[Samba] Samba as a domain member:
Vieri Di Paola
vieridipaola at gmail.com
Mon Jun 15 06:56:52 UTC 2020
Hi,
I followed the guide here below to add my Samba client to an AD PDC
(rid backend):
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
The end result is that commands such as:
# wbinfo -g
# wbinfo -u
work fine in that I get a domain group and user listing.
Also, computers in the domain network can transparently authenticate
(Windows) to the newly-added (joined) Linux domain member, and they
can view all the configured shares (with access control).
However, there are things that are failing:
# wbinfo --ping-dc
checking the NETLOGON for domain[DOMAIN] dc connection to "" failed
failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND
# wbinfo -t
checking the trust secret for domain DOMAIN via RPC calls failed
wbcCheckTrustCredentials(DOMAIN): error code was
NT_STATUS_ACCESS_DENIED (0xc0000022)
failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
Could not check secret
# nslookup
> set type=SRV
> _ldap._tcp.mydomain.org
Server: 10.2.1.3
Address: 10.2.1.3#53
_ldap._tcp.mydomain.org service = 0 100 389 dc1.mydomain.org.
_ldap._tcp.mydomain.org service = 0 100 389 dc2.mydomain.org.
_ldap._tcp.mydomain.org service = 0 100 389 dc3.mydomain.org.
# /usr/bin/ntlm_auth --request-nt-key --username=myuser
--domain=DOMAIN
WARNING: The "encrypt passwords" option is deprecated
Password:
NT_STATUS_ACCESS_DENIED: {Access Denied} A process has requested
access to an object but has not been granted those access rights.
(0xc0000022)
What can I try?
In the --ping-dc test, why is the "connection to" string value empty?
Regards,
Vieri
More information about the samba
mailing list