[Samba] Samba4 AD not Authenticating
Varoujan Avanessians
vavanessians at accoes.com
Wed Jan 9 10:22:15 MST 2013
I have already posted another issue
here<http://samba.2283325.n4.nabble.com/Samba4-Problem-with-Joining-Samba3-to-Samba4-AD-Domain-td4642466.html>that
may be related the current issue I am having.
I have Three Samba4 AD Domain Controllers, the first one installed that was
the primary domain controller is the one having problem, the other two seem
to be working OK. I discovered the problem when I tried to set "Group
Policy" from windows 7 machine. The Current issue and the previous issue
that I have posted<http://samba.2283325.n4.nabble.com/Samba4-Problem-with-Joining-Samba3-to-Samba4-AD-Domain-td4642466.html>all
started after I tried to add active directory Service to FreeNAS
8.0.3.
When i run the "Group Policy Management Console" (gpmc.msc) I get the error
message:
" The domain.company.com forest could not be loaded and will be removed.
The error message was: Unspecified Error".
I stopped Samba and run it in single mode:
[root at SAMBA-AD ~]# /usr/local/samba/sbin/samba -i -M single
and then run gpmc.msc and the got the following message:
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 for
e3514235-4b06-11d1-ab04-00c04fc2dcd2 at ncacn_ip_tcp
:14c15c29-7c8e-4b7a-8e5a-639da645e970._msdcs.domain.company.com[1024,seal,krb5]
NT_STATUS_LOGON_FAILURE
Here are are a list of commands that I ran and the results that I got, I
hope they provide a clue of what might be going on:
[root at SAMBA-AD ~]# wbinfo -u
Error looking up domain users
[root at SAMBA-AD ~]# wbinfo -g
failed to call wbcListGroups: WBC_ERR_DOMAIN_NOT_FOUND
Error looking up domain groups
[root at SAMBA-AD var]# wbinfo -i vavanessians
failed to call wbcGetpwnam: WBC_ERR_DOMAIN_NOT_FOUND
Could not get info for user vavanessians
[root at SAMBA-AD var]# smbtree -U Administrator -D
Enter Administrator's password:
WORKGROUP
SYS_OPS
SUNBELT
SHEETMETAL
SERVICE
SERIVCE
PURCHASING
PROJET_GROUP
PROJECT_GROUP
PROJECT
PRODUCTION
PIPING
PAYROLL
MSHOME
IT
HR
ENG
DISPATCH
CONST
BILLING
AESNB
ADMIN
ACCOUNTING
DOMAIN
[root at SAMBA-AD var]# wbinfo --domain=DOMAIN
[root at SAMBA-AD var]#
wbinfo -t
checking the trust secret for domain DOMAIN via RPC calls failed
error code was NT_STATUS_NO_TRUST_SAM_ACCOUNT (0xc000018b)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
[root at SAMBA-AD var]#
[root at SAMBA-AD ~]# smbclient -L SAMBA-AD -U Administrator
Enter Administrator's password:
Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-229d934]
Sharename Type Comment
--------- ---- -------
netlogon Disk
sysvol Disk
Data Disk
IT Disk
IPC$ IPC IPC Service (Samba 4.1.0pre1-GIT-229d934)
Domain=[DOMAIN] OS=[Unix] Server=[Samba 4.1.0pre1-GIT-229d934]
Server Comment
--------- -------
Workgroup Master
--------- -------
[root at SAMBA-AD ~]# samba-tool fsmo show
InfrastructureMasterRole owner: CN=NTDS
Settings,CN=SAMBA-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=COMPANY,DC=com
RidAllocationMasterRole owner: CN=NTDS
Settings,CN=SAMBA-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=COMPANY,DC=com
PdcEmulationMasterRole owner: CN=NTDS
Settings,CN=SAMBA-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=COMPANY,DC=com
DomainNamingMasterRole owner: CN=NTDS
Settings,CN=SAMBA-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=COMPANY,DC=com
SchemaMasterRole owner: CN=NTDS
Settings,CN=SAMBA-AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=COMPANY,DC=com
[root at SAMBA-AD ~]#
Thanks in advance for any help that you can provide.
Varouj
--
*Varouj (V.J.) Avanessians | Sr. Linux Sys Administrator | ACCO Engineered
Systems*
6265 San Fernando Rd | Glendale, California | 91201- 2214
(818)-730-5846 Mobile | (818)-244-6571 Main*
*
More information about the samba
mailing list