Samba AD DC Troubleshooting: Difference between revisions
Mmuehlfeld (talk | contribs) (Adding some more topics to troubleshoot a Samba AD DC.) |
RedScourge (talk | contribs) m (dnsmasq typo correction) |
||
Line 33: | Line 33: | ||
Failed to listen on 127.0.0.1:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED |
Failed to listen on 127.0.0.1:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED |
||
Make sure, that no other service is listening on port 53/udp and 53/tcp. Typically for this kind of problem is, that e. g. |
Make sure, that no other service is listening on port 53/udp and 53/tcp. Typically for this kind of problem is, that e. g. Dnsmasq or a different DNS server is listening on this port. Check by using |
||
# netstat -tulpn | grep ":53" |
# netstat -tulpn | grep ":53" |
||
It should return only „samba“ processes, bound to this port, if using the Internal DNS. |
It should return only „samba“ processes, bound to this port, if using the Internal DNS. |
||
= kinit/klist don't exist on your system = |
= kinit/klist don't exist on your system = |
Revision as of 01:44, 15 November 2014
Making sure samba is running
Use the following command to check if Samba is running:
# ps axf | egrep "samba|smbd|nmbd|winbindd"
The output should look like the following:
1577 ? Ss 0:00 samba 1578 ? S 0:00 \_ samba 1581 ? Ss 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 1594 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 1579 ? S 0:00 \_ samba 1580 ? S 0:00 \_ samba 1582 ? S 0:00 \_ samba ...
„samba“ or child processes don't start
Check out the Samba port usage for a Domain Controller documentation and compare it with the output of
# netstat -tulpn | egrep "samba|smbd|nmbd|winbind"
If Samba isn't listening on all ports it should, check your Samba logs for further debugging.
Samba Internal DNS doesn't start
The Samba logfile shows
[2014/07/05 22:46:07.334864, 0] ../source4/smbd/service_stream.c:346(stream_setup_socket) Failed to listen on 127.0.0.1:53 - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED
Make sure, that no other service is listening on port 53/udp and 53/tcp. Typically for this kind of problem is, that e. g. Dnsmasq or a different DNS server is listening on this port. Check by using
# netstat -tulpn | grep ":53"
It should return only „samba“ processes, bound to this port, if using the Internal DNS.
kinit/klist don't exist on your system
See OS Requirements.
SELinux
Some thoughts on SELinux and discretionary access control permissions that can prevent login using AD users are on the Samba AD DC Access Control Settings page.
Installing Python 2.6.5 for Samba
If you encouter issues with your distribution version of Python, you can install Python 2.6.5 from this install script, included with the tarball or git files:
sh install_with_python.sh /usr/local/samba --enable-debug --enable-selftest
You will also need to add export PATH=/usr/local/samba/python/bin:/usr/local/samba/bin:/usr/local/samba/sbin:$PATH to the end of your ~/.bashrc file before things will work properly.
Checking the logs
If you installed Samba from source and didn't specify a prefix during configure, your logs should be located in /usr/local/samba/var/, unless you have specified a log file = directive in your smb.conf. This can be checked by using either testparm -v (for the samba 3.X series) or samba-tool testparm -v (for the samba 4.X series), this will provide a lot of output so you can also add a | grep "log file"
Sometimes the log file will not have the info you need, so you will need to turn up the amount of logging that needs done but adding the following line to your smb.conf in the [global] section:
log level = 3
by default samba only logs at level 0, so start low and turn it up slowly, you will want to restart samba after making this change.
- Note: If you add grep to the command it will silently prompt you to press enter.