Configuring Linux Ubuntu system to communicate with a new Domain Controller in the Active Directory via Samba. | FIX: Linux “No logon servers” error

By gunnalagActive Directory, Unix Technologies

Step#1:

Ensure that the Linux system is able to connect to the new AD DC server by name and IP address.  A quick setup would involve, configuring the appropriate entries in /etc/hosts file

Your new DC is UKDC01.PORD.LAN with IP-address 172.21.5.201

root@proxy01:~# cat /etc/hosts
127.0.0.1          localhost
172.21.5.190    proxy01.prod.lan proxy01
172.21.5.200    USDC01.PROD.LAN USDC01
172.21.5.201    UKDC01.PORD.LAN UKDC01

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts
root@proxy01:~#

root@proxy01:~# ping UKDC01
PING UKDC01.PORD.LAN (172.21.5.201) 56(84) bytes of data.
From proxy01.prod.lan (172.21.5.190) icmp_seq=1 Destination Host Unreachable
From proxy01.prod.lan (172.21.5.190) icmp_seq=2 Destination Host Unreachable

 

Step#2:

Update your AD domain name that is mapped in Kerberos Realm settings to reflect the new server name. The Kerberos config file is /etc/krb.conf:

/etc/krb.conf

[libdefaults]
    default_realm = PROD.LAN

# The following krb5.conf variables are only for MIT Kerberos.
    krb4_config = /etc/krb.conf
    krb4_realms = /etc/krb.realms
    kdc_timesync = 1
    ccache_type = 4
    forwardable = true
    proxiable = true

[realms]
    PROD.LAN = {
        admin_server = UKDC01.PROD.LAN
        default_domain = PROD.LAN
        kdc = UKDC01.PROD.LAN
    }

 

Step#3:

Update the Samba Config files to refer to the new Domain Controller server:

Update the server name of the new AD DC and also ensure the correct IP of the local server is used in interfaces:

 

/etc/samba/smb.conf

#======================= Global Settings =======================

[global]

## Browsing/Identification ###

# Change this to the workgroup/NT-domain name your Samba server will part of
workgroup = PROD

netbios name = PROXY01
realm = PROD.LAN
security = ads
encrypt passwords = yes
password server = UKDC01.PROD.LAN

#winbind separator =
winbind separator = /

 

winbind use default domain = yes
interfaces = 172.21.5.190 127.0.0.1
bind interfaces only = yes
client signing = Yes
server signing = Yes
client use spnego = Yes

 

Step#4:

Restart Samba Services:

root@proxy01:~# sudo /etc/init.d/winbind stop

* Stopping the Winbind daemon winbind [ OK ]

root@proxy01:~# sudo /etc/init.d/samba restart

* Stopping Samba daemons start-stop-daemon: warning: failed to kill 5908: No such process

[ OK ]

* Starting Samba daemons [ OK ]

root@proxy01:~# sudo /etc/init.d/winbind start

* Starting the Winbind daemon winbind [ OK ]

root@proxy01:~#

 

Step#5

Update the DNS server IP address to point to the new AD server.

 

Step#6

No login to the Linux system and verify that there are no errors like: No logon servers

root@proxy01:~# /usr/bin/ntlm_auth –username administrator –domain=PROD.lan
password:
NT_STATUS_OK: Success (0x0)
root@proxy01:~#

 

root@proxy01:~# netstat -a

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address Foreign Address State

tcp 0 0 proxy:netbios-ssn *:* LISTEN

tcp 0 0 localhost:netbios-ssn *:* LISTEN

tcp 0 0 *:ftp *:* LISTEN

tcp 0 0 *:3128 *:* LISTEN

tcp 0 0 *:smtp *:* LISTEN

tcp 0 0  proxy01:microsoft-ds *:* LISTEN

tcp 0 0 localhost:microsoft-ds *:* LISTEN

tcp 0 0 proxy01.Prod.l:52468 UKDC01.PROD.LA:ldap ESTABLISHED

tcp 0 0 proxy01.Prod.l:47615 UKDC01.:microsoft-ds ESTABLISHED

tcp6 0 0 [::]:ssh [::]:* LISTEN

udp 0 0 proxy01:netbios-ns *:*

udp 0 0 *:netbios-ns *:*

udp 0 0 proxy01:netbios-dgm *:*

udp 0 0 *:netbios-dgm *:*

udp 0 0 *:38963 *:*

udp 0 0 *:icpv2 *:*

udp 0 0 *:icpv2 *:*

udp 0 0 *:icpv2 *:*

udp 0 0 *:37975 *:*

udp 0 0 *:54753 *:*

Active UNIX domain sockets (servers and established)

root@proxy01:~#

 

 

Also verify in AD that the computer object existing properly and it’s last date modified getting updated.

 

Event Type:    Success Audit
Event Source:    Security
Event Category:    Logon/Logoff
Event ID:    540
Date:        1/12/2014
Time:        8:59:48 AM
User:        PRODproxy01$
Computer:    UKDC01
Description:
Successful Network Logon:
     User Name:    proxy01$
     Domain:        PROD
     Logon ID:        (0x0,0xC15CA)
     Logon Type:    3
     Logon Process:    NtLmSsp
     Authentication Package:    NTLM
     Workstation Name:    PROXY01
     Logon GUID:    –
     Caller User Name:    –
     Caller Domain:    –
     Caller Logon ID:    –
     Caller Process ID: –
     Transited Services: –
     Source Network Address:    –
     Source Port:    –

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

By gunnalag

You might also like:

Setup and Test Bind DNS Zone File Replication to Slave Servers on CentOS

FIX: CentOS 6.8 Minimal Install: Device eth0 does not seem to be present, delaying initialization

FIX: Active Directory Replication errors: The RPC server is unavailable. Or The target principal name is incorrect. Or The Kerberos client received a KRB_AP_ERR_MODIFIED error.

Leave a Reply

Your email address will not be published. Required fields are marked *