LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Connecting SAMBA to a Windows 2012R2 Domain (https://www.linuxquestions.org/questions/linux-server-73/connecting-samba-to-a-windows-2012r2-domain-4175485746/)

Rhodderz 11-24-2013 03:14 PM
Connecting SAMBA to a Windows 2012R2 Domain
 
Hi, I have a small (agrivating) problem with samba. I used to run SAMBA as my main AD from a nas but then moved to a dedicated windows 2012R2 server (i didnt migrate just collapsed and created a new domain). I am currently trying to connect my nas (running Debian) to the AD and have been following this tut http://community.spiceworks.com/how_...d-and-kerberos . but i keep getting NT_STATUS_CONNECTION_RESET every time i try and join (note my windows clients can connect easily). I can connect via kinit (it doesnt error just goes back to prompt) and checking the dns vis host -t srv _kerberos._tcp.rmmd.int works.
Any help would be greatfull.

SMB.conf
Quote:
#GLOBAL PARAMETERS
[global]
workgroup = RMMD
password server = RMMD-SVR-1.RMMD.INT
wins server = 192.168.0.254
realm = RMMD.INT
netbios name = Rhodderz-NAS
preferred master = no
server string = RMMD NAS
security = ADS
encrypt passwords = yes
log level = 3
log file = /var/log/samba/%m
max log size = 50
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind nested groups = yes
winbind separator = +
idmap uid = 600-20000
idmap gid = 600-20000
;Template primary group = "Domain Users"
template shell = /bin/bash

[homes]
comment = Home Directory
valid users = %s
read only = No
browseable = No

[share]
comment = Share
path = /disk/share/
valid users = %s
read only = No
browseable = Yes
krb5.conf
Quote:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 600
default_realm = RMMD.INT
allow_weak_crypto = yes

[realms]
RMMD.INT = {
kdc = 192.168.0.254
default_domain = RMMD.INT
}

[domain_realm]
.RMMD.INT = RMMD.INT
RMMD.INT = RMMD.INT

[kdc]
profile = /etc/krb5kdc/kdc.conf
:EDIT
Also if i do net ads info i do get the correct info back
Quote:
LDAP server: 192.168.0.254
LDAP server name: RMMD-SVR-1.rmmd.int
Realm: RMMD.INT
Bind Path: dc=RMMD,dc=INT
LDAP port: 389
Server time: Sun, 24 Nov 2013 22:43:31 GMT
KDC server: 192.168.0.254
Server time offset: 2

smallpond 11-25-2013 09:10 AM
What samba version?

Rhodderz 11-25-2013 12:34 PM
Ah sorry i forgot that, 4.0.12-Debian. got it straight from the debian repository

Rhodderz 11-25-2013 05:20 PM
I tried joining via samba-tool and i get this error
Quote:
samba-tool domain join rmmd.int -UAdministrator --realm=rmmd.int --dns-backend=BIND9_DLZ
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
ERROR(runtime): uncaught exception - Connection to SAMR pipe of PDC for rmmd.int failed: Connection to DC failed: NT_STATUS_CONNECTION_RESET
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 175, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 545, in run
machinepass=machinepass)
EDIT:
Im going to try and see what the outcome is if i install SAMBA from source and see if that makes any difference.
EDIT of EDIT
Tried from souce and same error. that was with samba 4.1.2

Rhodderz 03-12-2014 01:50 PM
*BUMP*
Wondering if anyone has ANY idea how to fix this as i am still currently having the same problem (with 4.1.5 now). I have successfully connected other clients to the AD (Windows and Linux (using likewise)) but just can not seem to get samba to connect at all. I have done all the above again and everything bar the initial join works.

Nuitari 03-26-2014 01:58 PM
Took me a while to find a solution and this thread was one of those that kept coming up on top of Google, so for any one wondering why...
SMB1.0 is deprecated in Windows 2012R2, by default a minimum of SMB2.0 is required.

The fix is from technet (search for cant-access-unc-share-on-windows-server-2012-r2), which reenabled SMB 1.0


Quote:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\DependOnService

Original Value: SamSS Srv2

Change to: SamSS Srv
Then reboot / restart the service.

This fixed Samba 4.1.5 and 3.6.18

Rhodderz 03-27-2014 12:38 PM
Quote:
Originally Posted by Nuitari (Post 5141743)
Took me a while to find a solution and this thread was one of those that kept coming up on top of Google, so for any one wondering why...
SMB1.0 is deprecated in Windows 2012R2, by default a minimum of SMB2.0 is required.

The fix is from technet (search for cant-access-unc-share-on-windows-server-2012-r2), which reenabled SMB 1.0




Then reboot / restart the service.

This fixed Samba 4.1.5 and 3.6.18
Unfortunatley this didnt fix my issue, though it caused my ADD to cause havok as Netlogon, DFS Namespace and LanmanServer would not start

EDIT: Found another fix
In powershell do : Add-WindowsFeature FS-SMB1
you will need to restart but this installs SMB1 protocol which then allows samba to join (takes 10 or so mins after reboot to fully initialize)
Hope this helps some peeps out there


All times are GMT -5. The time now is 05:28 AM.