[Samba] Samba4 machine fails to join in samba3 domain
Julien TEHERY
julien.tehery at openevents.fr
Wed May 22 14:02:58 UTC 2019
Hi
I actually have troubles to join a samba4 machine into an old samba3 domain.
I know I know most of you will yell reading this, but i have to deal
with a customer's very old environment :)
They're thinking about migrating fully in samba4, but it will take some
times so for now let's focus on the situation we have
Configuration:
- Samba3 PDC :3.5.18-28
- Samba4 client Debian 8.7 (samba 4.2.14)
Here is the samba4 smb.conf:
[global]
# OPTIONS TO JOIN SAMBA3 NT DOMAIN
max protocol = NT1
client ipc signing = No
client signing = No
server signing = No
####
panic action = /usr/share/samba/panic-action %d
workgroup = MYDOMAIN
netbios name = MYSERVER
admin users= @"Domain Admins"
name resolve order = wins lmhosts hosts bcast
wide links = Yes
follow symlinks = Yes
remote announce = 192.168.255.255/MYDOMAIN
remote browse sync = 192.168.255.255
interfaces = 192.168.X.X/255.255.254.0
bind interfaces only = no
unix charset = CP850
server string = FileserverMYSERVER
security = DOMAIN
encrypt passwords = true
log level = 1
syslog = 0
log file = /var/log/samba/%m.log
max log size = 100000
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
mangling method = hash2
domain logons = No
os level = 99
preferred master = No
domain master = No
wins server = X.X.X.X
idmap backend = nss
passdb backend = ldapsam:ldap://ds.domain.com:389/
ldap admin dn = cn=Directory Manager,dc=domain,dc=com
ldap suffix = dc=domain,dc=com
ldap group suffix = ou=Groups
ldap user suffix = ou=Users
ldap machine suffix = ou=Computers
ldap ssl = No
winbind cache time = 5
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
Here is what i get when trying to join the domain
net rpc join -Uadministrateur
No realm has been specified! Do you really want to join an Active
Directory server?
Enter administrateur's password:
No realm has been specified! Do you really want to join an Active
Directory server?
User root with invalid SID S-1-5-21-2287936477-1870703456-424640392-1001
in passdb
Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error
NT_STATUS_RPC_PROTOCOL_ERROR
libnet_join_ok: failed to open schannel session on netlogon pipe to
server PDC for domain MYDOMAIN. Error was NT_STATUS_RPC_PROTOCOL_ERROR
Failed to join domain: failed to verify domain membership after joining:
An RPC protocol error occurred.
The fact is that i succeed in getting domain info:
net rpc info -Uadministrateur
Enter administrateur's password:
Domain Name: MYDOMAIN
Domain SID: S-1-5-21-2143421583-854681893-XXXXXXXXXX
Sequence number: 1558533247
Num users: 2479
Num domain groups: 276
Num local groups: 0
I don't know how to deal with this problem (first time i see that..)
Thanks for your help
More information about the samba
mailing list