Samba AD DC Troubleshooting: Difference between revisions
From SambaWiki
Mmuehlfeld (talk | contribs) m (Added category) |
|||
(38 intermediate revisions by 6 users not shown) | |||
Line 1: | Line 1: | ||
= Introduction = |
|||
= Making sure samba is running = |
|||
You can use the following command to check to see if Samba 3.X is running currently |
|||
ps ax | grep "mbd\|winbindd" | grep -v grep |
|||
This documentation helps you to troubleshoot problems users can encounter when running Samba as an Active Directory (AD) domain controller (DC). |
|||
If its running you will see something like: |
|||
16491 ? S 0:48 /usr/local/samba/sbin/smbd -D |
|||
16494 ? S 0:48 /usr/local/samba/sbin/nmbd -D |
|||
16509 ? S 0:02 /usr/local/samba/sbin/winbindd -D |
|||
You can check Samba 4.X by: |
|||
ps ax | grep "samba" | grep -v grep |
|||
If its running you should see something like: |
|||
8258 ? S 0:47 samba |
|||
8261 ? S 0:00 /usr/local/samba/sbin/smbd --option=server role check:inhibit=yes --foreground |
|||
You will only see lines like the last one if you are using ''s3fs'' (which is default). |
|||
= Installing Python 2.6.5 for Samba = |
|||
If you are having issues with your distribution version of python, you can install python 2.6.5 from this install script, included with the tarball or git files. |
|||
sh install_with_python.sh /usr/local/samba --enable-debug --enable-selftest |
|||
= General = |
|||
You will also need to add <tt>export PATH=/usr/local/samba/python/bin:/usr/local/samba/bin:/usr/local/samba/sbin:$PATH</tt> to the end of your ~/.bashrc file before things will work properly. |
|||
== Setting the Samba Log Level == |
|||
= Making pastebin easy = |
|||
First thing, if you are asking for samba help, you may be asked for logs, configs, exact error messages, or a variety of other things. I use a program called <tt>pastebinit</tt> which can be installed on Ubuntu using <tt>apt-get install pastebinit</tt>. |
|||
For details, see [[Setting_the_Samba_Log_Level|Setting the Samba Log Level]]. |
|||
I have setup a config in my users home directory called .pastebinit.xml and it contains the following: |
|||
<pastebinit> |
|||
<pastebin>http://paste.ubuntu.com</pastebin> |
|||
<author>IRC_Nick</author> |
|||
<format>text</format> |
|||
</pastebinit> |
|||
change IRC_Nick to your IRC nickname. You can find out more at http://www.stgraber.org/category/pastebinit/ including other sites pastebinit works with. |
|||
== The <code>net</code> Command Fails to Connect to the <code>127.0.0.1</code> IP Address == |
|||
After this is setup, if someone asks you for a config file, you can simply type <tt>pastebinit some.cfg</tt> and it will return a link the other use can use to see your pastebin. |
|||
If you are trying to capture an error you may use something like <tt>samba-tool domain provision 2>&1 | pastebinit</tt> |
|||
For details, see [[Troubleshooting_Samba_Domain_Members#The_net_Command_Fails_to_Connect_to_the_127.0.0.1_IP_Address|Troubleshooting Samba Domain Members - The net Command Fails to Connect to the 127.0.0.1 IP Address]]. |
|||
= Checking the logs = |
|||
If you installed samba from source and didn't specify a prefix during configure, your logs should be located in <tt>/usr/local/samba/var/</tt>, unless you have specified a <tt>log file = </tt> directive in your smb.conf. This can be checked by using either <tt>testparm -v</tt> (for the samba 3.X series) or <tt>samba-tool testparm -v</tt> (for the samba 4.X series), this will provide a lot of output so you can also add a <tt>| grep "log file"</tt>, |
|||
*Note: If you add grep to the command it will silently prompt you to press enter. |
|||
= Checking your system for ports samba needs = |
|||
If samba appears to be running, but something isn't working quite right, you should double check that another program isn't using a port it needs. The first thing to do is look through the logs for lines like |
|||
Failed to bind to 0.0.0.0:'''53''' TCP - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED |
|||
If you find one use the following method to check what is using the port. In the following example I will be checking to see if something is using the DNS port ('''53'''), but this could easily be adapted to LDAP (ports 389 and 636), a KDC Server (port 464) or any other port that may be in use: |
|||
netstat -anp | grep "LISTEN " | grep 53 |
|||
you should receive output like the following: |
|||
tcp 0 0 0.0.0.0:53 0.0.0.0:* LISTEN 27805/samba |
|||
if anything else is running on that port it may look like: |
|||
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1075/named |
