[Samba] Samba4 member of an another « Samba4 » domain
Matthieu Patou
mat at samba.org
Sun Apr 7 17:37:50 MDT 2013
On 04/06/2013 06:08 PM, François Lafont wrote:
> Hello,
>
> I have progressed but It still doesn't work. I recall:
>
> - Domain controller on Debian Wheezy (domain = chezmoi.priv) with Samba version 4.0.4 (works fine).
> - I *try* to install a member of the "chezmoi.priv" domain on an another Debian Wheezy with Samba version 4.0.4.
>
> Below, I explain what I have done on the member server. I have made 2 attemps which don't work. Thanks in advance for your help.
>
>
> Here is my /usr/local/samba/etc/smb.conf file in the member server:
>
> -----------------------------------------------
> [global]
> workgroup = CHEZMOI
> security = ADS
> realm = CHEZMOI.PRIV
> encrypt passwords = yes
> idmap config *:backend = tdb
> idmap config *:range = 70001-80000
> idmap config CHEZMOI:backend = ad
> idmap config CHEZMOI:schema_mode = rfc2307
> idmap config CHEZMOI:range = 500-40000
> winbind nss info = rfc2307
> winbind trusted domains only = no
> winbind use default domain = yes
> winbind enum users = yes
> winbind enum groups = yes
> -----------------------------------------------
>
> root at member~# ln -s /usr/local/samba/lib/libnss_winbind.so /lib/libnss_winbind.so
> root at member~# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2
>
> Here is my /etc/nsswitch.conf file:
>
> -----------------------------------------------
> passwd: compat winbind
> group: compat winbind
> ...
> -----------------------------------------------
>
>
> 1) First attempt to join the domain in the member server
>
> root at member~# samba-tool domain join chezmoi.priv member -U administrator --realm=chezmoi.priv
> Password for [CHEZMOI\administrator]:
> Joined domain CHEZMOI (S-1-5-21-3370545617-3166960116-3193249687)
>
> root at member~# ldconfig
>
> root at member~# smbd && nmbd
>
> And now impossible to run winbindd.
>
> -----------------------------------------------
> root at member~# winbindd -i -d 10
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> Maximum core file size limits now 16777216(soft) -1(hard)
> winbindd version 4.0.4 started.
> Copyright Andrew Tridgell and the Samba Team 1992-2012
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = CHEZMOI
> doing parameter security = ADS
> doing parameter realm = CHEZMOI.PRIV
> doing parameter encrypt passwords = yes
> doing parameter idmap config *:backend = tdb
> doing parameter idmap config *:range = 70001-80000
> doing parameter idmap config CHEZMOI:backend = ad
> doing parameter idmap config CHEZMOI:schema_mode = rfc2307
> doing parameter idmap config CHEZMOI:range = 500-40000
> doing parameter winbind nss info = rfc2307
> doing parameter winbind trusted domains only = no
> doing parameter winbind use default domain = yes
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> Maximum core file size limits now 16777216(soft) -1(hard)
> Registering messaging pointer for type 2 - private_data=(nil)
> Registering messaging pointer for type 9 - private_data=(nil)
> Registered MSG_REQ_POOL_USAGE
> Registering messaging pointer for type 11 - private_data=(nil)
> Registering messaging pointer for type 12 - private_data=(nil)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Registering messaging pointer for type 1 - private_data=(nil)
> Registering messaging pointer for type 5 - private_data=(nil)
> lp_load_ex: refreshing parameters
> Freeing parametrics:
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> params.c:pm_process() - Processing configuration file "/usr/local/samba/etc/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = CHEZMOI
> doing parameter security = ADS
> doing parameter realm = CHEZMOI.PRIV
> doing parameter encrypt passwords = yes
> doing parameter idmap config *:backend = tdb
> doing parameter idmap config *:range = 70001-80000
> doing parameter idmap config CHEZMOI:backend = ad
> doing parameter idmap config CHEZMOI:schema_mode = rfc2307
> doing parameter idmap config CHEZMOI:range = 500-40000
> doing parameter winbind nss info = rfc2307
> doing parameter winbind trusted domains only = no
> doing parameter winbind use default domain = yes
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> added interface eth0 ip=fe80::a00:27ff:fe4b:65d3%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
> Netbios name list:-
> my_netbios_names[0]="WHEEZY-2"
> added interface eth0 ip=fe80::a00:27ff:fe4b:65d3%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> added interface eth0 ip=192.168.0.22 bcast=192.168.0.255 netmask=255.255.255.0
> Process with PID=2689 does not exist.
> Deleting /usr/local/samba/var/run/winbindd.pid, since 2689 is not a Samba process.
