Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] Can't setup shares on domain member server samba4
1,100 views
Skip to first unread message
Telium Technical Support via samba
Jan 23, 2017, 3:10:03 PM1/23/17
to
I have a new CentOS 7 installation which I joined to my domain using 'realm
join mydomain.com'. That worked great. I can get a ticket with 'kinit
admini...@mydomain.com'.
But my samba shares don't work. In fact, when I browse (from windows 7
domain member) to the host (lserver), it just times out. Similarly, when I
try from another Linux server:
smbclient //lserver/test -U admini...@ocg.ca
Enter admini...@ocg.ca's password:
session setup failed: NT_STATUS_NO_LOGON_SERVERS
I've gone in circles adding nmb, windbind, changing smb.conf options, etc.
After 3 days I'm pulling my hair out. My exact same configuration works
fine on Centos 6. I've included some output from a samba log showing the
smbclient failure.
I would appreciate any help! Not sure where to go next. (domain name
disguised below FYI)
------------------smb log for attempts
above-----------------------------------
[2017/01/23 14:11:21.441423, 0, pid=19581, effective(0, 0), real(0, 0),
class=auth]
../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client
session to machine DC.MYDOMAIN.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2017/01/23 14:11:21.441541, 0, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_domain.c:184(domain_client_validate)
domain_client_validate: Domain password server not available.
[2017/01/23 14:11:21.441575, 5, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
check_ntlm_password: winbind authentication for user [administrator]
FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441588, 2, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [administrator] ->
[administrator] FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441598, 5, pid=19581, effective(0, 0), real(0, 0)]
../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
Checking NTLMSSP password for MYDOMAIN\administrator failed:
NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441614, 5, pid=19581, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
../auth/ntlmssp/ntlmssp_server.c:737: Checking NTLMSSP password for
MYDOMAIN\administrator failed: NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441626, 2, pid=19581, effective(0, 0), real(0, 0)]
../auth/gensec/spnego.c:719(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS
------------------------------smb.conf--------------------------------------
---
[global]
password server = 172.31.254.31
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind offline logon = true
workgroup = MYDOMAIN
realm = mydomain.com
hosts allow = 127. 172.31.
server string = Linux Server
log file = /var/log/samba/%m.log
max log size = 50
log level = 10
unix extensions = no
wide links = yes
load printers = No
cups options = raw
printcap name = /dev/null
encrypt passwords = yes
passdb backend = tdbsam
guest ok = yes
guest account = nobody
wins support = yes
wins server = 172.31.243.31
kerberos method = secrets and keytab
[test]
comment = Root of filesystem
path = /test
valid users = @"domain
admins"@mydomain.com,"myuser"@mydomain.com,root
-------------------------------krb5.conf-----------------------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.COM
ticket_lifetime = 24h
forwardable = yes
[realms]
MYDOMAIN.COM = {
kdc = dc.MYDOMAIN.COM
master_kdc = dc.MYDOMAIN.COM
admin_server = dc.MYDOMAIN.COM
default_domain = MYDOMAIN.COM
}
[domain_realm]
.MYDOMAIN.COM = MYDOMAIN.COM
MYDOMAIN.COM = MYDOMAIN.COM
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
join mydomain.com'. That worked great. I can get a ticket with 'kinit
admini...@mydomain.com'.
But my samba shares don't work. In fact, when I browse (from windows 7
domain member) to the host (lserver), it just times out. Similarly, when I
try from another Linux server:
smbclient //lserver/test -U admini...@ocg.ca
Enter admini...@ocg.ca's password:
session setup failed: NT_STATUS_NO_LOGON_SERVERS
I've gone in circles adding nmb, windbind, changing smb.conf options, etc.
After 3 days I'm pulling my hair out. My exact same configuration works
fine on Centos 6. I've included some output from a samba log showing the
smbclient failure.
I would appreciate any help! Not sure where to go next. (domain name
disguised below FYI)
------------------smb log for attempts
above-----------------------------------
[2017/01/23 14:11:21.441423, 0, pid=19581, effective(0, 0), real(0, 0),
class=auth]
../source3/auth/auth_domain.c:121(connect_to_domain_password_server)
connect_to_domain_password_server: unable to open the domain client
session to machine DC.MYDOMAIN.COM. Error was : NT_STATUS_ACCESS_DENIED.
[2017/01/23 14:11:21.441541, 0, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth_domain.c:184(domain_client_validate)
domain_client_validate: Domain password server not available.
