Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] After some time 4.3.9 Member Server in different Subnet than ADS controller loses trust
366 views
Skip to first unread message
Thomas Burger (tburger@eritron.de)
May 24, 2016, 3:50:03 AM5/24/16
to
Hello everybody,
I hope someone can help me with this or point me into the right
direction since I am not being able to solve it since weeks.
Since last year I was running Samba 4.1.6 on Ubuntu 14.04 LTS without
issues as a active directory domain controller as well as member
servers. Trouble started with the upgrade to Samba 4.3.8 (now 4.3.9).
The ADS controller and most member servers are sharing the same subnet. For
security reasons I pushed one of the member servers into a DMZ. I am
using Kerberos, Winbind and Samba to integrate to the ADS.
What has worked with 4.1.6 seems not to work anymore with 4.3.8 and
4.3.9. While all member servers on the same subnet work fine the machine
in the DMZ looses connection to the ADS after some time.
On the member server in the DMZ, from a shell I can successfully
- obtain Kerberos tickets
- join to the domain via (net ads join ...)
- After join do a testjoin
- obtain domain information
- get users via >wbinfo -u< and groups via >wbinfo -g<
- create a keytab file for kerberos ticket update
After some time (several hours, I found it hard to track) I experience
the following issues:
- net ads testjoin
> ads_connect: No logon servers
> Join to domain is not valid: No logon servers
- wbinfo -g and wbinfo -u
> provide no output anymore.
What I checked and did not change situation:
- name resolution (forward, backward, all ok to ADS controller as well
as domain name)
- disabled ALL firewall rules between the systems (ADS controller and
member server)
My kerberos configuration on the client looks like this:
[libdefaults]
default_realm = DOMAIN.DE
dns_lookup_realm = false # also tried this to set to true
dns_lookup_kdc = true
[realms]
DOMAIN.DE = {
kdc = dc.domain.de
admin_server = dc.domain.de
master_kdc = dc.domain.de
}
[domain_realm]
domain.de = DOMAIN.DE
This is the smb.conf:
######## GLOBAL
[global]
#### GLOBAL SETTINGS
netbios name = HOSTNAME
server string = HOSTNAME
workgroup = DOMAIN
realm = DOMAIN.DE
server role = MEMBER SERVER
name resolve order = hosts wins bcast
#### SECURITY SETTINGS
security = ads
allow trusted domains = Yes
map untrusted to domain = Yes
encrypt passwords = yes
client use spnego = yes
client ntlmv2 auth = yes
client ldap sasl wrapping = sign
restrict anonymous = 2
acl map full control = yes
#### SERVER SETTINGS
dns proxy = yes
domain master = no
local master = no
preferred master = no
os level = 0
follow symlinks = yes
veto files =
/.AppleDouble/.DS_Store/._.DS_Store/.fseventsd/.notfirsttime/.Spotlight-V100/.TemporaryItems/.Trash/.Trashes/Thumbs.db/thumbs.db/._*/~$*/System\
Volume\ Information/
delete veto files = yes
server min protocol = SMB2
server max protocol = SMB3
#### KERBEROS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
#### WINBIND CONFIGURATION
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = no
winbind reconnect delay = 30
winbind refresh tickets = yes
winbind nested groups = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config DOMAIN:backend = rid
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 20000-40000
idmap cache time = 604800
winbind separator = /
winbind use default domain = no
#### HOME DIRECTORIES
template shell = /bin/bash
template homedir = /home/%U
#### PRINTING
disable spoolss = yes
load printers = no
idmap_ldb:use rfc2307 = yes
#### LOGGING
log level = 2
username level = 3
log file = /var/log/samba/log.%m
max log size = 50
syslog only = no
syslog = 2
panic action = /usr/share/samba/panic-action %d
the resolv.conf:
nameserver 10.14.11.5 # This is the ADS Controller
nameserver 10.14.12.1 # This is an alternate nameserver
search domain.de
In /var/log/syslog I can see various messages that caught my attention
but neither of those helped me in my research. Don´t give to much about
date/time. I just copied them as I found them:
1. "Could not receive Trustdoms".
