[Samba] Samba AD - Trust Relationship error.
Rowland Penny
rpenny at samba.org
Tue Nov 28 18:55:37 UTC 2017
On Tue, 28 Nov 2017 13:23:11 -0500
subscriptions <subscriptions at renuecomputers.com> wrote:
> On 11/28/2017 01:02 PM, Rowland Penny via samba wrote:
> > On Tue, 28 Nov 2017 12:24:55 -0500
> > subscriptions via samba<samba at lists.samba.org> wrote:
> >
> >> Hello all,
> >>
> >> I am not really new to samba but I am new to running a samba AD and
> >> AD in general. I have a client that I will be changing over to a
> >> new server running samba 4.6.7 and running as an AD. I did a test
> >> run on the new server connected to the workstations and on one
> >> workstation I ran into this error message:
> >>
> >> "The security database on the server does not have a computer
> >> account for this workstation trust relationship"
> >>
> >> I know that in Windows its pretty easy to solve by using the SBS
> >> Standard console. However, How would one fix this issue that I
> >> assume would be done with samba-tools somehow? Perhaps anyone can
> >> guide me to a resource discussing this? Im not looking for a
> >> step-by-step hand hold session here. Just basic info on where to
> >> start looking and the basics.
> >>
> >> This is one of about 13 workstations and was the only one that
> >> experienced this issue.
> >>
> >> Appreciate the feedback in advance,
> >>
> >> jdegraw
> >>
> >>
> > Sounds like a dns problem, can you share a bit more info on how you
> > have set up your Samba AD domain, It will also help if you post your
> > smb.conf.
> >
> > Rowland
> >
> Hello Rowland,
>
>
> Here is my smb.conf file. I compiled it myself from samba.org and
> followed their instructions for setup of the AD. Everything else
> seems to work out as far as I can tell for now. This will be
> replacing a SBS 2011 server.
>
> My initial thought was that there must be some
>
> Im using the internal DNS on samba as this is just about 13
> workstations.
>
>
> Centos7.4
>
> Samba 4.6.7
>
> # Global parameters
> [global]
> netbios name = SD2
> realm = SD.LOCAL
I take it you missed the warning about using '.local' as the TLD,
either re-provision Samba with a different TLD or remove avahi if it is
installed.
> workgroup = SD
> dns forwarder = 75.75.75.75
> server role = active directory domain controller
> idmap_ldb:use rfc2307 = yes
>
> # Lets allow windows permissions on shares -NOT NEEDED BUT SAVED
> # vfs objects = acl_xattr
> # map acl inherit = yes
> # store dos attributes = yes
'NOT NEEDED' is an understatement, 'DEFINITELY SHOULDN'T BE IN A DC
SMB.CONF' is nearer the point ;-)
>
> [netlogon]
> path = /usr/local/samba/var/locks/sysvol/sd.local/scripts
> read only = No
>
> [sysvol]
> path = /usr/local/samba/var/locks/sysvol
> read only = No
>
> [DATA]
> path = /mnt/data
> readonly = no
>
> [MIGRATE]
> path = /opt/icewarp
> readonly = no
'readonly' should be 'read only'
Do the clients use the DC as their nameserver ?
Rowland
More information about the samba
mailing list