[Samba] member joined, but...
L.P.H. van Belle
belle at bazuin.nl
Wed Apr 2 02:11:25 MDT 2014
I really dont get it. :-(
so if anyone has any tip for me please...
i need this also for my print server...
wbinfo -a "INTERNAL\Administrator%Mypassword"
plaintext password authentication succeeded
challenge/response password authentication succeeded
net rpc group members users -U Administrator -d5
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
Could not connect to server 127.0.0.1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
failed to make ipc connection: NT_STATUS_LOGON_FAILURE
return code = -1
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
net -S rtd-dc1.internal.domain.tld rpc group members users -U INTERNAL\\Administrator -d5
Bind RPC Pipe: host rtd-dc1.internal.domain.tld auth_type 0, auth_level 1
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 32
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 84
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 32
Bind RPC Pipe: host rtd-dc1.internal.domain.tld auth_type 0, auth_level 1
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 32
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 32
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 44
rpc_api_pipe: host rtd-dc1.internal.domain.tld
rpc_read_send: data_to_read: 32
rpc command function failed! (NT_STATUS_NO_SUCH_ALIAS)
return code = -1
and the log of the member joining the AD Domain :
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: starting transaction on zone internal.domain.tld
Apr 1 16:37:56 rtd-dc1 named[1993]: client 192.168.1.240#45737: updating zone 'internal.domain.tld/NONE': update unsuccessful: rtd-mem-001.internal.domain.tld/A: 'RRset exists (value dependent)' prerequisite not satisfied (NXRRSET)
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: cancelling transaction on zone internal.domain.tld
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: starting transaction on zone internal.domain.tld
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: spnego update failed
Apr 1 16:37:56 rtd-dc1 named[1993]: client 192.168.1.240#45737: updating zone 'internal.domain.tld/NONE': update failed: rejected by secure update (REFUSED)
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: cancelling transaction on zone internal.domain.tld
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: starting transaction on zone internal.domain.tld
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: allowing update of signer=RTD-MEM-001\$\@INTERNAL.DOMAIN.TLD name=rtd-mem-001.internal.domain.tld tcpaddr=192.168.1.240 type=A key=2c894e72-89f7-4a15-b76f-73cc99c998dd/160/0
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: allowing update of signer=RTD-MEM-001\$\@INTERNAL.DOMAIN.TLD name=rtd-mem-001.internal.domain.tld tcpaddr=192.168.1.240 type=A key=2c894e72-89f7-4a15-b76f-73cc99c998dd/160/0
Apr 1 16:37:56 rtd-dc1 named[1993]: client 192.168.1.240#45737: updating zone 'internal.domain.tld/NONE': deleting rrset at 'rtd-mem-001.internal.domain.tld' A
Apr 1 16:37:56 rtd-dc1 named[1993]: client 192.168.1.240#45737: updating zone 'internal.domain.tld/NONE': adding an RR at 'rtd-mem-001.internal.domain.tld' A
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: added rtd-mem-001.internal.domain.tld rtd-mem-001.internal.domain.tld.#0113600#011IN#011A#011192.168.1.240
Apr 1 16:37:56 rtd-dc1 named[1993]: samba_dlz: subtracted rdataset internal.domain.tld 'internal.domain.tld.#0113600#011IN#011SOA#011rtd-dc1.internal.domain.tld. hostmaster.internal.domain.tld. 12 900 600 86400 0'
Apr 1 16:37:57 rtd-dc1 named[1993]: samba_dlz: added rdataset internal.domain.tld 'internal.domain.tld.#0113600#011IN#011SOA#011rtd-dc1.internal.domain.tld. hostmaster.internal.domain.tld. 13 900 600 86400 0'
Apr 1 16:37:57 rtd-dc1 named[1993]: samba_dlz: committed transaction on zone internal.domain.tld
>-----Oorspronkelijk bericht-----
>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org]
>Namens L.P.H. van Belle
>Verzonden: woensdag 2 april 2014 8:25
>Aan: samba at lists.samba.org
>Onderwerp: Re: [Samba] member joined, but...
>
>Hai Rowland,
>
>wel this is in it, is the same as for the 2 DC ( and are ips
>nameserver in resolv.conf )
>
>resolv.conf
>search internal.domain.tld
>domain internal.domain.tld
>nameserver 192.168.1.1
>nameserver 192.168.1.2
>
>krb5.conf
>[libdefaults]
> dns_lookup_realm = true
> dns_lookup_kdc = true
> default_realm = INTERNAL.DOMAIN.TLD
>
>
>i dont get it.
>software installed ( from the script i run )
>apt-get install sernet-samba sernet-samba-winbind fam acl attr quota -y
>samba set to classic.
>did kerberos setup.