May 16 06:58:43 hostname winbindd[820]: [2016/05/16 06:58:43.776831, 1]
../source3/winbindd/winbindd_util.c:351(trustdom_list_done)
May 16 06:58:43 hostname winbindd[820]: Could not receive trustdoms
2. "Check connection to trusted domain"
May 22 06:10:23 hostname winbindd[840]: [2016/05/22 06:10:23.784860, 0]
../source3/winbindd/winbindd_group.c:45(fill_grent)
May 22 06:10:23 hostname winbindd[840]: Failed to find domain 'Unix
Group'. Check connection to trusted domains!
3. This is indicating a name resolution issue but I have checked that
already:
May 22 06:44:52 hostname winbindd[24623]: ads_find_dc: name resolution
for realm 'domain.de' (domain 'DOMAIN') failed: NT_STATUS_NO_LOGON_SERVERS
4. "failed to reconnect (No logon servers)"
May 22 21:09:51 hostname winbindd[971]: [2016/05/22 21:09:51.487192, 1]
../source3/libads/ldap_utils.c:107(ads_do_search_retry_internal)
May 22 21:09:51 hostname winbindd[971]: ads_search_retry: failed to
reconnect (No logon servers)
5. "ads_connect for domain DOMAIN failed: No logon servers"
May 22 21:10:07 hostname winbindd[971]: [2016/05/22 21:10:07.493461, 1]
../source3/winbindd/winbindd_ads.c:136(ads_cached_connection_connect)
May 22 21:10:07 hostname winbindd[971]: ads_connect for domain DOMAIN
failed: No logon servers
Any pointers are greatly appreciated.
Best regards
Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
I hope someone can help me with this or point me into the right
direction since I am not being able to solve it since weeks.
Since last year I was running Samba 4.1.6 on Ubuntu 14.04 LTS without
issues as a active directory domain controller as well as member
servers. Trouble started with the upgrade to Samba 4.3.8 (now 4.3.9).
The ADS controller and most member servers are sharing the same subnet. For
security reasons I pushed one of the member servers into a DMZ. I am
using Kerberos, Winbind and Samba to integrate to the ADS.
What has worked with 4.1.6 seems not to work anymore with 4.3.8 and
4.3.9. While all member servers on the same subnet work fine the machine
in the DMZ looses connection to the ADS after some time.
On the member server in the DMZ, from a shell I can successfully
- obtain Kerberos tickets
- join to the domain via (net ads join ...)
- After join do a testjoin
- obtain domain information
- get users via >wbinfo -u< and groups via >wbinfo -g<
- create a keytab file for kerberos ticket update
After some time (several hours, I found it hard to track) I experience
the following issues:
- net ads testjoin
> ads_connect: No logon servers
> Join to domain is not valid: No logon servers
- wbinfo -g and wbinfo -u
> provide no output anymore.
