Difference between revisions of "Samba AD DC Troubleshooting"

(Checking the logs)
(Checking your system for ports samba needs)
Line 59: Line 59:
 
  tcp        0      0 127.0.0.1:53            0.0.0.0:*              LISTEN      1075/named
 
  tcp        0      0 127.0.0.1:53            0.0.0.0:*              LISTEN      1075/named
  
in which case you will need to either specifically bind samba to a certain interface, or simply kill the program that is running (in this example the pid is 1075 for named) by using <tt>kill 1075<tt>, to bind samba to a certain interface add the following to the [global] section of your smb.conf
+
in which case you will need to either specifically bind samba to a certain interface, or simply kill the program that is running (in this example the pid is 1075 for named) by using <tt>kill 1075</tt>, to bind samba to a certain interface add the following to the [global] section of your smb.conf
 
  bind interfaces only = yes
 
  bind interfaces only = yes
 
  interfaces = 192.168.1.1
 
  interfaces = 192.168.1.1
 
you can have more interfaces by using something like <tt>interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</tt>
 
you can have more interfaces by using something like <tt>interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0</tt>

Revision as of 04:46, 2 January 2013

Making sure samba is running

You can use the following command to check to see if Samba 3.X is running currently

ps ax | grep "mbd\|winbindd" | grep -v grep

If its running you will see something like:

16491 ?        S      0:48 /usr/local/samba/sbin/smbd -D
16494 ?        S      0:48 /usr/local/samba/sbin/nmbd -D
16509 ?        S      0:02 /usr/local/samba/sbin/winbindd -D

You can check Samba 4.X by:

ps ax | grep "samba" | grep -v grep

If its running you should see something like:

8258 ?        S      0:47 samba
8261 ?        S      0:00 /usr/local/samba/sbin/smbd --option=server role check:inhibit=yes --foreground

You will only see lines like the last one if you are using s3fs (which is default).

Installing Python 2.6.5 for Samba

If you are having issues with your distribution version of python, you can install python 2.6.5 from this install script, included with the tarball or git files.

sh install_with_python.sh /usr/local/samba  --enable-debug --enable-selftest

You will also need to add export PATH=/usr/local/samba/python/bin:/usr/local/samba/bin:/usr/local/samba/sbin:$PATH to the end of your ~/.bashrc file before things will work properly.

Making pastebin easy

First thing, if you are asking for samba help, you may be asked for logs, configs, exact error messages, or a variety of other things. I use a program called pastebinit which can be installed on Ubuntu using apt-get install pastebinit.

I have setup a config in my users home directory called .pastebinit.xml and it contains the following:

<pastebinit>
	<pastebin>http://paste.ubuntu.com</pastebin>
	<author>IRC_Nick</author>
	<format>text</format>
</pastebinit>

change IRC_Nick to your IRC nickname. You can find out more at http://www.stgraber.org/category/pastebinit/ including other sites pastebinit works with.

After this is setup, if someone asks you for a config file, you can simply type pastebinit some.cfg and it will return a link the other use can use to see your pastebin. If you are trying to capture an error you may use something like samba-tool domain provision 2>&1 | pastebinit

Checking the logs

If you installed samba from source and didn't specify a prefix during configure, your logs should be located in /usr/local/samba/var/, unless you have specified a log file = directive in your smb.conf. This can be checked by using either testparm -v (for the samba 3.X series) or samba-tool testparm -v (for the samba 4.X series), this will provide a lot of output so you can also add a | grep "log file"

Sometimes the log file will not have the info you need, so you will need to turn up the amount of logging that needs done but adding the following line to your smb.conf in the [global] section:

log level = 3

by default samba only logs at level 0, so start low and turn it up slowly, you will want to restart samba after making this change.

  • Note: If you add grep to the command it will silently prompt you to press enter.

Checking your system for ports samba needs

If samba appears to be running, but something isn't working quite right, you should double check that another program isn't using a port it needs. The first thing to do is look through the logs for lines like

Failed to bind to 0.0.0.0:53 TCP - NT_STATUS_ADDRESS_ALREADY_ASSOCIATED

If you find one use the following method to check what is using the port. In the following example I will be checking to see if something is using the DNS port (53), but this could easily be adapted to LDAP (ports 389 and 636), a KDC Server (port 464) or any other port that may be in use:

netstat -anp | grep "LISTEN " | grep 53

you should receive output like the following:

tcp        0      0 0.0.0.0:53              0.0.0.0:*               LISTEN      27805/samba

if anything else is running on that port it may look like:

tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      1075/named

in which case you will need to either specifically bind samba to a certain interface, or simply kill the program that is running (in this example the pid is 1075 for named) by using kill 1075, to bind samba to a certain interface add the following to the [global] section of your smb.conf

bind interfaces only = yes
interfaces = 192.168.1.1

you can have more interfaces by using something like interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0