Discussion:
[Samba] samba4 ADS no logon servers
Lars Hanke
2014-02-26 08:16:20 UTC
Permalink
I set up a samba4 test server on Debian Wheezy using the packages from
sernet. Basically it seems working. I tried the tests from the HowTo in
the samba wiki and could not find anything wrong. It seems to resolve
all DNS names, I can kinit Administrator, getent passwd has the samba
specific stuff, ... But as soon as I want to work with the ADS,
apparently nothing works at all.

root at nfs4:~# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
root at nfs4:~# host -t SRV _ldap._tcp.mgr
_ldap._tcp.mgr has SRV record 0 100 389 nfs4.mgr.
root at nfs4:~# smbclient //nfs4/netlogon -UAdministrator -c 'ls'
Enter Administrator password:
Domain=[AD] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
. D O Thu Feb 20 15:13:27 2014
.. D O Thu Feb 20 15:13:41 2014
root at nfs4:~#

Any idea what is wrong? Is there any systematic approach to troubleshoot
such an installation?

Thanks for your help,
- lars.
Marc Muehlfeld
2014-02-26 19:27:50 UTC
Permalink
Hello Lars,
Post by Lars Hanke
root at nfs4:~# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
root at nfs4:~# host -t SRV _ldap._tcp.mgr
_ldap._tcp.mgr has SRV record 0 100 389 nfs4.mgr.
root at nfs4:~# smbclient //nfs4/netlogon -UAdministrator -c 'ls'
Domain=[AD] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
. D O Thu Feb 20 15:13:27 2014
.. D O Thu Feb 20 15:13:41 2014
root at nfs4:~#
Are all ports opened, that should be for a DC?
https://wiki.samba.org/index.php/Samba_port_usage#Port_usage_when_Samba_runs_as_DC

Make sure, that no firewall, SElinux, etc. prevents accessing.
Post by Lars Hanke
Is there any systematic approach to troubleshoot
such an installation?
Increase the log level in smb.conf or add "-d" to your command. This is
the output on my test environment on debug level 3:

# net ads info -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba//smb.conf"
Processing section "[global]"
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.99.0.1 bcast=10.99.0.255 netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
Connected to LDAP server dc1.samdom.example.com
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
Connected to LDAP server dc1.samdom.example.com
LDAP server: 10.99.0.1
LDAP server name: dc1.samdom.example.com
Realm: SAMDOM.EXAMPLE.COM
Bind Path: dc=SAMDOM,dc=EXAMPLE,dc=COM
LDAP port: 389
Server time: Mi, 26 Feb 2014 20:26:49 CET
KDC server: 10.99.0.1
Server time offset: 0
return code = 0




Regards,
Marc
Lars Hanke
2014-02-26 23:12:50 UTC
Permalink
Thanks Marc,

I checked the open ports with nmap and all ports listed in the wiki seem
to be accessible.

However, I see something, which is different to your debug output:

AD\Administrator at nfs4:~# net ads info -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
added interface eth0 ip=172.16.8.4 bcast=172.16.8.255 netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
get_dc_list: preferred server list: ", *"
ads_cldap_netlogon: did not get a reply
ads_try_connect: CLDAP request 127.0.1.1 failed.
ads_connect: No logon servers
get_dc_list: preferred server list: ", *"
get_dc_list: preferred server list: ", *"
ads_connect: No logon servers
Didn't find the ldap server!
return code = -1

So it seems samba doesn't bind to lo and therefore is not avaialable on
127.0.0.0/8, also the FQDN does not show up on the DC list.

I tried to add "interfaces = lo eth0" to the config, which shows me that
the lo is added (both as IPv4 and IPv6) inthe debugging log, but no
further change.

Another strange thing, which might be related: "host upstream.domain"
resolves the machine nicely, but "host upstream.domain 127.0.0.1" does
not. I use "dns forwarder = 172.16.6.11" in smb.conf. "host
upstream.domain 172.16.6.11" works nicely.