> fcntl_lock 8 6 0 1 1
> fcntl_lock: Lock call successful
> TimeInit: Serverzone is -7200
> initialize_winbindd_cache: clearing cache and re-creating with version number 2
> check lock order 2 for /usr/local/samba/var/lock/serverid.tdb
> lock order: 1:<none> 2:/usr/local/samba/var/lock/serverid.tdb 3:<none>
> Locking key 870A000000000000FFFF
> Allocated locked data 0x0x2136700
> Unlocking key 870A000000000000FFFF
> release lock order 2 for /usr/local/samba/var/lock/serverid.tdb
> lock order: 1:<none> 2:<none> 3:<none>
> Registering messaging pointer for type 33 - private_data=(nil)
> Registering messaging pointer for type 13 - private_data=(nil)
> Registering messaging pointer for type 1028 - private_data=(nil)
> Registering messaging pointer for type 1027 - private_data=(nil)
> Registering messaging pointer for type 1029 - private_data=(nil)
> Registering messaging pointer for type 1280 - private_data=(nil)
> Registering messaging pointer for type 1032 - private_data=(nil)
> Registering messaging pointer for type 1033 - private_data=(nil)
> Registering messaging pointer for type 1034 - private_data=(nil)
> Registering messaging pointer for type 1 - private_data=(nil)
> Overriding messaging pointer for type 1 - private_data=(nil)
> wcache_tdc_add_domain: Adding domain BUILTIN (), SID S-1-5-32, flags = 0x0, attributes = 0x0, type = 0x0
> pack_tdc_domains: Packing 1 trusted domains
> pack_tdc_domains: Packing domain BUILTIN ()
> idmap config BUILTIN : range = not defined
> Added domain BUILTIN S-1-5-32
> wcache_tdc_add_domain: Adding domain WHEEZY-2 (), SID S-1-5-21-210096926-4033722923-1792459932, flags = 0x0, attributes = 0x0, type = 0x0
> pack_tdc_domains: Packing 2 trusted domains
> pack_tdc_domains: Packing domain BUILTIN ()
> pack_tdc_domains: Packing domain WHEEZY-2 ()
> idmap config WHEEZY-2 : range = not defined
> Added domain WHEEZY-2 S-1-5-21-210096926-4033722923-1792459932
> Could not fetch our SID - did we join?
> unable to initialize domain list
> -----------------------------------------------
Hum, interesting, would be worth to check that from a clean setup you
have this issue again and again.
> Boum !!! The command is stopped.
>
>
> 2) Second attempt to join the domain in the member server. It's better but It doesn't work too.
>
> root at member:~# net ads join -U administrator
> Enter administrator's password:
> Using short domain name -- CHEZMOI
> Joined 'WHEEZY-2' to dns domain 'chezmoi.priv'
> DNS Update for wheezy-2.chezmoi.priv failed: ERROR_DNS_UPDATE_FAILED
> DNS update failed: NT_STATUS_UNSUCCESSFUL
>
> root at member:~# ldconfig
> root at member:~# smbd && nmbd
> root at member:~# winbindd -i -d 10
>
> And winbindd seems to be ok. I have :
>
> root at member:~# wbinfo -u
> administrator
> krbtgt
> test10
> test11
> guest
> test1
> test2
> test3
> test4
> test5
> test6
> ...
>
> root at member:~# wbinfo -i test9
> test9:*:70004:70001:test9:/home/CHEZMOI/test9:/bin/false
>
> But if I create an user in the domain controller server:
>
> root at dc:~# samba-tool user add test12 --random-password
> User 'test12' created successfully
>
> after in the member server:
>
> root at member:~# wbinfo -i test12
> failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
> Could not get info for user test12
>
> Here is the stdout of winbindd during the command :
>
> -----------------------------------------------
> info : *
> info: struct wbint_userinfo
> acct_name : *
> acct_name : 'test12'
> full_name : NULL
> homedir : NULL
> shell : NULL
> primary_gid : 0x00000000ffffffff (4294967295)
> user_sid : S-1-5-21-3370545617-3166960116-3193249687-1115
> group_sid : S-1-5-21-3370545617-3166960116-3193249687-513
> result : NT_STATUS_NOT_FOUND
> Could not convert sid S-1-5-21-3370545617-3166960116-3193249687-1115: NT_STATUS_NOT_FOUND
> wb_request_done[2813:GETPWNAM]: NT_STATUS_NOT_FOUND
> winbind_client_response_written[2813:GETPWNAM]: delivered response to client
> closing socket 23, client exited
> -----------------------------------------------
Don't you have rfc2307 configured ? if so for the new user did you set
the needed attributes ?
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba
mailing list