Centrifydc (adbindproxy 5.5) + stock samba 4.8 can't access share
3 weeks ago
I have OLE 7.6 with Centrifydc (adbindproxy 5.5) + stock samba 4.8 in domain.
Domain logon works perfect.
In windows clients i can see the shares (samba-test and home directory)? but i can't enter them.
adbindproxy.pl --info The Samba base path is : /usr CentrifyDC Version = 5.5.1-400 CentrifyDC Architecture = 64-bit CentrifyDC Realm = domain.by CentrifyDC NTLM Domain = domain CentrifyDC Host = serv.domain.by CentrifyDC Short Host = servt Samba Version = 4.8.3 Samba Architecture = 64-bit Samba Realm = domain.BY Samba NetBIOS Name = SERV Samba Version Supported = yes Samba and CDC in same Realm = yes Samba and CDC share machine account = yes Password sync using libtdb = <not specified>
adcheck -t net domain.by NSHOSTS : Check hosts line in /etc/nsswitch.conf : Pass DNSPROBE : Probe DNS server 10.XX.XXX.XX : Pass DNSPROBE : Probe DNS server 10.XX.XXX.XX : Pass DNSCHECK : Analyze basic health of DNS servers : Pass WHATSSH : Is this an SSH that Centrify DirectControl Agent works well with: Pass SSH : SSHD version and configuration : Warning : You are running OpenSSH_7.4p1, OpenSSL 1.0.2k-fips 26 Jan 2017. : Cannot read /etc/ssh/sshd_config, you should run adcheck as root. 1 warning was encountered during check. We recommend checking this before proceeding
smb.conf [global] security = ADS realm = domain.BY workgroup = domain netbios name = serv machine password timeout = 0 passdb backend = tdbsam:/var/lib/samba/private/passdb.tdb # # Samba versions 3.4.0 and newer have replaced "use kerberos keytab" # with "kerberos method". The directive "kerberos method = secrets and keytab" # enables Samba to honor service tickets that are still valid but were # created before the Samba server's password was changed. # kerberos method = secrets and keytab # # Setting "client use spnego principal" to true instructs SMB client to # trust the service principal name returned by the SMB server. Otherwise, # client cannot be authenticated via Kerberos by the server in a different # domain even though the two domains are mutually trusted. # #client use spnego principal = true # # Setting send spnego principal to yes . # Otherwise, it will not send this principal between Samba and Windows 2008 # #send spnego principal = Yes # If your Samba server only serves to Windows systems, try server signing = mandatory. server signing = auto client ntlmv2 auth = yes client use spnego = yes bind interfaces only = yes interfaces = 10.XX.XXX.XXX template shell = /bin/bash winbind use default domain = Yes winbind enum users = No winbind enum groups = No winbind nested groups = Yes idmap cache time = 0 #ignore syssetgroups error = No idmap config * : backend = tdb idmap config * : range = 1000 - 200000000 idmap config * : base_tdb = 0 enable core files = false # Disable Logging to syslog, and only write log to Samba standard log files. # syslog = 0 log file = /var/log/samba/samba_log.%m log level = 3 [samba-test] path = /samba-test public = yes # if set public = No, we should set parameter valid users . # and when the user or group is in AD , the setting syntaxes is: # valid users = domain\username +domain\group writable = yes [homes] comment = Home directories read only = No browseable = No
smbclient -k -L localhost Connection to localhost failed (Error NT_STATUS_CONNECTION_REFUSED)
sudo systemctl status -l centrifydc-samba ● centrifydc-samba.service - SYSV: Centrify AD Bind Daemon Loaded: loaded (/etc/rc.d/init.d/centrifydc-samba; bad; vendor preset: disabled) Active: active (running) since Wed 2018-11-28 13:02:22 +03; 2h 2min ago Docs: man:systemd-sysv-generator(8) Process: 18785 ExecStop=/etc/rc.d/init.d/centrifydc-samba stop (code=exited, status=0/SUCCESS) Process: 18825 ExecStart=/etc/rc.d/init.d/centrifydc-samba start (code=exited, status=0/SUCCESS) CGroup: /system.slice/centrifydc-samba.service ├─18838 /usr/sbin/nmbd ├─18847 /usr/sbin/winbindd -s /etc/centrifydc/smb2.conf ├─18853 /usr/sbin/winbindd -s /etc/centrifydc/smb2.conf ├─18856 /usr/share/centrifydc/sbin/adbindd ├─18870 /usr/sbin/smbd ├─18872 /usr/sbin/smbd ├─18873 /usr/sbin/smbd ├─18874 /usr/sbin/smbd └─18916 /usr/sbin/smbd Nov 28 14:48:34 Serv.domain.by nmbd: This response was from IP 10.XX.XXX.002, reporting an IP address of 10.XX.XXX.002. Nov 28 14:53:43 Serv.domain.by nmbd: [2018/11/28 14:53:43.985471, 0] ../source3/nmbd/nmbd_namequery.c:109(query_name_response) Nov 28 14:53:43 Serv.domain.by nmbd: query_name_response: Multiple (2) responses received for a query on subnet 10.XX.XXX.001 for name DOMAIN<1d>. Nov 28 14:53:43 Serv.domain.by nmbd: This response was from IP 10.XX.XXX.002, reporting an IP address of 10.XX.XXX.002.
I really hope for your help.
Solved! Go to Solution.
3 weeks ago
smbclient -k -L serv Sharename Type Comment --------- ---- ------- samba-test Disk IPC$ IPC IPC Service (Samba 4.8.3) username Disk Home directories Reconnecting with SMB1 for workgroup listing. Server Comment --------- ------- Workgroup Master --------- ------- MMBANK SERV-2
SERV-2 is a similar server on the same subnet.