Hi,
so I have two file servers running FreeBSD, they just stopped being accessible about a week ago. The dreaded 'never-ending password entering' problem.
I thought it might be updates, so I upgraded one of them and left the other one the same. The non-upgraded one is:
The other is:
My
Testparm is good. I tried commenting out any of the encryption or protocol-related settings in the first paragraph, or explicitly setting them to no, but it doesn't seem to make a difference.
my ntp is synced to the domain controllers and appears to be fine:
It's perplexing because it had been working great for months and nothing really changed. I have a WS2012R2 AD environment - I even thought it might be updates on the domain controllers so I rolled them both back to a snapshot taken in May and turned off auto updates - still no access to samba shares.
Anyone have any ideas?
FWIW I can't seem to get Debian Stretch samba to work either. OpenSUSE and Ubuntu 18.04 were no problem, though. It's all very strange...
Thanks!
Edit: Additionally,
Edit edit: I did manage to get on both of them by destroying key and re-joining the domain invoking (as root):
But the updated one no longer recognizes my domain user account - I had to access the share with administrator ... any ideas why that might be?
so I have two file servers running FreeBSD, they just stopped being accessible about a week ago. The dreaded 'never-ending password entering' problem.
I thought it might be updates, so I upgraded one of them and left the other one the same. The non-upgraded one is:
Code:
$ smbd --version
Version 4.7.6
$ freebsd-version
11.1-RELEASE-p10
Code:
# smbd --version
Version 4.7.7
# freebsd-version
11.2-RELEASE
My
/usr/local/etc/smb4.conf global
is practically the same for both of them, just the names are different. Here's an example:
Code:
[global]
netbios name = FEBMARCH
security = ADS
workgroup = WEBTOOL
realm = WEBTOOL.SPACE
client use spnego = yes
client signing = yes
server signing = yes
client ntlmv2 auth = yes
encrypt passwords = yes
log file = /var/log/samba4/%m.log
log level = 1
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config WEBTOOL : backend = ad
idmap config WEBTOOL : schema_mode = rfc2307
idmap config WEBTOOL : range = 10000-999999
idmap config WEBTOOL : unix_nss_info = yes
idmap config WEBTOOL : unix_primary_group = yes
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
winbind offline logon = yes
;winbind nested groups = yes
winbind refresh tickets = yes
winbind nss info = rfc2307
Testparm is good. I tried commenting out any of the encryption or protocol-related settings in the first paragraph, or explicitly setting them to no, but it doesn't seem to make a difference.
my ntp is synced to the domain controllers and appears to be fine:
Code:
$ ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
*LOCAL(0) .LOCL. 10 l 37 64 377 0.000 0.000 0.001
2012dc01.webtoo 23.131.160.7 3 u 44 64 377 0.463 -2099.8 8.328
2012dc02.webtoo .LOCL. 1 u 6 64 377 0.182 -2436.5 4.379
It's perplexing because it had been working great for months and nothing really changed. I have a WS2012R2 AD environment - I even thought it might be updates on the domain controllers so I rolled them both back to a snapshot taken in May and turned off auto updates - still no access to samba shares.
Anyone have any ideas?
FWIW I can't seem to get Debian Stretch samba to work either. OpenSUSE and Ubuntu 18.04 were no problem, though. It's all very strange...
Thanks!
Edit: Additionally,
wbinfo -u / -g
and getent passwd / group
return domain users and groups without hesitation.Edit edit: I did manage to get on both of them by destroying key and re-joining the domain invoking (as root):
Code:
# kdestroy
# kinit
# net ads join -k
# net ads status
But the updated one no longer recognizes my domain user account - I had to access the share with administrator ... any ideas why that might be?