[Samba] Problems joining station in domain

Marcio Demetrio Bacci marciobacci at gmail.com
Mon Aug 26 19:43:12 UTC 2019 

Hi,

Another strange situation occurs when I use the RSAT GPO tool in Windows 7.
The following message appears:
"RPC Server not available"

Another situation is that I have created a GPO to allow helpdesk group only
to add stations in the domain, but this GPO does not work.

The permissions of the Sysvol folder look like this:

ls -lah /var/lib/samba/sysvol/empresa.com.br/Policies/
total 96K
drwxrwx---+ 12 3000000 3000015 4,0K ago 26 14:50 .
drwxrwxr-x+  6 root    3000015 4,0K jul 29 12:13 ..
drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
{23A926E4-7EF5-41A7-AEAB-7A8D950B95AA}
drwxrwx---+  4 3000000 3000015 4,0K jul 29 11:36
{31B2F340-016D-11D2-945F-00C04FB984F9}
drwxrwx---+  5 3000000 3000015 4,0K jul 29 11:36
{6AC1786C-016F-11D2-945F-00C04fB984F9}
drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
{AA1EDEBC-99BA-4E86-9941-D067EC079D9C}
drwxrwx---+  4 3000008 3000008 4,0K ago 21 15:55
{AFC65B84-867D-459D-9C0C-CBB3D511F086}
drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
{B495E0CC-C411-4970-B2F0-B761933BEE71}
drwxrwx---+  5 3000008 3000008 4,0K ago 21 15:24
{D1310DE4-5ECF-4367-9E90-A9CB1E2D18DA}
drwxrwx---+  4 3000008 3000008 4,0K ago 26 14:50
{DA0EA122-2666-49A8-BD50-2A8E42AB15DC}
drwxrwx---+  5 3000000 3000008 4,0K jul 29 11:36
{E78B5E20-C964-4548-9086-33398DDC2C9A}
drwxrwx---+  4 3000000 3000008 4,0K jul 29 11:36
{E977DEE8-F765-4513-BCA3-0B221DD3BB5F}

Regards,

Márcio Bacci

Em seg, 26 de ago de 2019 às 16:05, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:

> Hi,
>
> >How are you trying to join the computer ?
>
> >What exact command are you using ?
>
> I am using the graphical interface of the Windows client station.
> System->Advanced Settings ->Computer Name ->Change
>
> Then I enter the member of: EMPRESA (or EMPRESA.COM.BR), my admin
> username and password.
>
> cat /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = SAMBA4-DC1
> realm = EMPRESA.COM.BR
> workgroup = EMPRESA
> server role = active directory domain controller
> dns forwarder = 192.168.1.1 192.168.1.2
> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
> ldap server require strong auth = no
>
> [netlogon]
> path = /var/lib/samba/sysvol/empresa.com.br/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> It seems that the problem is intermittent. Now it works, now it doesn't
> work
>
> Regards,
>
> Márcio Bacci
>
> Em seg, 26 de ago de 2019 às 15:49, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 26/08/2019 19:35, Marcio Demetrio Bacci via samba wrote:
>> > Hi,
>> >
>> > I'm having trouble entering stations in the domain, as message below:
>> >
>> > "
>> >
>> > *error while attempting to join domain "EMPRESA"security id structure is
>> > invalid*"
>> >
>> > In the log I see the following message:
>> >
>> > tail -f /var/log/samba/log.samba
>> > [2019/08/26 15:17:12.206883,  0]
>> > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user)
>> >    Failed to create user record
>> > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get
>> access
>> > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br
>> >
>> > My user is Administrator and before was working.
>> >
>> > The station is Windows 7 Professional and my DCs are Samba 4.
>> >
>> > How could you solve this problem?
>> >
>> > Regards,
>> >
>> > Márcio Bacci
>>
>> How are you trying to join the computer ?
>>
>> What exact command are you using ?
>>
>> Can you post the smb.conf from the DC
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions:  https://lists.samba.org/mailman/options/samba
>>
>

More information about the samba mailing list