Samba AD DC Troubleshooting

Revision as of 02:52, 29 July 2019 by Garming (talk | contribs) (Issues with DNS during DC join)

Introduction

This documentation helps you to troubleshoot problems users can encounter when running Samba as an Active Directory (AD) domain controller (DC).



General

Setting the Samba Log Level

For details, see Setting the Samba Log Level.


The net Command Fails to Connect to the 127.0.0.1 IP Address

For details, see Troubleshooting Samba Domain Members - The net Command Fails to Connect to the 127.0.0.1 IP Address.



Process Management

Verifying That Samba Is Running

Use the ps utility to verify that Samba processes are executed:

# ps axf | egrep "samba|smbd|winbindd"
...
917 ?        Ss     0:00 /usr/local/samba/sbin/samba -D
923 ?        S      0:00  \_ /usr/local/samba/sbin/samba -D
936 ?        Ss     0:00  |   \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
940 ?        S      0:00  |       \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
941 ?        S      0:00  |       \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
943 ?        S      0:00  |       \_ /usr/local/samba/sbin/smbd -D --option=server role check:inhibit=yes --foreground
924 ?        S      0:00  \_ /usr/local/samba/sbin/samba -D
925 ?        S      0:00  \_ /usr/local/samba/sbin/samba -D
...
935 ?        Ss     0:00  |   \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
939 ?        S      0:00  |       \_ /usr/local/samba/sbin/winbindd -D --option=server role check:inhibit=yes --foreground
...

All samba, smbd, and winbindd processes must be child processes of one samba process.

If you do not see a process structure as displayed:

  • Verify your Samba log files to locate the problem. For a detailed output, increase the log level. For details, see Setting the Samba Log Level
  • Start Samba interactively and watch the output:
# samba -i



DNS

DNS Back End-specific Troubleshooting

See:

Issues with DNS during DC join

Adding DNS A record XXX.XXX.XXX.XXX for IPv4 IP: XX.XX.XX.XX
ERROR(runtime): uncaught exception - (9003, 'WERR_DNS_ERROR_RCODE_NAME_ERROR')
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/__init__.py", line 185, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib64/python2.7/site-packages/samba/netcmd/domain.py", line 699, in run
    backend_store=backend_store)
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1535, in join_DC
    ctx.do_join()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1436, in do_join
    ctx.join_add_dns_records()
  File "/usr/lib64/python2.7/site-packages/samba/join.py", line 1178, in join_add_dns_records
    dns_partition=domaindns_zone_dn)
  File "/usr/lib64/python2.7/site-packages/samba/samdb.py", line 1069, in dns_lookup
    dns_partition=dns_partition)


1. 2. 3.

For more detail in regards to issues with domains migrated from Windows 2003 R2 or earlier:

SELinux

For details, see Troubleshooting SELinux on a Samba AD DC.



Updating

If you have any problems with your Active Directory (AD) domain controller (DC) after updating Samba, see: Notable Enhancements and Changes.