What I checked and did not change situation:
- name resolution (forward, backward, all ok to ADS controller as well
as domain name)
- disabled ALL firewall rules between the systems (ADS controller and
member server)
My kerberos configuration on the client looks like this:
[libdefaults]
default_realm = DOMAIN.DE
dns_lookup_realm = false # also tried this to set to true
dns_lookup_kdc = true
[realms]
DOMAIN.DE = {
kdc = dc.domain.de
admin_server = dc.domain.de
master_kdc = dc.domain.de
}
[domain_realm]
domain.de = DOMAIN.DE
This is the smb.conf:
######## GLOBAL
[global]
#### GLOBAL SETTINGS
netbios name = HOSTNAME
server string = HOSTNAME
workgroup = DOMAIN
realm = DOMAIN.DE
server role = MEMBER SERVER
name resolve order = hosts wins bcast
#### SECURITY SETTINGS
security = ads
allow trusted domains = Yes
map untrusted to domain = Yes
encrypt passwords = yes
client use spnego = yes
client ntlmv2 auth = yes
client ldap sasl wrapping = sign
restrict anonymous = 2
acl map full control = yes
#### SERVER SETTINGS
dns proxy = yes
domain master = no
local master = no
preferred master = no
os level = 0
follow symlinks = yes
veto files =
/.AppleDouble/.DS_Store/._.DS_Store/.fseventsd/.notfirsttime/.Spotlight-V100/.TemporaryItems/.Trash/.Trashes/Thumbs.db/thumbs.db/._*/~$*/System\
Volume\ Information/
delete veto files = yes
server min protocol = SMB2
server max protocol = SMB3
#### KERBEROS
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
#### WINBIND CONFIGURATION
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = no
winbind reconnect delay = 30
winbind refresh tickets = yes
winbind nested groups = yes
idmap config *:backend = tdb
idmap config *:range = 70001-80000
idmap config DOMAIN:backend = rid
idmap config DOMAIN:schema_mode = rfc2307
idmap config DOMAIN:range = 20000-40000
idmap cache time = 604800
winbind separator = /
winbind use default domain = no
#### HOME DIRECTORIES
template shell = /bin/bash
template homedir = /home/%U
#### PRINTING
disable spoolss = yes
load printers = no
idmap_ldb:use rfc2307 = yes
#### LOGGING
log level = 2
username level = 3
log file = /var/log/samba/log.%m
max log size = 50
syslog only = no
syslog = 2
panic action = /usr/share/samba/panic-action %d
the resolv.conf:
nameserver 10.14.11.5 # This is the ADS Controller
nameserver 10.14.12.1 # This is an alternate nameserver
search domain.de
In /var/log/syslog I can see various messages that caught my attention
but neither of those helped me in my research. Don´t give to much about
date/time. I just copied them as I found them:
1. "Could not receive Trustdoms".
May 16 06:58:43 hostname winbindd[820]: [2016/05/16 06:58:43.776831, 1]
../source3/winbindd/winbindd_util.c:351(trustdom_list_done)
May 16 06:58:43 hostname winbindd[820]: Could not receive trustdoms
2. "Check connection to trusted domain"
May 22 06:10:23 hostname winbindd[840]: [2016/05/22 06:10:23.784860, 0]
../source3/winbindd/winbindd_group.c:45(fill_grent)
May 22 06:10:23 hostname winbindd[840]: Failed to find domain 'Unix
Group'. Check connection to trusted domains!
3. This is indicating a name resolution issue but I have checked that
already:
May 22 06:44:52 hostname winbindd[24623]: ads_find_dc: name resolution
for realm 'domain.de' (domain 'DOMAIN') failed: NT_STATUS_NO_LOGON_SERVERS
4. "failed to reconnect (No logon servers)"
May 22 21:09:51 hostname winbindd[971]: [2016/05/22 21:09:51.487192, 1]
../source3/libads/ldap_utils.c:107(ads_do_search_retry_internal)
May 22 21:09:51 hostname winbindd[971]: ads_search_retry: failed to
reconnect (No logon servers)
5. "ads_connect for domain DOMAIN failed: No logon servers"
May 22 21:10:07 hostname winbindd[971]: [2016/05/22 21:10:07.493461, 1]
../source3/winbindd/winbindd_ads.c:136(ads_cached_connection_connect)
May 22 21:10:07 hostname winbindd[971]: ads_connect for domain DOMAIN
failed: No logon servers
Any pointers are greatly appreciated.
Best regards
Thomas
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
May 24, 2016, 4:00:04 AM5/24/16
to
Upgrade to 4.4.3 that fixes a lot, like.
> - net ads testjoin
> > ads_connect: No logon servers
> > Join to domain is not valid: No logon servers
>
> - wbinfo -g and wbinfo -u
> > provide no output anymore.
And dont forget to setup the ldap certificate part as described in the change log of 4.4.2.
