I am a total newbie to linux but have so far managed to get DNS, DHCP, Samba and Apache to work on our new server which is to replace services on our existing MS Server2003. I have setup Samba to authenticate to the MS2003 server so we can still use active directory etc.
Everything seems to work fine for a day or two and the wheels start falling off.
The network users suddenly can not access the Samba shares and the dhcp leases won’t renew on the work stations. When workstations can no longer access Samba shares the error is usually something along the lines of “you do not have permissions to use this resource” have to double check the exact wording on that though.
When i look in top everything looks fine as far as i can see. The CPU usage is only 2% or thereabouts, most times there is still a few GB of ram free.
I would not have thought it to be a hardware issue as it is a new intel server with quad core Zeon, 4GB Ram and SAS drives running SLES 10.3.
As soon as i reboot the SUSE machine all is ok again.
Does anybody have any hints or idea’s on how i can track down the problem.
Welcome to the openSUSE Forums. Usually, business in our forums is conducted in English, however many of our community members speak other languages. If you prefer to use a language other than English, please feel free to do so and hopefully someone will get you a reply.
As not everybody in the forums has english as its first language can you please try to write real english (and not to sophisticated), including interpunction. For some it is already difficult enough to understand the posts (which may have typos ).
Thank you in advance.
Not that it probably makes a difference but i made a typo. It is actually SLES SP1 i am running.
When it happens again i will check the samba logs. I checked the var/log/messages under Yast and there never seems to be anything that is stand out.
As far as i know there is no way of simply seeing the DHCP address leases like in the DHCP snap-in in MS Server.
However if you look under Yast, var/log/messages shows the address leases as they are renewed. I personally like reserving the addresses via mac address which would also solve the need to seeing the leases.
If i can recommend something that will pay itself off 10 times over, it is “deploying SUSE Linux enterprise server” by Mike Peters. You can buy the book online and download it for only $15 US dollars. I have found it extremely helpfull, especially for correctly setting up DHCP and DNS for dynamic updates. I was previously using google and trolling through the useful information. This book has saved me a lot of time.
Here is the web address if you are interested: Self Publishing - Lulu.com
hmm,
you dont have both machines as PDC’s do you. Sounds a little obvious, but Ive made that mistake. as soon as there are elections things start to go haywire.
My suggestion is that if SAMBA works for a time, then its its interaction with the 2k3 box thats giving you some trouble. I’d try demoting the 2k3 machine, which I assume is still a PDC, and running on a workgroup with no PDC. Then promote the SUSE box. You’ll lose active directory functions for a while, but it may isolate the problem.
If your on top of this then thanks for reading my thoughts.
ohh.
for somthing as simple as SAMBA shares alone with active directory authentication. I cannot recommend FreeNAS enough. A little off topic but a fantastic NAS solution. Here FreeNAS: The Free NAS Server - Home Works a treat for anyone stuck in a NT domain.
No the SLES box is set as “not DC”.
Funny you should mention your solution. I am in the process of trying to get GroupWise to work at the moment so i can get rid of the AD interface and just setup LDAP on the SLES box. That is the only service left on the MS server besides active Directory.
As far as i can see the only benifit of having active directory is being able to push group policy out to the workstations. We don’t really have much need for group policy so it won’t be a big loss.
Ok my problem just gets harder. I had no problems accessing samba shares just now. But when i type wbinfo -u in terminal on the suse machine it didn’t return the AD users. However i rebooted and wbinfo -u returns all AD users.
The only reason i tried wbinfo -u just now was because i added another share to samba under yast and it prompted for me to join the domain. However it is already a member of the domain. So i thought the best way to check connectivity to the domain was with wbinfo -u.
Which logs should i check to try and find the problem?
If you dont have the Windows Domain Membership Applet available in Yast>Network Services then head on over to Software Management and grab anything to do with SMB/SAMBA and LDAP.
This will place the machine inside the domain. Users is another thing alltogether. Chances are you’ll be able to veiw all network resources but not access them as a local user on the SuSE machine. Ive never tried to authenticate from a SuSE box on the domain as a domain user.
Well i have some news to report.
After endlessly searching my friend google i think the problem may be solved.
It has now been running 2 days without a problem and is looking good.
The only thing i changed is in smb.conf. I added encrypt passwords = yes.
After all my searching through google i have found there are many different approaches people have taken to get samba to autheniticate to a Active Directory. Some of them have only subtle differences but those differences seem to make or break it. If anyone is interested i can post my smb.conf file. But note i am not using LDAP, i only modified nsswitch.conf, krb5.conf.
How were you able to auth vs the Win2k3 in the first place without encrypting passwords - it’s one of the default group policy parameters in an out of the box W2k3 install?
Good Question! I don’t know… But it didn’t work too well as you can see.
All i know is that i thought encrypt passwords was in there originally.
I knew it had to be there, but somewhere along the line of getting it all working i must have deleted it.
Can i ask, if you edit the smb.conf file manually, is it ok to still you yast to edit samba as well?
).