[Samba] Domain problem... (other way)

Henrik Zagerholm henke at mac.se
Thu Sep 28 21:11:29 GMT 2006 

27 sep 2006 kl. 16:26 skrev Elvis Aaron Presley:

> I used "net rpc join -S server32 -U Administrador" to add the linux
> machine to the domain. The net ad leave is for the kerberos method if
> I'm not in a mistake.
>
> Do you mean remove all computer accounts at the domain server?
> !!??!?!?!!??!?
Noooooooooo!
Just the Samba account. You can't add it again if its there. (Well,  
you can reset AD accounts also.)
>
> Elvis
>
> -----Mensaje original-----
> De: Henrik Zagerholm [mailto:henke at mac.se]
> Enviado el: miércoles, 27 de septiembre de 2006 15:40
> Para: Elvis Aaron Presley
> CC: 'Lista Samba'
> Asunto: Re: [Samba] Domain problem... (other way)
>
>
> I would remove any computer accounts in AD.
> You think should have used net ad leave before uninstall.
>
> Do you use net rpc join or net ads join?
>
> 27 sep 2006 kl. 14:44 skrev Elvis Aaron Presley:
>
>> Ok, I see there is no solution for this strange situation... Now, I
>> want
>> to reinstall samba and winbind.
>>
>> I'll delete the user and the computer at the domain.
>> I'll uninstall samba and winbind using apt-get on my debian How can I
>> deatach the machine from the domain on linux? Is there something more
>> to do to start again?
>>
>> Elvis
>>
>> -----Mensaje original-----
>> De: samba-bounces+elvisa=terra.es at lists.samba.org
>> [mailto:samba-bounces+elvisa=terra.es at lists.samba.org] En nombre de
>> Elvis Aaron Presley Enviado el: miércoles, 27 de septiembre de 2006
>> 12:59
>> Para: 'Lista Samba'
>> Asunto: RE: [Samba] Domain problem...
>>
>>
>> Hello, I've tried what you said and restarted samba and winbind...  
>> But
>
>> no success... :( After that, I re-joined to the domain, but the same
>> result... I see when I tried to rejoin to the domain in the PDC w2000
>> event log a 5722 event. This is the error message:
>>
>> The session setup from the computer ORACLE failed to authenticate.  
>> The
>
>> name of the account referenced in the security database is ORACLE$.
>> The following error
>> occurred:
>> Access is denied.
>>
>> But the user exist at the domain. ¿?
>>
>> I see the log at /var/log/samba/log.winbindd with this:
>>
>> [2006/09/27 11:39:50, 0] libads/kerberos.c:ads_kinit_password(164)
>>   kerberos_kinit_password ORACLE$@RXN32.BIZ failed: Cannot resolve
>> network address for KDC in requested realm [2006/09/27 11:39:50, 1]
>> nsswitch/winbindd_ads.c:ads_cached_connection(109)
>>   ads_connect for domain RXN32 failed: Cannot resolve network address
>> for KDC in requested realm
>>
>> The log at /var/log/samba/log.wb-RXN32 has:
>>
>> [2006/09/27 12:07:04, 0] libsmb/credentials.c:creds_client_check(256)
>>   creds_client_check: credentials check failed.
>> [2006/09/27 12:07:04, 0]
>> rpc_client/cli_netlogon.c:rpccli_netlogon_sam_network_logon(898)
>>   rpccli_netlogon_sam_network_logon: credentials chain check failed
>> [2006/09/27 12:07:04, 0] libads/kerberos.c:ads_kinit_password(164)
>>   kerberos_kinit_password ORACLE$@RXN32.BIZ failed: Cannot resolve
>> network address for KDC in requested realm [2006/09/27 12:07:04, 1]
>> nsswitch/winbindd_ads.c:ads_cached_connection(109)
>>   ads_connect for domain RXN32 failed: Cannot resolve network address
>> for KDC in requested realm
>>
>>
>> But I'm not using kerberos. In addition, this errors are present
>> too in
>> other older dates, and the server was working fine at that dates.
>>
>> What can I do? I need to share folder on my debian to domain
>> users... :S
>>
>> Elvis
>>
>> -----Mensaje original-----
>> De: Henrik Zagerholm [mailto:henke at mac.se]
>> Enviado el: miércoles, 27 de septiembre de 2006 9:30
>> Para: Elvis Aaron Presley
>> CC: 'Lista Samba'
>> Asunto: Re: [Samba] Domain problem...
>>
>>
>> Hello,
>>
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> also check that getent passwd shows domain users.
>>
>> Cheers,
>> Henrik
>>
>> 27 sep 2006 kl. 09:23 skrev Elvis Aaron Presley:
>>