Anyone should avoid the version 4.2.9-4.2.11 4.3.7-4.3.9 4.4.2 and lower.
That helps, after the big upgrade, some new bug entered.
Most of them are fixed in the latest version 4.4.3.
I cant tell about the 4.2/4.3 versions.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Thomas Burger
> (tbu...@eritron.de)
> Verzonden: dinsdag 24 mei 2016 9:26
> Aan: sa...@lists.samba.org
> Onderwerp: [Samba] After some time 4.3.9 Member Server in different Subnet
> than ADS controller loses trust
> - net ads testjoin
> > ads_connect: No logon servers
> > Join to domain is not valid: No logon servers
>
> - wbinfo -g and wbinfo -u
> > provide no output anymore.
Anyone should avoid the version 4.2.9-4.2.11 4.3.7-4.3.9 4.4.2 and lower.
That helps, after the big upgrade, some new bug entered.
Most of them are fixed in the latest version 4.4.3.
I cant tell about the 4.2/4.3 versions.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-...@lists.samba.org] Namens Thomas Burger
> (tbu...@eritron.de)
> Verzonden: dinsdag 24 mei 2016 9:26
> Aan: sa...@lists.samba.org
> Onderwerp: [Samba] After some time 4.3.9 Member Server in different Subnet
> than ADS controller loses trust
Thomas Burger (tburger@eritron.de)
May 26, 2016, 2:00:03 AM5/26/16
to
Hello Louis,
thanks for your answer. I was afraid of an answer like this though. I
hoped to stay with the distribution packages so a maintenance is more
comfortable and easier.
At least a manual installation of 4.4.3 looks quite complicated to me. I
am not unexperienced in terms of Linux but have not risked it yet to
compile software.
What I have found is this guide:
http://www.linuxfromscratch.org/blfs/view/cvs/basicnet/samba.html
Is this the approach you would take as well? Are there any packages
maintained I can use "right away" for the underlying Ubuntu 14.04 LTS I
am using? My research was not successful and it seems from the Ubuntu
side none are provided newer than 4.3.9. Even on the 16.04 LTS branch.
Thanks for your help
thanks for your answer. I was afraid of an answer like this though. I
hoped to stay with the distribution packages so a maintenance is more
comfortable and easier.
At least a manual installation of 4.4.3 looks quite complicated to me. I
am not unexperienced in terms of Linux but have not risked it yet to
compile software.
What I have found is this guide:
http://www.linuxfromscratch.org/blfs/view/cvs/basicnet/samba.html
Is this the approach you would take as well? Are there any packages
maintained I can use "right away" for the underlying Ubuntu 14.04 LTS I
am using? My research was not successful and it seems from the Ubuntu
side none are provided newer than 4.3.9. Even on the 16.04 LTS branch.
Thanks for your help
L.P.H. van Belle
May 26, 2016, 3:30:03 AM5/26/16
to
Hai Thomas.
Its not that hard to get a good 4.4.3. here is how to do this.
And is really easy, as long you dont run into compile problems.
I’ve tested below in debian jessie, and should work on ubuntu also.
The short/simple rebuild a samba version from debian jessie to ubuntu.
## 1
## Get the packages needed for a rebuild.
sudo apt-get install -y --no-install-recommends devscripts dpkg-dev build-essential fakeroot debhelper dh-systemd
## !! KEEP NOTICE OF THE ORDER HERE, ITS VERY IMPORTANT !!
## Get the source packages needed for a samba rebuild.
PACKAGES="libtalloc-dev libtevent-dev libtdb-dev libldb-dev libcmocka-dev libnss-wrapper libresolv-wrapper libuid-wrapper socket-wrapper samba"
## 2
# add the jessie sources
echo "deb-src http://ftp.nl.debian.org/debian/ stretch main non-free contrib" | sudo tee -a /etc/apt/sources.list.d/debian-stretch.list
## 3
# update and install needed build software.
sudo apt-get update
sudo apt-get install -y --no-install-recommends devscripts dpkg-dev build-essential fakeroot debhelper dh-systemd
## 4
# Get the sources to rebuild (a one liner)
apt-get source $PACKAGES
## 5
# now per package and keep the order of the PACKAGES line.
# get the build dependecies.
sudo apt-get build-dep libtalloc-dev
## 6
# cd the extracted folder.
cd talloc-...
