Recent updates broke my domain memberships
Hello,
The recent samba updates may have broken my Samba domain.
I'm not using Winbind, Kerberos or Samba4 AD, just an OpenLDAP backend.
I have 4 servers: 2 with Debian Jessie (recently updated too) and 2 with Ubuntu (12.04 & 14.04).
The Samba PDC is one of the 2 Debian servers. Since the update though, both of these still work fine together and with the Windows clients.
However, the two Ubuntu servers are troublesome, although they share the same conf as the Debian domain client.
Trusty keeps giving me "NT_STATUS_
If I try "net use -d 10 testjoin", I get this:
Opening cache file at /var/cache/
Opening cache file at /var/run/
sitename_fetch: No stored sitename for MY.DOMAIN
dsgetdcname_
debug_dsdcinfo_
sitename_fetch: No stored sitename for MY.DOMAIN
dsgetdcname_
debug_dsdcinfo_
dsgetdcname_
dns_send_req: Failed to resolve _ldap._
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_
internal_
no entry for MY.DOMAIN#1C found.
discover_
dsgetdcname_
dns_send_req: Failed to resolve _ldap._
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_
internal_
no entry for MY.DOMAIN#1C found.
discover_
As for the Precise server, adding "server signing = auto" in the server conf solved an initial problem I had with domain membership.
However, users still can't log into this server. I keep getting:
domain_
What should I do? Roll back to the previous version?
For information:
PDC Samba version: 4.2.10
Debian client version: 4.2.10
Precise client version: 3.6.25-
Trusty client version: 4.3.8+dfsg-
PDC global conf:
[global]
workgroup = MY.DOMAIN
server string = My Server
map to guest = Bad User
passdb backend = ldapsam:
pam password change = Yes
obey pam restrictions = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *New*Password:* %n\n *Reenter*
unix password sync = No
log level = 0
load printers = no
printcap name = /dev/null
disable spoolss = yes
add user to group script = /usr/sbin/
delete user from group script = /usr/sbin/
set primary group script = /usr/sbin/
add machine script = /usr/sbin/
rename user script = /usr/sbin/
logon script = logon.bat
logon path =
logon drive = M:
domain logons = Yes
os level = 65
domain master = Yes
preferred master = Yes
wins support = Yes
ldap admin dn = cn=admin,
ldap group suffix = ou=groups
ldap user suffix = ou=people,ou=users
ldap machine suffix = ou=machines,
ldap passwd sync = yes
ldap suffix = dc=example,dc=net
ldap ssl = no
usershare allow guests = Yes
read only = No
create mask = 0775
directory mask = 0775
guest ok = Yes
bind interfaces only = True
interfaces = eth0 192.168.0.11 127.0.0.1
server signing = auto
Clients conf:
[global]
workgroup = MY.DOMAIN
server string = My client
netbios name = myclient
security = domain
map to guest = Bad User
load printers = no
passwd chat = *Enter\
unix password sync = yes
obey pam restrictions = yes
wins server = 192.168.0.11
encrypt passwords = true
show add printer wizard = no
winbind use default domain = Yes
passwd program = /usr/bin/passwd %u
unix extensions = no
dns proxy = no
os level = 20
printcap name = /dev/null
map untrusted to domain = Yes
syslog = 0
panic action = /usr/share/
disable spoolss = yes
pam password change = yes
domain logons = no
log level = 0
passdb backend = tdbsam
Question information
- Language:
- English Edit question
- Status:
- Expired
- For:
- Ubuntu samba Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply: