所以今天我设置了一个运行 samba 的新文件服务器和身份验证服务器。我已经将两个 unix 系统连接到 ldap(它也在运行),并将 2 个 windows 2003 服务器连接到 samba 身份验证。当我尝试将我的 windows 2012 服务器连接到 samba 时,出现了奇怪的问题。它给了我这个错误:
An Active Domain Controller for the domain "mosek.intranet" could not be contacted
dns query was for the SRV record for _ldap._tcp.dc._msdcs.mosek.intranet
the following domain controllers were indentified by the query:
fredericia
however no domain controllers could be contacted
我觉得这很有趣,因为所有其他 Windows 版本都运行良好(我也测试过 2008)我在测试之前遇到过这个问题,但解决方案是将这些行添加到我的 smb.conf 中:
domain master = yes
local master = yes
有人能解决这个问题吗?我几乎可以肯定,只需要在 smb.conf 中添加一两行,就像我之前修复该问题的方法一样,这样新版本的 Windows 就会知道我的服务器是域控制器。
为了帮助您找到可行的解决方案,我有一个新的数据:我的身份验证服务器正在运行 ubuntu 14.04,我尝试加入的服务器是 windwos server 2012
我的 smb.conf 如下所示:
[global]
workgroup = MOSEK.INTRANET
netbios name = FREDERICIA
server string = MOSEK PDC
deadtime = 10
log level = 1
log file = /var/log/samba/log.%m
max log size = 5000
debug pid = yes
debug uid = yes
syslog = 0
utmp = yes
security = user
domain logons = yes
domain master = yes
local master = yes
preferred master = yes
os level = 255
logon path =
logon home =
logon drive = x:
logon script = \\fredericia\logon\logon.bat
acl allow execute always = True
passdb backend = ldapsam:"ldap://fredericia.mosek.intranet/"
ldap ssl = off
ldap admin dn = cn=admin,dc=mosek,dc=intranet
ldap delete dn = no
## Sync UNIX password with Samba password
## Method 1:
ldap password sync = yes
## Method 2:
;ldap password sync = no
;unix password sync = yes
;passwd program = /usr/sbin/smbldap-passwd -u '%u'
;passwd chat = "Changing *\nNew password*" %n\n "*Retype new password*"$
ldap suffix = dc=mosek,dc=intranet
ldap user suffix = ou=Users
ldap group suffix = ou=Groups
ldap machine suffix = ou=Computers
ldap idmap suffix = ou=Idmap
add user script = /usr/sbin/smbldap-useradd -m '%u' -t 1
rename user script = /usr/sbin/smbldap-usermod -r '%unew' '%uold'
delete user script = /usr/sbin/smbldap-userdel '%u'
set primary group script = /usr/sbin/smbldap-usermod -g '%g' '%u'
add group script = /usr/sbin/smbldap-groupadd -p '%g'
delete group script = /usr/sbin/smbldap-groupdel '%g'
add user to group script = /usr/sbin/smbldap-groupmod -m '%u' '%g'
delete user from group script = /usr/sbin/smbldap-groupmod -x '%u' '%g'
add machine script = /usr/sbin/smbldap-useradd -w '%u' -t 1
[NETLOGON]
path = /space/logon
browseable = no
share modes = no
[PROFILES]
path = /var/lib/samba/profiles
browseable = no
writeable = yes
create mask = 0611
directory mask = 0700
profile acls = yes
csc policy = disable
map system = yes
map hidden = yes
答案1
可能是 Samba 的版本。您可以通过打开 powershell 添加版本 1。输入Add-WindowsFeature FS-SMB1。重新启动。有人说重新启动后可能需要长达 10 分钟才能完全初始化。
您也可以使用 powershell 命令Get SMBConnection查看版本信息。
编辑....
如果这是 2012R2 那么.....
这可能是一个有用的链接Server 2012 R2 中的 Samba
这是该网站的一份声明。...
如果使用 Windows 2012 R2 作为域控制器,则意味着 Windows XP / Server 2003 客户端将无法执行登录脚本(NETLOGON)并运行存储在域控制器上的网络文件夹中的某些组策略。