## 7
# change the change log.
dch –n “No changes.”
## 8
# rebuild the package.
cd ..
apt-get source –b libtalloc-dev
# Result, debs in this folder.
# next package, as of here repeat step 5-6-7-8 for every packages.
# One thing.. nss-wrapper when your there to compile that one, then run :
sed -i 's/libcmocka-dev/libcmocka-dev (>= 1.0.1~)/g' debian/control
dch -n "Changed debian/control depends on cmocka 1.0.1~."
# Now one example. Repait step 5 for libtevent-dev.
libtevent-dev wil complaint about missing dependecies.
( you just compiled them ( the libtalloc-dev ..)
So look at whats missing and install manualy with dpkg –i XXX.deb or setup a local file apt.
# a simple local file apt.
# apt-get install apache2
# a very simple local file repo.
mkdir -p /var/www/html/ubuntu/local
echo “deb [trusted=yes] http://localhost/ubuntu/ local/” | tee –a /etc/apt/sources.list.d/localrepo.list
# OPTIONAL step 9 for every rebuilded package.
HERE=`pwd`
cp *.deb /var/www/html/ubuntu/local
cd /var/www/html/ubuntu
dpkg-scanpackages local /dev/null | gzip -9c > local/Packages.gz
apt-get update
cd $HERE
I suggest start here and wait untill a 4.4.x version enters ubuntu.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Thomas Burger (tbu...@eritron.de) [mailto:tbu...@eritron.de]
> Verzonden: donderdag 26 mei 2016 7:36
> Aan: L.P.H. van Belle; sa...@lists.samba.org
> Onderwerp: Re: [Samba] After some time 4.3.9 Member Server in different
> Subnet than ADS controller loses trust
>
Its not that hard to get a good 4.4.3. here is how to do this.
And is really easy, as long you dont run into compile problems.
I’ve tested below in debian jessie, and should work on ubuntu also.
The short/simple rebuild a samba version from debian jessie to ubuntu.
## 1
## Get the packages needed for a rebuild.
sudo apt-get install -y --no-install-recommends devscripts dpkg-dev build-essential fakeroot debhelper dh-systemd
## !! KEEP NOTICE OF THE ORDER HERE, ITS VERY IMPORTANT !!
## Get the source packages needed for a samba rebuild.
PACKAGES="libtalloc-dev libtevent-dev libtdb-dev libldb-dev libcmocka-dev libnss-wrapper libresolv-wrapper libuid-wrapper socket-wrapper samba"
## 2
# add the jessie sources
echo "deb-src http://ftp.nl.debian.org/debian/ stretch main non-free contrib" | sudo tee -a /etc/apt/sources.list.d/debian-stretch.list
## 3
# update and install needed build software.
sudo apt-get update
sudo apt-get install -y --no-install-recommends devscripts dpkg-dev build-essential fakeroot debhelper dh-systemd
## 4
# Get the sources to rebuild (a one liner)
apt-get source $PACKAGES
## 5
# now per package and keep the order of the PACKAGES line.
# get the build dependecies.
sudo apt-get build-dep libtalloc-dev
## 6
# cd the extracted folder.
cd talloc-...
## 7
# change the change log.
dch –n “No changes.”
## 8
# rebuild the package.
cd ..
apt-get source –b libtalloc-dev
# Result, debs in this folder.
# next package, as of here repeat step 5-6-7-8 for every packages.
# One thing.. nss-wrapper when your there to compile that one, then run :
sed -i 's/libcmocka-dev/libcmocka-dev (>= 1.0.1~)/g' debian/control
dch -n "Changed debian/control depends on cmocka 1.0.1~."