>>> Nobody knows any information or test for me? :(
>>>
>>> Elvis
>>>
>>> -----Mensaje original-----
>>> De: samba-bounces+elvisa=terra.es at lists.samba.org
>>> [mailto:samba-bounces+elvisa=terra.es at lists.samba.org] En nombre de
>>> Elvis Aaron Presley Enviado el: martes, 26 de septiembre de 2006
>>> 14:04
>>> Para: Lista Samba
>>> Asunto: [Samba] Domain problem...
>>>
>>>
>>> Hello all, This is the first time I write to the list. Sorry  
>>> about my
>
>>> english...
>>>
>>> My Debian Sarge server was working perfectly with samba and
>>> winbind as
>>
>>> a normal client in a Domain enviroment. I was able to share folders
>>> on my linux machine giving rights to the domain users. Everything  
>>> was
>>> working
>>> until one day in that it crashed for some reason I don't know. I
>>> didn't
>>> touch anything of my config files (smb.conf,nsswitch.conf) so I
>>> suppose
>>> it's ok. The problem is that now, I can't do "wbinfo -u"
>>> successfully.
>>> It returns "Error looking domain users", so I can't share  
>>> directories
>>> with domain users.
>>>
>>> Enviroment info:
>>>
>>> PDC: W2000 server (ip 192.168.1.102,netbios-name server32) with DNS
>>> server
>>> Debian: domain client (ip 192.168.1.249,netbios-name oracle) with  
>>> DNS
>
>>> server
>>>
>>> Other clients in the network uses DNS1 192.168.1.102 and DNS2
>>> 192.168.1.249 ... I don't know if this info is relevant.
>>>
>>> "net rpc join -S server32 -U Administrador%pass" returns "Joined
>>> domain RXN32." "wbinfo -m" returns "RXN32" <- is the netbios name of
>>> the domain
>>> "wbinfo -t" returns "checking the trust secret via RPC calls
>>> succeeded"
>>> "wbinfo -u" returns "Error looking up domain users" "wbinfo -g"
>>> returns
>>> "Error looking up domain groups"
>>>
>>> Samba version 3.0.22 on debian machine. And in the domain exist the
>>> user "oracle" with password "realpwd".
>>>
>>> I've tried "wbinfo --authenticate=oracle%fakepwd" and return:
>>>
>>> plaintext password authentication failed
>>> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>>> error messsage was: No such user
>>> Could not authenticate user oracle%fakepwd with plaintext password
>>> challenge/response password authentication failed error code was
>>> NT_STATUS_WRONG_PASSWORD (0xc000006a) error messsage was: Wrong
>>> Password Could not authenticate user oracle with challenge/response
>>>
>>> But if I try "wbinfo --authenticate=oracle%realpwd" it returns:
>>>
>>> plaintext password authentication failed
>>> error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
>>> error messsage was: No such user
>>> Could not authenticate user oracle%realpwd with plaintext password
>>> challenge/response password authentication succeeded
>>>
>>> What????? How is it possible? The user exist in the domain. I've
>>> tried
>>
>>> delete it and create it again and same result. I've tried with other
>>> user... But same result.
>>>
>>> How can this stop to work if I didn't change anything? Is possible
>>> that it happenned after apt-get dist-upgrade?
>>>
>>> This is the global part of my smb.conf but i supposse it's ok  
>>> because
>
>>> it was working and nothing changed:
>>>
>>> [global]
>>>         workgroup = RXN32
>>>         security = DOMAIN
>>>         password server = server32
>>>         encrypt passwords = true
>>>         idmap uid = 10000-20000
>>>         idmap gid = 10000-20000
>>>         template shell = /bin/bash
>>>         winbind separator = +
>>>         netbios name = oracle
>>>
>>> I googled a lot, but with no luck... :(
>>>
>>> Thank for read this "big text", and sorry if this message is at
>>> incorrect list. If there is a more specific list for this kind of
>>> issues, please tell me.
>>>
>>> Thanks in advance and Regards.
>>>
>>> Elvis
>>>
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>>
>>> --
>>> To unsubscribe from this list go to the following URL and read the
>>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/listinfo/samba
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list