LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices



Reply
 
Search this Thread
Old 11-24-2013, 04:14 PM   #1
Rhodderz
LQ Newbie
 
Registered: Nov 2013
Location: Plymouth, UK
Distribution: Debian
Posts: 15

Rep: Reputation: Disabled
Question Connecting SAMBA to a Windows 2012R2 Domain


Hi, I have a small (agrivating) problem with samba. I used to run SAMBA as my main AD from a nas but then moved to a dedicated windows 2012R2 server (i didnt migrate just collapsed and created a new domain). I am currently trying to connect my nas (running Debian) to the AD and have been following this tut http://community.spiceworks.com/how_...d-and-kerberos . but i keep getting NT_STATUS_CONNECTION_RESET every time i try and join (note my windows clients can connect easily). I can connect via kinit (it doesnt error just goes back to prompt) and checking the dns vis host -t srv _kerberos._tcp.rmmd.int works.
Any help would be greatfull.

SMB.conf
Quote:
#GLOBAL PARAMETERS
[global]
workgroup = RMMD
password server = RMMD-SVR-1.RMMD.INT
wins server = 192.168.0.254
realm = RMMD.INT
netbios name = Rhodderz-NAS
preferred master = no
server string = RMMD NAS
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
;Template primary group = "Domain Users"
template shell = /bin/bash

[homes]
comment = Home Directory
valid users = %s
read only = No
browseable = No

[share]
comment = Share
path = /disk/share/
valid users = %s
read only = No
browseable = Yes
krb5.conf
Quote:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 600
default_realm = RMMD.INT
allow_weak_crypto = yes

[realms]
RMMD.INT = {
kdc = 192.168.0.254
default_domain = RMMD.INT
}

[domain_realm]
.RMMD.INT = RMMD.INT
RMMD.INT = RMMD.INT

[kdc]
profile = /etc/krb5kdc/kdc.conf
:EDIT
Also if i do net ads info i do get the correct info back
Quote:
LDAP server: 192.168.0.254
LDAP server name: RMMD-SVR-1.rmmd.int
Realm: RMMD.INT
Bind Path: dc=RMMD,dc=INT
LDAP port: 389
Server time: Sun, 24 Nov 2013 22:43:31 GMT
KDC server: 192.168.0.254
Server time offset: 2

Last edited by Rhodderz; 11-24-2013 at 07:31 PM. Reason: Addid Infor
 
Old 11-25-2013, 10:10 AM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 6 (pre-systemd)
Posts: 1,773

Rep: Reputation: 454Reputation: 454Reputation: 454Reputation: 454Reputation: 454
What samba version?
 
Old 11-25-2013, 01:34 PM   #3
Rhodderz
LQ Newbie
 
Registered: Nov 2013
Location: Plymouth, UK
Distribution: Debian
Posts: 15

Original Poster
Rep: Reputation: Disabled
Ah sorry i forgot that, 4.0.12-Debian. got it straight from the debian repository
 
Old 11-25-2013, 06:20 PM   #4
Rhodderz
LQ Newbie
 
Registered: Nov 2013
Location: Plymouth, UK
Distribution: Debian
Posts: 15

Original Poster
Rep: Reputation: Disabled
I tried joining via samba-tool and i get this error
Quote:
samba-tool domain join rmmd.int -UAdministrator --realm=rmmd.int --dns-backend=BIND9_DLZ
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR(runtime): uncaught exception - Connection to SAMR pipe of PDC for rmmd.int failed: Connection to DC failed: NT_STATUS_CONNECTION_RESET
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 545, in run
machinepass=machinepass)
EDIT:
Im going to try and see what the outcome is if i install SAMBA from source and see if that makes any difference.
EDIT of EDIT
Tried from souce and same error. that was with samba 4.1.2

Last edited by Rhodderz; 11-26-2013 at 05:09 PM.
 
Old 03-12-2014, 02:50 PM   #5
Rhodderz
LQ Newbie
 
Registered: Nov 2013
Location: Plymouth, UK
Distribution: Debian
Posts: 15

Original Poster
Rep: Reputation: Disabled
*BUMP*
Wondering if anyone has ANY idea how to fix this as i am still currently having the same problem (with 4.1.5 now). I have successfully connected other clients to the AD (Windows and Linux (using likewise)) but just can not seem to get samba to connect at all. I have done all the above again and everything bar the initial join works.
 
Old 03-26-2014, 02:58 PM   #6
Nuitari
LQ Newbie
 
Registered: Mar 2014
Posts: 1

Rep: Reputation: Disabled
Took me a while to find a solution and this thread was one of those that kept coming up on top of Google, so for any one wondering why...
SMB1.0 is deprecated in Windows 2012R2, by default a minimum of SMB2.0 is required.

The fix is from technet (search for cant-access-unc-share-on-windows-server-2012-r2), which reenabled SMB 1.0


Quote:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DependOnService

Original Value: SamSS Srv2

Change to: SamSS Srv
Then reboot / restart the service.

This fixed Samba 4.1.5 and 3.6.18
 
Old 03-27-2014, 01:38 PM   #7
Rhodderz
LQ Newbie
 
Registered: Nov 2013
Location: Plymouth, UK
Distribution: Debian
Posts: 15

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by Nuitari View Post
Took me a while to find a solution and this thread was one of those that kept coming up on top of Google, so for any one wondering why...
SMB1.0 is deprecated in Windows 2012R2, by default a minimum of SMB2.0 is required.

The fix is from technet (search for cant-access-unc-share-on-windows-server-2012-r2), which reenabled SMB 1.0




Then reboot / restart the service.

This fixed Samba 4.1.5 and 3.6.18
Unfortunatley this didnt fix my issue, though it caused my ADD to cause havok as Netlogon, DFS Namespace and LanmanServer would not start

EDIT: Found another fix
In powershell do : Add-WindowsFeature FS-SMB1
you will need to restart but this installs SMB1 protocol which then allows samba to join (takes 10 or so mins after reboot to fully initialize)
Hope this helps some peeps out there

Last edited by Rhodderz; 03-27-2014 at 09:42 PM. Reason: [SOLVED]
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Samba Authentication - connecting Windows domain users to Linux share Nick_C Linux - Server 0 11-13-2012 12:53 PM
[SOLVED] Connecting to a Samba server (not on domain) from windows domain pc centos123 Linux - Server 35 07-12-2011 06:27 AM
connecting samba to a windows 2003 active directory domain Jcrofton Linux - Networking 8 09-17-2006 07:07 PM
Connecting Samba to Windows 2000 server domain subzero80 Linux - Networking 0 12-01-2003 06:35 PM


All times are GMT -5. The time now is 11:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration