[Samba] (no subject)

jmpatagonia jmpatagonia at gmail.com
Fri Jul 3 12:41:18 UTC 2020 

Hello Rowland, still not working, I try to use getent differents ways and
not working, I believe we are try to update/migrate to samba 4 AD, for us
this a big project because we have a lot of users (about 600) and there
separated on different building, we need to keep the users password and we
need to try that all PC working actually with windows xp/7 not join to
domain again if not is a big work.

We update from all version of samba since 4 years ago to the actually, and
we need to redesign the interface that update ldap users, make some scripts
to update users password, make some scripts to joined manually all pc again
on the domain, making samba ldap laboratory, remake a login script that
work with win/linux clients, take into account is not installing a fresh
install and just work, we need migrate everything is done in a production
environment and must work.

We need to maintain all windows users almost just to migrate everyone to
linux, so we need to work with two operating systems.

OK we keep in contact for asking help for migrate to samba 4 AD.

I would like to send me a good link where can start to install samba 4 AD
with external ldap repository, when we try AD only built-in ldap it is
possible, this is one of the things for discarded AD and other is that the
schema change a lot and need to readapted very much .




El jue., 2 jul. 2020 a las 16:59, Rowland penny via samba (<
samba at lists.samba.org>) escribió:

> On 02/07/2020 20:32, jmpatagonia via samba wrote:
> > Ok, know from desktop logon apparently the user logon right,  look user
> > 'policia\gafranchello' granted access on the trace below, but still tel
> me
> > "Invalid password please try again"
> >
> > Jul  2 16:15:03 samba-cliente polkitd(authority=local): Unregistered
> > Authentication Agent for unix-session:c6 (system bus name :1.231, object
> > path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
> > (disconnected from bus)
> > Jul  2 16:15:05 samba-cliente lightdm: pam_unix(lightdm:session): session
> > closed for user jmperrote
> > Jul  2 16:15:05 samba-cliente lightdm: pam_kwallet(lightdm:session):
> > pam_kwallet: pam_sm_close_session
> > Jul  2 16:15:05 samba-cliente lightdm: pam_kwallet5(lightdm:session):
> > pam_kwallet5: pam_sm_close_session
> > Jul  2 16:15:05 samba-cliente systemd-logind[635]: Removed session c6.
> > Jul  2 16:15:05 samba-cliente lightdm:
> > pam_kwallet(lightdm-greeter:setcred): (null): pam_sm_setcred
> > Jul  2 16:15:05 samba-cliente lightdm:
> > pam_kwallet5(lightdm-greeter:setcred): (null): pam_sm_setcred
> > Jul  2 16:15:05 samba-cliente lightdm: pam_unix(lightdm-greeter:session):
> > session opened for user lightdm by (uid=0)
> > Jul  2 16:15:05 samba-cliente systemd-logind[635]: New session c7 of user
> > lightdm.
> > Jul  2 16:15:05 samba-cliente systemd: pam_unix(systemd-user:session):
> > session opened for user lightdm by (uid=0)
> > Jul  2 16:15:05 samba-cliente lightdm:
> > pam_kwallet(lightdm-greeter:session): (null): pam_sm_open_session
> > Jul  2 16:15:05 samba-cliente lightdm:
> > pam_kwallet(lightdm-greeter:session): pam_kwallet: open_session called
> > without kwallet_key
> > Jul  2 16:15:05 samba-cliente lightdm:
> > pam_kwallet5(lightdm-greeter:session): (null): pam_sm_open_session
> > Jul  2 16:15:05 samba-cliente lightdm:
> > pam_kwallet5(lightdm-greeter:session): pam_kwallet5: open_session called
> > without kwallet5_key
> > Jul  2 16:15:25 samba-cliente lightdm: pam_winbind(lightdm:auth): getting
> > password (0x00000000)
> > Jul  2 16:15:28 samba-cliente lightdm: pam_winbind(lightdm:auth): user
> > 'policia\gafranchello' granted access
> > Jul  2 16:15:28 samba-cliente lightdm: pam_unix(lightdm:account): could
> not
> > identify user (from getpwnam(gafranchello))
> > Jul  2 16:15:31 samba-cliente dbus[653]: [system] Failed to activate
> > service 'org.bluez': timed out
> >
> > And from unix console not work , same error
> >
> > ul  2 16:20:41 samba-cliente sshd[13844]: Invalid user
> > policia\\gafranchello from 172.33.10.1
> > Jul  2 16:20:41 samba-cliente sshd[13844]: input_userauth_request:
> invalid
> > user policia\\\\gafranchello [preauth]
> > Jul  2 16:20:43 samba-cliente sshd[13844]: pam_winbind(sshd:auth):
> getting
> > password (0x00000000)
> > Jul  2 16:20:43 samba-cliente sshd[13844]: pam_winbind(sshd:auth):
> request
> > wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_AUTH_ERR (7),
> > NTSTATUS: NT_STATUS_WRONG_PASSWORD, Error message was: Wrong Password
> > Jul  2 16:20:43 samba-cliente sshd[13844]: pam_winbind(sshd:auth): user
> > 'policia\gafranchello' denied access (incorrect password or invalid
> > membership)
> > Jul  2 16:20:43 samba-cliente sshd[13844]: pam_unix(sshd:auth): check
> pass;
> > user unknown
> > Jul  2 16:20:43 samba-cliente sshd[13844]: pam_unix(sshd:auth):
> > authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> > rhost=172.33.10.1
> > Jul  2 16:20:45 samba-cliente sshd[13844]: Failed password for invalid
> user
> > policia\\gafranchello from 172.33.10.1 port 55002 ssh2
> >
> > This commands work fine-->
> >
> > root at samba-cliente:/etc/samba# wbinfo -m
> > BUILTIN
> > SAMBA-CLIENTE
> > POLICIA
> >
> > root at samba-cliente:/etc/samba# net rpc testjoin -U jmperrote
> > Join to 'POLICIA' is OK
> >
> > root at samba-cliente:/etc/samba# net rpc info -U jmperrote
> > Enter jmperrote's password:
> > Domain Name: POLICIA
> > Domain SID: S-1-5-21-2536628940-703160423-1994053749
> > Sequence number: 1593717825
> > Num users: 9469
> > Num domain groups: 82
> > Num local groups: 0
> >
> >
> > root at samba-cliente:/etc/samba# wbinfo -g | grep repar
> > fs_dg2_repar
> > root at samba-cliente:/etc/samba# getent group fs_dg2_repar
> > fs_dg2_repar:x:10000036:
> >
> > root at samba-cliente:/etc/samba# wbinfo -N samba-cliente
> > 10.11.37.149    samba-cliente
> >
> > root at samba-cliente:/etc/samba# id
> > uid=0(root) gid=0(root) groups=0(root),15001(BUILTIN\users)
> >
> > But 'getent pass' and 'getent group' not work , running for a various
> > second and only get users/groups locals.
>
> It doesn't matter if 'getent passwd' and 'getent group' do not work,
> just so long that 'getent passwd a_username' and 'getent group
> a_groupname' do and the latter does, as shown above.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list