Still quite confused,
- lars.
Post by Marc Muehlfeld
Hello Lars,
Post by Lars Hanke
root at nfs4:~# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
root at nfs4:~# host -t SRV _ldap._tcp.mgr
_ldap._tcp.mgr has SRV record 0 100 389 nfs4.mgr.
root at nfs4:~# smbclient //nfs4/netlogon -UAdministrator -c 'ls'
Domain=[AD] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
. D O Thu Feb 20 15:13:27 2014
.. D O Thu Feb 20 15:13:41 2014
root at nfs4:~#
Are all ports opened, that should be for a DC?
https://wiki.samba.org/index.php/Samba_port_usage#Port_usage_when_Samba_runs_as_DC
Make sure, that no firewall, SElinux, etc. prevents accessing.
Post by Lars Hanke
Is there any systematic approach to troubleshoot
such an installation?
Increase the log level in smb.conf or add "-d" to your command. This is
# net ads info -d 3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
params.c:pm_process() - Processing configuration file
"/etc/samba//smb.conf"
Processing section "[global]"
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth0 ip=10.99.0.1 bcast=10.99.0.255 netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
Connected to LDAP server dc1.samdom.example.com
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
get_dc_list: preferred server list: "dc1.samdom.example.com, *"
Successfully contacted LDAP server 10.99.0.1
Connected to LDAP server dc1.samdom.example.com
LDAP server: 10.99.0.1
LDAP server name: dc1.samdom.example.com
Realm: SAMDOM.EXAMPLE.COM
Bind Path: dc=SAMDOM,dc=EXAMPLE,dc=COM
LDAP port: 389
Server time: Mi, 26 Feb 2014 20:26:49 CET
KDC server: 10.99.0.1
Server time offset: 0
return code = 0
Regards,
Marc
Denis Cardon
2014-02-27 18:43:01 UTC
Permalink
Hi Lars,
Post by Lars Hanke
I set up a samba4 test server on Debian Wheezy using the packages from
sernet. Basically it seems working. I tried the tests from the HowTo in
the samba wiki and could not find anything wrong. It seems to resolve
all DNS names, I can kinit Administrator, getent passwd has the samba
specific stuff, ... But as soon as I want to work with the ADS,
apparently nothing works at all.
root at nfs4:~# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
root at nfs4:~# host -t SRV _ldap._tcp.mgr
_ldap._tcp.mgr has SRV record 0 100 389 nfs4.mgr.
is this a typo or is "mgr" the real dns suffix? Single label DNS name
are really not recommanded. Could you please first try to reprovision
with a standard domain name with a .local, .loc or .lan at the end?

After that, check in your /etc/hosts that the machine name nfs4.mgr.loc
does not maps to 127.0.0.1, make it point to your eth0 address, with
FQDN name first and short name second.

Hope this helps,

Denis
Post by Lars Hanke
root at nfs4:~# smbclient //nfs4/netlogon -UAdministrator -c 'ls'
Domain=[AD] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
. D O Thu Feb 20 15:13:27 2014
.. D O Thu Feb 20 15:13:41 2014
root at nfs4:~#
Any idea what is wrong? Is there any systematic approach to troubleshoot
such an installation?
Thanks for your help,
- lars.
--
Denis Cardon
Tranquil IT Systems
Les Espaces Jules Verne, b?timent A
12 avenue Jules Verne
44230 Saint S?bastien sur Loire
tel : +33 (0) 2.40.97.57.55
http://www.tranquil-it-systems.fr
steve
2014-02-27 23:26:45 UTC
Permalink
Post by Lars Hanke
I set up a samba4 test server on Debian Wheezy using the packages from
sernet. Basically it seems working. I tried the tests from the HowTo in
the samba wiki and could not find anything wrong. It seems to resolve
all DNS names, I can kinit Administrator, getent passwd has the samba
specific stuff, ... But as soon as I want to work with the ADS,
apparently nothing works at all.
root at nfs4:~# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
Hi
What type of server is it? Is it a file server joined to the domain? Is
it a DC?
Can you post /etc/hosts?

Steve
Dr. Lars Hanke
2014-02-25 20:28:42 UTC
Permalink
I set up a samba4 test server on Debian Wheezy using the packages from
sernet. Basically it seems working. I tried the tests from the HowTo in
the samba wiki and could not find anything wrong. It seems to resolve
all DNS names, I can kinit Administrator, getent passwd has the samba
specific stuff, ... But as soon as I want to work with the ADS,
apparently nothing works at all.

root at nfs4:~# net ads info
ads_connect: No logon servers
ads_connect: No logon servers
Didn't find the ldap server!
root at nfs4:~# host -t SRV _ldap._tcp.mgr
_ldap._tcp.mgr has SRV record 0 100 389 nfs4.mgr.
root at nfs4:~# smbclient //nfs4/netlogon -UAdministrator -c 'ls'
Enter Administrator password:
Domain=[AD] OS=[Unix] Server=[Samba 4.1.4-SerNet-Debian-7.wheezy]
. D O Thu Feb 20 15:13:27 2014
.. D O Thu Feb 20 15:13:41 2014
root at nfs4:~#

Any idea what is wrong? Is there any systematic approach to troubleshoot such an installation?

Thanks for your help,
- lars.

Continue reading on narkive:
Loading...