Re: Samba Authentication problem -- one machine only!!!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tim Holmes wrote:

Hi Folks:

I am continuing to work on the samba problems.  This is a weird one!!!

I have 3 servers with samba running:

2 of them work perfectly and the third one refuses to authenticated

I am seeing a lot of the following error

 [2005/07/21 12:58:21, 0] lib/util_sock.c:get_peer_addr(1000)
  getpeername failed. Error was Transport endpoint is not connected


Googleing around has found that it seems to be related to DNS issues,
but that makes no sense, since the two other servers running identical
[global] sections (only differences are machine names etc) and krb5
configurations are working fine

The web server works cool
The testbed server works kool

When I try to access the file server, it asks for authentication

Kinit shows no errors, so I assume that's working right


This problem typically has to do with either reverse DNS not working
properly OR winbind isn't happy.  Verify that both forward and reverse
DNS lookups work properly from all machines when referencing the file
server.

If that doesn't fix it, try this on the file server:

	1. Stop winbind
	2. Delete the /etc/samba/secrets.tdb file
	3. Join the file server machine to the domain again
	4. Restart winbind.

See if that has any affect.




Here is the smb.conf
[global]
        log file = /var/log/samba/%m.log
        idmap gid = 10000-40000
        socket options = SO_RCVBUF=8192
        wins server = 192.168.0.2
        domain master = No
        realm = MCASCHOOL.NET
        netbios name = srvfs-01
        server string = MCA File Server (test conf)
        password server = srvdc01.mcaschool.net
        idmap uid = 10000-40000
        winbind enum users = yes
        winbind nested groups = Yes
        local master = No
        workgroup = MCASCHOOL
        os level = 20
        winbind enum groups = yes
        security = ads
        preferred master = no

[users]
        path = /home
        read only = No


here is the nsswitch.conf

#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
#       nisplus or nis+         Use NIS+ (NIS version 3)
#       nis or yp               Use NIS (NIS version 2), also called YP
#       dns                     Use DNS (Domain Name Service)
#       files                   Use the local files
#       db                      Use the local database (.db) files
#       compat                  Use NIS on compat mode
#       hesiod                  Use Hesiod for user lookups
#       [NOTFOUND=return]       Stop searching if not found so far
#

# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd:    db files nisplus nis
#shadow:    db files nisplus nis
#group:     db files nisplus nis

passwd:     files compat winbind
shadow:           compat
group:      files compat winbind

#hosts:     db files nisplus nis dns
hosts:      files dns winbind

# Example - obey only what nisplus tells us...
#services:   nisplus [NOTFOUND=return] files
#networks:   nisplus [NOTFOUND=return] files
#protocols:  nisplus [NOTFOUND=return] files
#rpc:        nisplus [NOTFOUND=return] files
#ethers:     nisplus [NOTFOUND=return] files
#netmasks:   nisplus [NOTFOUND=return] files

bootparams: nisplus [NOTFOUND=return] files

ethers:     files
netmasks:   files
networks:   files
protocols:  files winbind
rpc:        files
services:   files winbind

netgroup:   files winbind

publickey:  nisplus

automount:  files winbind
aliases:    files nisplus





And the  /etc/krb5.conf


[libdefaults]
         default_realm = MCASCHOOL.NET

[realms]
         MCASCHOOL.NET = {
         kdc = srvdc01.mcaschool.net
         }

[domain_realm]
         .mcaschool.net = MCASCHOOL.NET
         mcaschool.net = MCASCHOOL.NET



here is the /etc/hosts

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       srvfs-01        localhost.localdomain   localhost
192.168.0.5     srvfs-01        srvfs-01.mcaschool.net  srvfs-01



And last but not least the  /etc/resolv.conf

domain mcaschool.net
nameserver 192.168.0.2



This one has me totally stumped, because one of the servers that is
running is running an exactly identical hardware set

Any suggestions would be most helpful



Timothy A. Holmes
IT Manager / Webmaster / Science Teacher Medina Christian Academy 
A Higher Standard...
Jeremiah 33:3 
Jeremiah 29:11
Esther 4:14






--
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-   The light at the end of the tunnel is really an oncoming train.  -
----------------------------------------------------------------------
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux