[Samba] Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...

Rowland Penny rpenny at samba.org
Thu Jul 26 19:56:50 UTC 2018 

On Thu, 26 Jul 2018 21:22:23 +0200
Andrzej Gryko via samba <samba at lists.samba.org> wrote:

> ---------- Forwarded message ---------
> From: Rowland Penny via samba <samba at lists.samba.org>
> Date: śr., 25 lip 2018 o 18:36
> Subject: Re: [Samba] Fwd: Problem connecting to DC from windows 10.
> Failed to create user record ... acl: unable to get access to ...
> To: <samba at lists.samba.org>
> 
> 
> On Wed, 25 Jul 2018 08:55:01 +0200
> Andrzej Gryko via samba <samba at lists.samba.org> wrote:
> 
> > Avahi is not running.
> > My smb.conf:
> > # Global parameters
> > [global]
> >         netbios name = SAMBA
> >         realm = GRYKO.LOCAL
> >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > drepl, winbindd, ntp_signd, kcc, dnsupdate
> >         workgroup = GRYKO
> >         server role = active directory domain controller
> >
> > [netlogon]
> >         path = /var/lib/samba/sysvol/gryko.local/scripts
> >         read only = No
> >
> > [sysvol]
> >         path = /var/lib/samba/sysvol
> >         read only = No
> >
> > I didn't tell that I ran debian on Microsoft Hyper-V machine, I try
> > to connect to DC typing "gryko.local" as a domain in win 10 system
> > properties, and next typing username and password (also I type
> > domainname\username and password).
> >
> > I installed two virtual machines and on both there is the same error
> > in log.samba.
> > I installed samba by: " *apt-get install samba smbclient bind9
> > krb5-user" and next I installed winbind by apt-get too.*
> >
> 
> >So you are trying to log into the DC as a user, then you need some
> >more packages installed.
> >
> >attr libpam-winbind libpam-krb5 libnss-winbind krb5-config ntp
> >bind9utils Note: some of these may already be installed.
> >
> >By default, you cannot log into a DC
> >
> >Rowland
> 
> I installed new debian, configured domain gryko.org.

How are you configuring the domain ?
I hope you mean you are provisioning the domain.

> installed every
> mentioned package and it is exacly the same if username and password
> are correct:
> [2018/07/26 21:09:49.736794,  0]
> ../source4/dsdb/common/util_samr.c:192(dsdb_add_user)
>   Failed to create user record
> CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=org: acl: unable to get
> access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=org

How are you trying to create the above record, it is undoubtedly a
computer record and should be created by the join.
 
> 
> I found in google same examples and I'm follow them.

Most of the examples you find on the internet are like the curates egg,
good in parts, bad in others. Can I suggest you read the Samba wiki:

https://wiki.samba.org/index.php/Main_Page

Rowland

> 
> Any more ideas?
> 
> regards
> Andrzej

More information about the samba mailing list