[Samba] I can't login into my Linux client with Samba DC users.

Jason Long hack3rcon at yahoo.com
Mon Jul 12 18:44:12 UTC 2021 

Hello,
I had a thread with the name "I can't join my Linux client to my Samba DC." and I joined my Linux client to my Samba DC, but I can't login into my Linux client with my Samba DC users.
I have a Samba DC as below:


# samba-tool domain info 192.168.56.7
Forest           : mydomain.z
Domain           : mydomain.z
Netbios domain   : MYDOMAIN
DC name          : mydc.mydomain.z
DC netbios name  : MYDC
Server site      : Default-First-Site-Name
Client site      : Default-First-Site-Name




And I want to join my Linux client to my Samba DC. The content of "smb.conf" file on my Linux client is:


[global]
   workgroup = MYDC
   security = ADS
   realm = MYDC.MYDOMAIN.Z


   winbind refresh tickets = Yes
   vfs objects = acl_xattr
   map acl inherit = Yes
   store dos attributes = Yes


   dedicated keytab file = /etc/krb5.keytab
   kerberos method = secrets and keytab
   winbind use default domain = yes


   idmap config * : backend = tdb
   idmap config * : range = 3000-7999
   idmap config MYDC : backend = rid
   idmap config MYDC : range = 10000-999999


# Template settings for login shell and home directory
   template shell = /bin/bash
   template homedir = /home/%U






# samba-tool user list
krbtgt
Guest
user2
user3
user4
peter
Administrator
user1
user5


And Samba tells me that my Linux client joined to the network:


# samba-tool computer list
MYDC$
CLIENT$


But when I want to login to my Linux client with above usernames, then it showed me "Login incorrect". I used "user5", "user5 at mydomain.z" and "mydomain\user5" forms.


I did:
# getent passwd user5
MYDOMAIN\user5:*:3000022:100::/home/user5:/bin/bash




I executed "https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh" script on both server and client and the result is:


On Server:

https://pastebin.ubuntu.com/p/wvYTWmPr4S/


On Linux Client:

# cat /tmp/samba-debug-info.txt
Collected config  --- 2021-07-12-22:53 -----------


Hostname: CLIENT
DNS Domain: localhost.localdomain
FQDN: CLIENT.localhost.localdomain
ipaddress: 192.168.56.9 10.0.3.15 


-----------


WARNING: kinit Administrator will fail and this needs to be fixed first.
unable to verify DNS kerberos._tcp SRV records
 
;; Got SERVFAIL reply from 192.168.56.7, trying next server
;; connection timed out; no servers could be reached



How can I fix this problem?



Thank you.

More information about the samba mailing list