[Samba] Using net ads user to get child domain users on Samba 4.10.7
Jeremy
jeremy55662004 at gmail.com
Wed Sep 11 02:10:08 UTC 2019
Hi Rowland,
My smb.conf is showing below:
server string = "Samba Server"
security = ADS
realm = QSAN.AD.COM
workgroup = QSAN
encrypt passwords = Yes
winbind enum users = Yes
winbind enum groups = Yes
winbind cache time = 1800
idmap config * : backend = tdb
idmap config * : range = 1000000-5000000
idmap config QSAN : backend = rid
idmap config QSAN : range = 6000000-8000000
idmap config QSAN : base_rid = 0
template shell = /bin/sh
template homedir = /share/UserHome/%D+%U
Did i miss something? Could i ask how to get child domains users using
"net" correctly?
By the way, both of my AD servers are Windows server 2012
Best regards
Jeremy
On Tue, Sep 10, 2019 at 5:24 PM Jeremy <jeremy55662004 at gmail.com> wrote:
> Hi Rowland,
>
> Thank you for your reply. Yes, i have tried "net ads user -w HARDWARE -P",
> but it's still fail.
> I have add -d10 to llookup the debug mode and got the info below:
>
> ads_find_dc: (ldap) looking for realm '' and falling back to domain
> 'HARDWARE'
> Opening cache file at /mnt/pool/SYSPOOL/cache/samba/lock/gencache.tdb
> sitename_fetch: Returning sitename for realm 'QSAN.AD.COM':
> "Default-First-Site-Name"
> ads_dc_name: domain=HARDWARE
> resolve_and_ping_netbios: (cldap) looking for domain 'HARDWARE'
> get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL)
> saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for
> "HARDWARE" domain
> get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com,
> *"
> internal_resolve_name: looking up HARDWARE#1c (sitename (null))
> name HARDWARE#1C found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> Adding 1 DC's from auto lookup
> sitename_fetch: Returning sitename for realm 'QSAN.AD.COM':
> "Default-First-Site-Name"
> internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20
> (sitename Default-First-Site-Name)
> name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed
> from DC list
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry 192.168.133.201 removed from DC list
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> get_dc_list: returning 0 ip addresses in an unordered list
> get_dc_list:
> ads_find_dc: name resolution for realm '' (domain 'HARDWARE') failed:
> NT_STATUS_NO_LOGON_SERVERS
> get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL)
> saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for
> "HARDWARE" domain
> get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com,
> *"
> internal_resolve_name: looking up HARDWARE#1c (sitename (null))
> name HARDWARE#1C found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> Adding 1 DC's from auto lookup
> sitename_fetch: Returning sitename for realm 'QSAN.AD.COM':
> "Default-First-Site-Name"
> internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20
> (sitename Default-First-Site-Name)
> name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed
> from DC list
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry 192.168.133.201 removed from DC list
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> get_dc_list: returning 0 ip addresses in an unordered list
> get_dc_list:
> Could not look up dc's for domain HARDWARE
> ads_connect: No logon servers are currently available to service the logon
> request.
> ads_find_dc: (ldap) looking for realm '' and falling back to domain
> 'HARDWARE'
> sitename_fetch: Returning sitename for realm 'QSAN.AD.COM':
> "Default-First-Site-Name"
> ads_dc_name: domain=HARDWARE
> resolve_and_ping_netbios: (cldap) looking for domain 'HARDWARE'
> get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL)
> saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for
> "HARDWARE" domain
> get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com,
> *"
> internal_resolve_name: looking up HARDWARE#1c (sitename (null))
> name HARDWARE#1C found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> Adding 1 DC's from auto lookup
> sitename_fetch: Returning sitename for realm 'QSAN.AD.COM':
> "Default-First-Site-Name"
> internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20
> (sitename Default-First-Site-Name)
> name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed
> from DC list
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry 192.168.133.201 removed from DC list
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> get_dc_list: returning 0 ip addresses in an unordered list
> get_dc_list:
> ads_find_dc: name resolution for realm '' (domain 'HARDWARE') failed:
> NT_STATUS_NO_LOGON_SERVERS
> get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL)
> saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for
> "HARDWARE" domain
> get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com,
> *"
> internal_resolve_name: looking up HARDWARE#1c (sitename (null))
> name HARDWARE#1C found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> Adding 1 DC's from auto lookup
> sitename_fetch: Returning sitename for realm 'QSAN.AD.COM':
> "Default-First-Site-Name"
> internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20
> (sitename Default-First-Site-Name)
> name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found.
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed
> from DC list
> check_negative_conn_cache returning result -1073741823 for domain HARDWARE
> server 192.168.133.201
> get_dc_list: negative entry 192.168.133.201 removed from DC list
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> get_dc_list: returning 0 ip addresses in an unordered list
> get_dc_list:
> Could not look up dc's for domain HARDWARE
> ads_connect: No logon servers are currently available to service the logon
> request.
> return code = -1
>
> it says " Could not look up dc's for domain HARDWARE ". Did i have the
> wrong configs or others else?
>
> Thank you so much
>
>
> Jeremy
>
More information about the samba
mailing list