# Now one example. Repait step 5 for libtevent-dev.
libtevent-dev wil complaint about missing dependecies.
( you just compiled them ( the libtalloc-dev ..)
So look at whats missing and install manualy with dpkg –i XXX.deb or setup a local file apt.
# a simple local file apt.
# apt-get install apache2
# a very simple local file repo.
mkdir -p /var/www/html/ubuntu/local
echo “deb [trusted=yes] http://localhost/ubuntu/ local/” | tee –a /etc/apt/sources.list.d/localrepo.list
# OPTIONAL step 9 for every rebuilded package.
HERE=`pwd`
cp *.deb /var/www/html/ubuntu/local
cd /var/www/html/ubuntu
dpkg-scanpackages local /dev/null | gzip -9c > local/Packages.gz
apt-get update
cd $HERE
I suggest start here and wait untill a 4.4.x version enters ubuntu.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Thomas Burger (tbu...@eritron.de) [mailto:tbu...@eritron.de]
> Verzonden: donderdag 26 mei 2016 7:36
> Aan: L.P.H. van Belle; sa...@lists.samba.org
> Onderwerp: Re: [Samba] After some time 4.3.9 Member Server in different
> Subnet than ADS controller loses trust
>
Rowland penny
May 26, 2016, 3:50:03 AM5/26/16
to
On 26/05/16 06:36, Thomas Burger (tbu...@eritron.de) wrote:
> Hello Louis,
>
> thanks for your answer. I was afraid of an answer like this though. I
> hoped to stay with the distribution packages so a maintenance is more
> comfortable and easier.
>
> At least a manual installation of 4.4.3 looks quite complicated to me.
> I am not unexperienced in terms of Linux but have not risked it yet to
> compile software.
No, it is very easy, it just takes up some of your time :-)
> Hello Louis,
>
> thanks for your answer. I was afraid of an answer like this though. I
> hoped to stay with the distribution packages so a maintenance is more
> comfortable and easier.
>
> At least a manual installation of 4.4.3 looks quite complicated to me.
> I am not unexperienced in terms of Linux but have not risked it yet to
> compile software.
>
> What I have found is this guide:
> http://www.linuxfromscratch.org/blfs/view/cvs/basicnet/samba.html
>
> Is this the approach you would take as well?
and an update to these could again replace your samba files.
> Are there any packages maintained I can use "right away" for the
> underlying Ubuntu 14.04 LTS I am using? My research was not successful
> and it seems from the Ubuntu side none are provided newer than 4.3.9.
> Even on the 16.04 LTS branch.
is in debian sid and I thought Ubuntu was based on sid.
Your best plan would be to just:
sudo apt-get install acl attr autoconf bison build-essential \
debhelper dnsutils docbook-xml docbook-xsl flex gdb krb5-user \
libacl1-dev libaio-dev libattr1-dev libblkid-dev libbsd-dev \
libcap-dev libcups2-dev libgnutls28-dev libjson-perl \
libldap2-dev libncurses5-dev libpam0g-dev libparse-yapp-perl \
libpopt-dev libreadline-dev perl perl-modules pkg-config \
python-all-dev python-dev python-dnspython python-crypto \
xsltproc zlib1g-dev
As a normal user:
cd /usr/src
wget https://download.samba.org/pub/samba/stable/samba-4.4.3.tar.gz
tar zxf samba-4.4.3.tar.gz
./configure
make
sudo make install
This will install Samba into /usr/local/samba and you will now need to
alter $Path so that /usr/local/samba gets searched first:
echo "PATH=/usr/local/samba/bin:/usr/local/samba/sbin:\$PATH" >
/etc/profile.d/samba4.sh
export PATH=/usr/local/samba/bin:/usr/local/samba/sbin:$PATH
Now create a domain member smb.conf in /usr/local/samba/etc
Alter the paths in the Samba init files to start the smbd, nmbd and
winbindd binaries in /usr/local/samba/sbin instead of the ones in /usr/sbin
Start Samba
Rowland
Thomas Burger (tburger@eritron.de)
May 26, 2016, 12:40:03 PM5/26/16
to
Thanks so much for the detailed description Louis.
