[Samba] Samba as a domain member:

Vieri Di Paola vieridipaola at gmail.com
Mon Jun 15 06:56:52 UTC 2020


I followed the guide here below to add my Samba client to an AD PDC
(rid backend):


The end result is that commands such as:

# wbinfo -g
# wbinfo -u

work fine in that I get a domain group and user listing.

Also, computers in the domain network can transparently authenticate
(Windows) to the newly-added (joined) Linux domain member, and they
can view all the configured shares (with access control).

However, there are things that are failing:

#  wbinfo --ping-dc
checking the NETLOGON for domain[DOMAIN] dc connection to "" failed
failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND

# wbinfo -t
checking the trust secret for domain DOMAIN via RPC calls failed
wbcCheckTrustCredentials(DOMAIN): error code was
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret

# nslookup
> set type=SRV
> _ldap._tcp.mydomain.org

_ldap._tcp.mydomain.org  service = 0 100 389 dc1.mydomain.org.
_ldap._tcp.mydomain.org  service = 0 100 389 dc2.mydomain.org.
_ldap._tcp.mydomain.org  service = 0 100 389 dc3.mydomain.org.

# /usr/bin/ntlm_auth --request-nt-key --username=myuser
WARNING: The "encrypt passwords" option is deprecated
NT_STATUS_ACCESS_DENIED: {Access Denied} A process has requested
access to an object but has not been granted those access rights.

What can I try?
In the --ping-dc test, why is the "connection to" string value empty?



More information about the samba mailing list