss
group: files sss
#initgroups: files sss
#hosts: db files nisplus nis dns
hosts: files dns myhostname
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files sss
netgroup: nisplus sss
publickey: nisplus
automount: files nisplus sss
aliases: files nisplus
-----------
Checking file: /usr/local/samba/etc/smb.conf
# Global parameters
[global]
netbios name = SS-PROD
realm = LOCAL.RICHARDSHAPIRO.COM
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbindd, ntp_signd, kcc, dnsupdate
workgroup = LOCAL
idmap_ldb:use rfc2307 = yes
#log level = 10
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
[netlogon]
path =
/usr/local/samba/var/locks/sysvol/local.richardshapiro.com/scripts
read only = No
-----------
Detected bind DLZ enabled..
Warning, detected bind is enabled in smb.conf, but no /etc/bind
directory found
-----------
Installed packages:
-----------
More information about the samba
mailing list