Samba Lost Connection with Active Directory Domain Controller

A legacy Samba server recently stopped allowing users to connect to its shares. This was very odd, that this began happening, since this machine has been in service for years. One thing that had recently changed, was that there were some Active Directory Domain Controllers demoted to be decommissioned.
I began looking in the logs and found the following messages:


[2007/12/04 14:03:30, 1] libsmb/cliconnect.c:cli_start_connection(1403)
session request to *SMBSERVER failed (Not listening on called name)
[2007/12/04 14:03:30, 1] libsmb/cliconnect.c:cli_start_connection(1403)
session request to AD01 failed (Not listening on called name)
[2007/12/04 14:03:30, 1] libsmb/cliconnect.c:cli_start_connection(1403)
session request to *SMBSERVER failed (Not listening on called name)
[2007/12/04 14:03:30, 1] libsmb/cliconnect.c:cli_start_connection(1403)
session request to AD01 failed (Not listening on called name)
[2007/12/04 14:03:30, 1] libsmb/cliconnect.c:cli_start_connection(1403)
session request to *SMBSERVER failed (Not listening on called name)
[2007/12/04 14:03:30, 0] auth/auth_domain.c:domain_client_validate(170)
domain_client_validate: Domain password server not available.

Obviously it was unable to connect to any of the remaining Domain Controllers (DC's). The AD01 mentioned above, was one of the decommissioned systems. Some online solutions suggested re-joining the server to the domain, but this seemed to be a little overkill.

I went into the smb.conf file.

[root@host ]$ vi /etc/samba/smb.conf

A small portion of the configuration file looked like:

<--begin snip-->
security = ADS
realm = techsneeze.com
<--end snip-->

Since Samba was unable to find the domain controller, I decided to try to explicitily define where it should look for authentication. I added “password server” to the configuration, so it looked like:


<--begin snip-->
security = ADS
realm = techsneeze.com
password server = ad02
<--end snip-->

Once this was added to the configuration file, I restarted Samba to pick up the changes:


[root@host ]$ service smb restart

Users were now able to access the shares on the Samba server!

Leave a Reply

Your email address will not be published. Required fields are marked *