Samba Authentication problem -- one machine only!!!

Rick Stevens rstevens at vitalstream.com
Thu Jul 21 18:05:34 UTC 2005 

Tim Holmes wrote:
> Hi Folks:
> 
> I am continuing to work on the samba problems.  This is a weird one!!!
> 
> I have 3 servers with samba running:
> 
> 2 of them work perfectly and the third one refuses to authenticated
> 
> I am seeing a lot of the following error
> 
>  [2005/07/21 12:58:21, 0] lib/util_sock.c:get_peer_addr(1000)
>   getpeername failed. Error was Transport endpoint is not connected
> 
> 
> Googleing around has found that it seems to be related to DNS issues,
> but that makes no sense, since the two other servers running identical
> [global] sections (only differences are machine names etc) and krb5
> configurations are working fine
> 
> The web server works cool
> The testbed server works kool
> 
> When I try to access the file server, it asks for authentication
> 
> Kinit shows no errors, so I assume that's working right

This problem typically has to do with either reverse DNS not working
properly OR winbind isn't happy.  Verify that both forward and reverse
DNS lookups work properly from all machines when referencing the file
server.

If that doesn't fix it, try this on the file server:

	1. Stop winbind
	2. Delete the /etc/samba/secrets.tdb file
	3. Join the file server machine to the domain again
	4. Restart winbind.

See if that has any affect.

> 
> 
> Here is the smb.conf
> [global]
>         log file = /var/log/samba/%m.log
>         idmap gid = 10000-40000
>         socket options = SO_RCVBUF=8192
>         wins server = 192.168.0.2
>         domain master = No
>         realm = MCASCHOOL.NET
>         netbios name = srvfs-01
>         server string = MCA File Server (test conf)
>         password server = srvdc01.mcaschool.net
>         idmap uid = 10000-40000
>         winbind enum users = yes
>         winbind nested groups = Yes
>         local master = No
>         workgroup = MCASCHOOL
>         os level = 20
>         winbind enum groups = yes
>         security = ads
>         preferred master = no
> 
> [users]
>         path = /home
>         read only = No
> 
> 
> here is the nsswitch.conf
> 
> #
> # /etc/nsswitch.conf
> #
> # An example Name Service Switch config file. This file should be
> # sorted with the most-used services at the beginning.
> #
> # The entry '[NOTFOUND=return]' means that the search for an
> # entry should stop if the search in the previous entry turned
> # up nothing. Note that if the search failed due to some other reason
> # (like no NIS server responding) then the search continues with the
> # next entry.
> #
> # Legal entries are:
> #
> #       nisplus or nis+         Use NIS+ (NIS version 3)
> #       nis or yp               Use NIS (NIS version 2), also called YP
> #       dns                     Use DNS (Domain Name Service)
> #       files                   Use the local files
> #       db                      Use the local database (.db) files
> #       compat                  Use NIS on compat mode
> #       hesiod                  Use Hesiod for user lookups
> #       [NOTFOUND=return]       Stop searching if not found so far
> #
> 
> # To use db, put the "db" in front of "files" for entries you want to be
> # looked up first in the databases
> #
> # Example:
> #passwd:    db files nisplus nis
> #shadow:    db files nisplus nis
> #group:     db files nisplus nis
> 
> passwd:     files compat winbind
> shadow:           compat
> group:      files compat winbind
> 
> #hosts:     db files nisplus nis dns
> hosts:      files dns winbind
> 
> # Example - obey only what nisplus tells us...
> #services:   nisplus [NOTFOUND=return] files
> #networks:   nisplus [NOTFOUND=return] files
> #protocols:  nisplus [NOTFOUND=return] files
> #rpc:        nisplus [NOTFOUND=return] files
> #ethers:     nisplus [NOTFOUND=return] files
> #netmasks:   nisplus [NOTFOUND=return] files
> 
> bootparams: nisplus [NOTFOUND=return] files
> 
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files winbind
> rpc:        files
> services:   files winbind
> 
> netgroup:   files winbind
> 
> publickey:  nisplus
> 
> automount:  files winbind
> aliases:    files nisplus
> 
> 
> 
> 
> 
> And the  /etc/krb5.conf
> 
> 
> [libdefaults]
>          default_realm = MCASCHOOL.NET
> 
> [realms]
>          MCASCHOOL.NET = {
>          kdc = srvdc01.mcaschool.net
>          }
> 
> [domain_realm]
>          .mcaschool.net = MCASCHOOL.NET
>          mcaschool.net = MCASCHOOL.NET
> 
> 
> 
> here is the /etc/hosts
> 
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1       srvfs-01        localhost.localdomain   localhost
> 192.168.0.5     srvfs-01        srvfs-01.mcaschool.net  srvfs-01
> 
> 
> 
> And last but not least the  /etc/resolv.conf
> 
> domain mcaschool.net
> nameserver 192.168.0.2
> 
> 
> 
> This one has me totally stumped, because one of the servers that is
> running is running an exactly identical hardware set
> 
> Any suggestions would be most helpful
> 
> 
> 
> Timothy A. Holmes
>  
> IT Manager / Webmaster / Science Teacher
>  
> Medina Christian Academy
> A Higher Standard...
>  
> Jeremiah 33:3
> Jeremiah 29:11
> Esther 4:14
> 
> 
> 


-- 
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-   The light at the end of the tunnel is really an oncoming train.  -
----------------------------------------------------------------------

More information about the fedora-list mailing list