|||
in which case you will need to either specifically bind samba to a certain interface, or simply kill the program that is running (in this example the pid is 1075 for named) by using <tt>kill 1075<tt>, to bind samba to a certain interface add the following to the [global] section of your smb.conf |
|||
= Process Management = |
|||
bind interfaces only = yes |
|||
interfaces = 192.168.1.1 |
|||
== Verifying That Samba Is Running == |
|||
you can have more interfaces by using something like <tt>interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</tt> |
|||
Use the <code>ps</code> utility to verify that Samba processes are executed: |
|||
# ps axf | egrep "samba|smbd|winbindd" |
|||
... |
|||
917 ? Ss 0:00 /usr/local/samba/sbin/samba -D |
|||
923 ? S 0:00 \_ /usr/local/samba/sbin/samba -D |
|||
936 ? Ss 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground |
|||
940 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground |
|||
941 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground |
|||
943 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground |
|||
924 ? S 0:00 \_ /usr/local/samba/sbin/samba -D |
|||
925 ? S 0:00 \_ /usr/local/samba/sbin/samba -D |
|||
... |
|||
935 ? Ss 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground |
|||
939 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground |
|||
... |
|||
{{Imbox |
|||
| type = note |
|||
| text = Samba Domain Controller do not support network browsing, and thus no <code>nmbd</code> processes are listed. |
|||
}} |
|||
All <code>samba</code>, <code>smbd</code>, and <code>winbindd</code> processes must be child processes of one <code>samba</code> process. |
|||
If you do not see a process structure as displayed: |
|||
* Verify your Samba log files to locate the problem. For a detailed output, increase the log level. For details, see [[#Setting_the_Samba_Log_Level|Setting the Samba Log Level]] |
|||
* Start Samba interactively and watch the output: |
|||
# samba -i |
|||
= DNS = |
|||
== DNS Back End-specific Troubleshooting == |
|||
See: |
|||
* [[Samba_Internal_DNS_Back_End#Troubleshooting|Samba INTERNAL_DNS Back End - Troubleshooting]] |
|||
* [[BIND9_DLZ_DNS_Back_End#Troubleshooting|BIND9_DLZ DNS Back End - Troubleshooting]] |
|||
= SELinux = |
|||
For details, see [[Troubleshooting_SELinux_on_a_Samba_AD_DC|Troubleshooting SELinux on a Samba AD DC]]. |
|||
= Updating = |
|||
If you have any problems with your Active Directory (AD) domain controller (DC) after updating Samba, see: [[Updating_Samba#Notable_Enhancements_and_Changes|Notable Enhancements and Changes]]. |
|||
---- |
|||
[[Category:Active Directory]] |
Revision as of 20:38, 26 February 2017
Introduction
This documentation helps you to troubleshoot problems users can encounter when running Samba as an Active Directory (AD) domain controller (DC).
General
Setting the Samba Log Level
For details, see Setting the Samba Log Level.
The net
Command Fails to Connect to the 127.0.0.1
IP Address
For details, see Troubleshooting Samba Domain Members - The net Command Fails to Connect to the 127.0.0.1 IP Address.
Process Management
Verifying That Samba Is Running
Use the ps
utility to verify that Samba processes are executed:
# ps axf | egrep "samba|smbd|winbindd" ... 917 ? Ss 0:00 /usr/local/samba/sbin/samba -D 923 ? S 0:00 \_ /usr/local/samba/sbin/samba -D 936 ? Ss 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 940 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 941 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 943 ? S 0:00 | \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground 924 ? S 0:00 \_ /usr/local/samba/sbin/samba -D 925 ? S 0:00 \_ /usr/local/samba/sbin/samba -D ... 935 ? Ss 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground 939 ? S 0:00 | \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground ...
Samba Domain Controller do not support network browsing, and thus no nmbd processes are listed. |
All samba
, smbd
, and winbindd
processes must be child processes of one samba
process.
If you do not see a process structure as displayed:
- Verify your Samba log files to locate the problem. For a detailed output, increase the log level. For details, see Setting the Samba Log Level
- Start Samba interactively and watch the output:
# samba -i
DNS
DNS Back End-specific Troubleshooting
See:
SELinux
For details, see Troubleshooting SELinux on a Samba AD DC.
Updating
If you have any problems with your Active Directory (AD) domain controller (DC) after updating Samba, see: Notable Enhancements and Changes.