>checked with klist -e
>joined the domain with : net ads join -U Administrator
>started up samba :
>/etc/init.d/sernet-samba-smbd start
>/etc/init.d/sernet-samba-nmbd start
>/etc/init.d/sernet-samba-winbindd start
>
>/etc/pam.d/samba
># copy from /etc/pam.d/common-auth - authentication
>settings common to all services
>#
>auth sufficient pam_winbind.so
>auth [success=1 default=ignore] pam_unix.so
>nullok_secure use_first_pass
>auth requisite pam_deny.so
>auth required pam_permit.so
>
># copy from /etc/pam.d/common-account - authorization
>settings common to all services
>#
>account sufficient pam_winbind.so
>account [success=1 new_authtok_reqd=done default=ignore]
> pam_unix.so
>account requisite pam_deny.so
>account required pam_permit.so
>
># copy from /etc/pam.d/common-session - session-related
>modules common to all services
>#
>session required pam_mkhomedir.so
>session required pam_winbind.so
>session [default=1] pam_permit.so
>session requisite pam_deny.so
>session required pam_permit.so
>session required pam_unix.so
>
>nsswitch.conf
>passwd: compat winbind
>group: compat winbind
>shadow: compat
>
>hosts: files dns
>networks: files
>
>protocols: db files
>services: db files
>ethers: db files
>rpc: db files
>
>
>wbinfo -u
>wbinfo -g
>is ok, i get the users and groups.
>
>getent passwd works ( if i set uid/gid in the unix tab of the
>users/group)
>
>so looks all fine to me... so whats going on.. i dont see it.
>
>Greetz,
>
>Louis
>
>>-----Oorspronkelijk bericht-----
>>Van: belle at bazuin.nl [mailto:samba-bounces at lists.samba.org]
>>Namens L.P.H. van Belle
>>Verzonden: dinsdag 1 april 2014 17:00
>>Aan: samba at lists.samba.org
>>Onderwerp: [Samba] member joined, but...
>>
>>Hai,
>>
>>I have automated the install of my member server.
>>Followed the wiki :
>>https://wiki.samba.org/index.php/Samba/Domain_Member
>>
>>Everything works nicely, but... .. read on.. ;-)
>>
>>ok, so wiki says:
>>https://wiki.samba.org/index.php/Setup_and_configure_file_shares
>>
>>and now im at the point : SeDiskOperatorPrivilege
>>and .. for the DC's installed this worked without problems...
>>
>>but for the domain member. im getting ...
>>
>>net rpc rights list accounts -Uadministrator
>>Enter administrator's password:
>>Could not connect to server 127.0.0.1
>>The username or password was not correct.
>>Connection failed: NT_STATUS_LOGON_FAILURE
>>
>>net -S servername rpc rights list accounts -Uadministrator
>>Enter administrator's password:
>>Could not connect to server rtd-mem-001
>>The username or password was not correct.
>>Connection failed: NT_STATUS_LOGON_FAILURE
>>
>>net -S servername.internal.domain.tld rpc rights list accounts
>>-Uadministrator
>>Enter administrator's password:
>>Could not connect to server servername.internal.domain.tld
>>The username or password was not correct.
>>Connection failed: NT_STATUS_LOGON_FAILURE
>>
>>and ofcourse setting the Se right didnt work
>>
>>net rpc rights grant 'MYDOMAIN\Domain Admins'
>>SeDiskOperatorPrivilege -Uadministrator
>>Enter administrator's password:
>>Could not connect to server 127.0.0.1
>>The username or password was not correct.
>>Connection failed: NT_STATUS_LOGON_FAILURE
>>
>>
>>so..
>>/etc/hosts ( checked )
>>/etc/nsswitch.conf ( checked )
>>/etc/resolv.conf (check)
>>/var/log/samba/ all logs checked, no errors at all.
>>kinit Administrator ( checked )
>>
>>/etc/samba/smb.conf
>>
>>[global]
>>
>> workgroup = INTERNAL
>> security = ADS
>> realm = INTERNAL.DOMAIN.TLD
>>
>> idmap config *:backend = tdb
>> idmap config *:range = 500001-800000
>> idmap config BAZRTD:backend = ad
>> idmap config BAZRTD:schema_mode = rfc2307
>> idmap config BAZRTD:range = 10000-400000
>>
>> winbind nss info = rfc2307
>> winbind trusted domains only = no
>> winbind use default domain = yes
>> #winbind enum users = yes
>> #winbind enum groups = yes
>>
>> template shell = /bin/bash
>> template homedir = /home/samba/DOMAIN/%USERNAME%
>>
>> # For ACL support on member server
>> vfs objects = acl_xattr
>> map acl inherit = Yes
>> store dos attributes = Yes
>>
>> # disable printing completely
>> load printers = no
>> printing = bsd
>> printcap name = /dev/null
>> disable spoolss = yes
>>
>>
>>
>>Anyone an idee?
>>
>>
>>
>>
>>--
>>To unsubscribe from this list go to the following URL and read the
>>instructions: https://lists.samba.org/mailman/options/samba
>>
>>
>
>--
>To unsubscribe from this list go to the following URL and read the
>instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list