[2017/01/23 14:11:21.441575, 5, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:252(auth_check_ntlm_password)
check_ntlm_password: winbind authentication for user [administrator]
FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441588, 2, pid=19581, effective(0, 0), real(0, 0),
class=auth] ../source3/auth/auth.c:315(auth_check_ntlm_password)
check_ntlm_password: Authentication for user [administrator] ->
[administrator] FAILED with error NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441598, 5, pid=19581, effective(0, 0), real(0, 0)]
../source3/auth/auth_ntlmssp.c:188(auth3_check_password)
Checking NTLMSSP password for MYDOMAIN\administrator failed:
NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441614, 5, pid=19581, effective(0, 0), real(0, 0)]
../auth/ntlmssp/ntlmssp_server.c:737(ntlmssp_server_check_password)
../auth/ntlmssp/ntlmssp_server.c:737: Checking NTLMSSP password for
MYDOMAIN\administrator failed: NT_STATUS_NO_LOGON_SERVERS
[2017/01/23 14:11:21.441626, 2, pid=19581, effective(0, 0), real(0, 0)]
../auth/gensec/spnego.c:719(gensec_spnego_server_negTokenTarg)
SPNEGO login failed: NT_STATUS_NO_LOGON_SERVERS
------------------------------smb.conf--------------------------------------
---
[global]
password server = 172.31.254.31
security = ads
idmap uid = 16777216-33554431
idmap gid = 16777216-33554431
winbind offline logon = true
workgroup = MYDOMAIN
realm = mydomain.com
hosts allow = 127. 172.31.
server string = Linux Server
log file = /var/log/samba/%m.log
max log size = 50
log level = 10
unix extensions = no
wide links = yes
load printers = No
cups options = raw
printcap name = /dev/null
encrypt passwords = yes
passdb backend = tdbsam
guest ok = yes
guest account = nobody
wins support = yes
wins server = 172.31.243.31
kerberos method = secrets and keytab
[test]
comment = Root of filesystem
path = /test
valid users = @"domain
admins"@mydomain.com,"myuser"@mydomain.com,root
-------------------------------krb5.conf-----------------------------
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYDOMAIN.COM
ticket_lifetime = 24h
forwardable = yes
[realms]
MYDOMAIN.COM = {
kdc = dc.MYDOMAIN.COM
master_kdc = dc.MYDOMAIN.COM
admin_server = dc.MYDOMAIN.COM
default_domain = MYDOMAIN.COM
}
[domain_realm]
.MYDOMAIN.COM = MYDOMAIN.COM
MYDOMAIN.COM = MYDOMAIN.COM
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny via samba
Jan 23, 2017, 3:30:03 PM1/23/17
to
On Mon, 23 Jan 2017 14:16:35 -0500
Telium Technical Support via samba <sa...@lists.samba.org> wrote:
> I have a new CentOS 7 installation which I joined to my domain using
> 'realm join mydomain.com'. That worked great. I can get a ticket
> with 'kinit admini...@mydomain.com'.
Is sssd running ?
Telium Technical Support via samba <sa...@lists.samba.org> wrote:
> I have a new CentOS 7 installation which I joined to my domain using
> 'realm join mydomain.com'. That worked great. I can get a ticket
> with 'kinit admini...@mydomain.com'.
>
> But my samba shares don't work. In fact, when I browse (from windows
> 7 domain member) to the host (lserver), it just times out.
> Similarly, when I try from another Linux server:
>
> smbclient //lserver/test -U admini...@ocg.ca
> Enter admini...@ocg.ca's password:
> session setup failed: NT_STATUS_NO_LOGON_SERVERS
>
> I've gone in circles adding nmb, windbind, changing smb.conf options,
> etc. After 3 days I'm pulling my hair out. My exact same
> configuration works fine on Centos 6. I've included some output
> from a samba log showing the smbclient failure.
>
lines, see here:
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Rowland
Rowland Penny via samba
Jan 23, 2017, 5:40:03 PM1/23/17
to
On Mon, 23 Jan 2017 16:22:46 -0500
"Telium Technical Support" <sup...@telium.ca> wrote:
> And YES sssd service is running
>
Then that is your problem, you cannot setup authentication in smb.conf
for sssd, sssd has its own conf file and you need to set up
authentication there, see the sssd documentation for how to do this.
You will also need to remove winbind and any winbind authentication
lines in smb.conf. You cannot use sssd AND winbind on a Unix domain
member, sssd has its own winbind lib.
"Telium Technical Support" <sup...@telium.ca> wrote:
> And YES sssd service is running
>
Then that is your problem, you cannot setup authentication in smb.conf
for sssd, sssd has its own conf file and you need to set up
authentication there, see the sssd documentation for how to do this.
You will also need to remove winbind and any winbind authentication
lines in smb.conf. You cannot use sssd AND winbind on a Unix domain
member, sssd has its own winbind lib.
0 new messages