0

We have Windows 2003 domain server managing/servicing a small (10 machine) network. Users work primarly on Windows. We have a Linux Web server on the same net, with an activated Samba NFS, and several users from the domain explicitly named as valid accessors to Samba. The Linux machine also acts as the DNS server for the internal network.

Until recently, those Windows users have been able to see over onto the Linux system [explore, open/edit/close files, etc.] (and so adminstrate the web site without logging directly into the Linux system).

Suddenly this no longer works; attempts to access the Linux system get a login popup, but typing in a user id valid on the domain (and on the Linux) system always get "can't access file".

We don't touch the web server configuration if we can help and there's pretty much no need. We try not to mess with the Windows domain server either. While we are accomplished amatuers at system administration, its clear we aren't experts and we havent' been able to guess what changed that could cause this. The only thing that we know we changed recently was the upstream DNS server; seems we had the wrong DNS server address for quite a long time and that wrong DNS server finally became inaccessible. We changed it to our ISP's DNS, and all seemed well. We can't say for sure that the moment this switch occurred, that the Samba file system became inaccessible becuase we do system admin only every few days.

Any thoughts or where to look?

EDIT: It turned out that making the Linux system join the Windows domain did the trick. What is puzzling is that everything worked for ~~ 2 years without us apparantly doing that (we may have done so and forgotten, but why joining a domain would evaporate is beyond me). Well, problem solved but not exactly clear what the problem was.

Thanks to those that considered this question.

Ira Baxter
  • 113
  • 5

1 Answers1

1

If the fault started occuring around the time you made the DNS switch, that's the first thing I'd check.

However, you're not clear about which DNS settings you've changed: on your samba/web server? on your windows clients? On your windows server?

Samba can (depending on your configuration) rely on DNS to either connect to the authenticating windows server (if it's just doing NT4 style connections), or for Kerberos connections (if it's connecting using an AD connection). So if you've changed the DNS settings in /etc/resolv.conf on your samba server, and it now cannot resolve the windows server at all, then that is one possible explanation

First of all though: Check your samba logfiles. Generally in /var/log/samba/ or similar, but it's very distro and admin-dependant.

If that doesn't give you any clear idea (such as errors regarding "cannot resolve hostname" or similar), then check the smb.conf file to see what the "security" setting is, and from there work out if there is a DNS issue with resolution. And if it gives other errors that occur related to a login attempt

If your security setting is "server" or "domain", it's doing NT4 style auths, and if your security setting is "ADS", then it's doing a kerberos-based auth off AD.

For NT4 style auths, there's generally a "password server" variable set in smb.conf - if this doesn't resolve, you can't login. For ADS auth, you have to make sure that your /etc/krb5.conf file is correct, and that hosts mentioned in there resolve correctly as well.

I'm not going to replicate all the many existing docs on setting up samba in either of these situations, however here's some links to some useful looking documentation:

Daniel Lawson
  • 5,476
  • 22
  • 27
  • Daniel: you get credit for saying "RTFM" :-} We did and eventually solved the problem. Didn't seem to have anything to do with DNS. – Ira Baxter Aug 29 '09 at 22:21