[SSSD-users] session setup failed: NT_STATUS_NO_LOGON_SERVERS

Thu, 20 Apr 2017 23:33:07 -0700 

Ubuntu 16.04.2
samba 4.3.11+dfsg-0ubuntu0.16.04.6
sssd 1.13.4-1ubuntu1.2
Windows Server 2008 R2 Standard

Have 2 sites with the above setup.
Each site has 1 ubuntu/samba server authenticating to 1 Windows Server 2008 R2 
server running Active Directory

Site 1 works as expected. Traditional linux service, like ssh, auth to AD as 
expected. So do the samba shares.

Site 2 partially works. Linux services like ssh work but samba shares fail to 
auth, session setup failed: NT_STATUS_NO_LOGON_SERVERS

connect_to_domain_password_server: unable to open the domain client session to 
machine DC-1.CORP.DOMAIN.COM. Error was : NT_STATUS_ACCESS_DENIED. [2017/04/20 
01:49:28.902051,  0] ../source3/auth/auth_domain.c:184(domain_client_validate) 
domain_client_validate: Domain password server not available.

I have double checked site1 smb.conf, sssd.conf, krb5.conf against site2 
configuration and they are the "same". 

I don't understand why ssh can authenticate but not samba.

It seems like the problem is on DC-1 but  do not know where to start on the 
debugging of Windows!

sssd.conf

[nss]
filter_groups = root
filter_users = root
reconnection_retries = 3
# debug_level = 7

[pam]
reconnection_retries = 3
# debug_level = 7

[sssd]
config_file_version = 2
reconnection_retries = 3
sbus_timeout = 30
services = nss, pam, pac
config_file_version = 2
domains = CORP.DOMAIN.COM
debug_level = 7

[domain/CORP.DOMAIN.COM]
id_provider = ad
auth_provider = ad
access_provider = ad
chpass_provider = ad
cache_credentials = true
debug_level = 7

# Use this if users are being logged in at /.
# This example specifies /home/DOMAIN-FQDN/user as $HOME.  Use with 
pam_mkhomedir.so
override_homedir = /var/samba/users/%u

smb.conf
[global]
    workgroup = CORP
    realm = CORP.DOMAIN.COM
    preferred master = no
    wins server = 192.168.110.249
    server string = samba-2
    security = ADS
    encrypt passwords = true
    obey pam restrictions = yes
    kerberos method = secrets and keytab

    syslog = 0
    log file = /var/log/samba/%m.log

    max xmit = 16384

    # NO roaming profiles http://melecio.org/node/5
    logon path =
    logon home =
    logon script = %U.bat

    idmap config CORP : backend = ad
    idmap uid = 600-20000
    idmap gid = 600-20000
    template shell = /bin/bash
    template homedir = /var/samba/users/%U

    server signing = auto
    client signing = auto
    client use spnego = yes
    client ntlmv2 auth = yes
    restrict anonymous = 2

    load printers = no
_______________________________________________
sssd-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to