From the current point of view this seems a reasonable way to go
because I don´t only have 2 servers to provide an updated Samba (if I
start with one or two, I´ll bring all up to date). An Apache web service
for hosting a local Ubuntu repository is already there.
Hope I can find some time this weekend to try it out.
Best regards and many thanks again for your help
From the current point of view this seems a reasonable way to go
because I don´t only have 2 servers to provide an updated Samba (if I
start with one or two, I´ll bring all up to date). An Apache web service
for hosting a local Ubuntu repository is already there.
Hope I can find some time this weekend to try it out.
Best regards and many thanks again for your help
Thomas Burger (tburger@eritron.de)
May 26, 2016, 12:40:03 PM5/26/16
to
Thanks Rowland!
Would the same approach also work for my ADS controller (I assume yes,
but better safe than sorry)?
Would the same approach also work for my ADS controller (I assume yes,
but better safe than sorry)?
Rowland penny
May 26, 2016, 1:30:03 PM5/26/16
to
On 26/05/16 17:38, Thomas Burger (tbu...@eritron.de) wrote:
> Thanks Rowland!
>
> Would the same approach also work for my ADS controller (I assume yes,
> but better safe than sorry)?
>
> Best regards
> Thomas
>
Yes, if you compile Samba as I suggest, you can then use the resulting
> Thanks Rowland!
>
> Would the same approach also work for my ADS controller (I assume yes,
> but better safe than sorry)?
>
> Best regards
> Thomas
>
code in /usr/local/samba to provision a DC, join a secondary DC or for a
domain member.
One thing I missed, You will also need to install the compilation tools etc.
Rowland
Thomas Burger (tburger@eritron.de)
May 28, 2016, 8:20:02 AM5/28/16
to
Hello Louis, hello Rowland,
I have worked on this topic the last days trying your suggestions, but
stumbled accidentially over two things.
1. on my DC in /etc/hosts the entry for the FQDN and shortname of the DC
referred to 127.0.0.1 (which is clearly not what should be there - I
guess this has forgotten during my reinstall of the ADS controller). I
changed this to reflect the real IP-Address as mentioned as well in
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto .
2. I could not get rid of the feeling that something is wrong with the
naming resolution and while digging a little deeper into other smb.conf
options I recognized a typo in my config:
"name resolve order = hosts wins bcast" must not have the "s" at the end
of the "host" so I changed it to "name resolve order = host wins bcast"
I can´t say 100% that these two changes solved my problems because
Ubuntu just released another 4.3.9 Version of their Samba package while
I was doing the change (and of course I tried installing it) but so far
it looks promising.
Again thanks for your help. Will keep it in mind if this turns out not
to be as hoped.
Best regards and have a great weekend
I have worked on this topic the last days trying your suggestions, but
stumbled accidentially over two things.
1. on my DC in /etc/hosts the entry for the FQDN and shortname of the DC
referred to 127.0.0.1 (which is clearly not what should be there - I
guess this has forgotten during my reinstall of the ADS controller). I
changed this to reflect the real IP-Address as mentioned as well in
https://help.ubuntu.com/community/ActiveDirectoryWinbindHowto .
2. I could not get rid of the feeling that something is wrong with the
naming resolution and while digging a little deeper into other smb.conf
options I recognized a typo in my config:
"name resolve order = hosts wins bcast" must not have the "s" at the end
of the "host" so I changed it to "name resolve order = host wins bcast"
I can´t say 100% that these two changes solved my problems because
Ubuntu just released another 4.3.9 Version of their Samba package while
I was doing the change (and of course I tried installing it) but so far
it looks promising.
Again thanks for your help. Will keep it in mind if this turns out not
to be as hoped.
Best regards and have a great weekend
0 new messages