[Samba] Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...

Andrzej Gryko andrzej.gryko at gmail.com
Thu Jul 26 21:03:19 UTC 2018 

I found the problem. I can login as administrator, but not as different
user - I add different users by "samba-tool user add" or smapasswd and it's
the same.

Regards

czw., 26 lip 2018 o 21:56 Rowland Penny <rpenny at samba.org> napisał(a):

> On Thu, 26 Jul 2018 21:22:23 +0200
> Andrzej Gryko via samba <samba at lists.samba.org> wrote:
>
> > ---------- Forwarded message ---------
> > From: Rowland Penny via samba <samba at lists.samba.org>
> > Date: śr., 25 lip 2018 o 18:36
> > Subject: Re: [Samba] Fwd: Problem connecting to DC from windows 10.
> > Failed to create user record ... acl: unable to get access to ...
> > To: <samba at lists.samba.org>
> >
> >
> > On Wed, 25 Jul 2018 08:55:01 +0200
> > Andrzej Gryko via samba <samba at lists.samba.org> wrote:
> >
> > > Avahi is not running.
> > > My smb.conf:
> > > # Global parameters
> > > [global]
> > >         netbios name = SAMBA
> > >         realm = GRYKO.LOCAL
> > >         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> > > drepl, winbindd, ntp_signd, kcc, dnsupdate
> > >         workgroup = GRYKO
> > >         server role = active directory domain controller
> > >
> > > [netlogon]
> > >         path = /var/lib/samba/sysvol/gryko.local/scripts
> > >         read only = No
> > >
> > > [sysvol]
> > >         path = /var/lib/samba/sysvol
> > >         read only = No
> > >
> > > I didn't tell that I ran debian on Microsoft Hyper-V machine, I try
> > > to connect to DC typing "gryko.local" as a domain in win 10 system
> > > properties, and next typing username and password (also I type
> > > domainname\username and password).
> > >
> > > I installed two virtual machines and on both there is the same error
> > > in log.samba.
> > > I installed samba by: " *apt-get install samba smbclient bind9
> > > krb5-user" and next I installed winbind by apt-get too.*
> > >
> >
> > >So you are trying to log into the DC as a user, then you need some
> > >more packages installed.
> > >
> > >attr libpam-winbind libpam-krb5 libnss-winbind krb5-config ntp
> > >bind9utils Note: some of these may already be installed.
> > >
> > >By default, you cannot log into a DC
> > >
> > >Rowland
> >
> > I installed new debian, configured domain gryko.org.
>
> How are you configuring the domain ?
> I hope you mean you are provisioning the domain.
>
> > installed every
> > mentioned package and it is exacly the same if username and password
> > are correct:
> > [2018/07/26 21:09:49.736794,  0]
> > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user)
> >   Failed to create user record
> > CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=org: acl: unable to get
> > access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=org
>
> How are you trying to create the above record, it is undoubtedly a
> computer record and should be created by the join.
>
> >
> > I found in google same examples and I'm follow them.
>
> Most of the examples you find on the internet are like the curates egg,
> good in parts, bad in others. Can I suggest you read the Samba wiki:
>
> https://wiki.samba.org/index.php/Main_Page
>
> Rowland
>
> >
> > Any more ideas?
> >
> > regards
> > Andrzej
>
>

More information about the samba mailing list