[Samba] I can't login into my Linux client with Samba DC users.
Jason Long
hack3rcon at yahoo.com
Wed Jul 21 08:54:03 UTC 2021
Hello,
Thanks.
I changed the "/etc/hostname" file and it only included "node3", then I did below commands:
# hostname -d
mydomain.z
# hostname -s
node3
# hostname -f
node3.mydomain.z
After it, I rejoined my Linux client:
# net ads join -U administrator
And it showed me:
Using short domain name -- MYDOMAIN
Joined 'NODE3' to dns domain 'mydomain.z
But, I can't use my Samba DC usernames for logging into the Linux client.
On Monday, July 19, 2021, 02:25:35 PM GMT+4:30, L.P.H. van Belle via samba <samba at lists.samba.org> wrote:
> -----Oorspronkelijk bericht-----
> Van: Jason Long [mailto:hack3rcon at yahoo.com]
> Verzonden: maandag 19 juli 2021 11:09
> Aan: samba at lists. samba. org; L.P.H. van Belle
> Onderwerp: Re: [Samba] I can't login into my Linux client
> with Samba DC users.
>
> Hello,
> Thank you so much.
> I removed all sss entries from the server and client, then I
> removed below line from the "/etc/hosts" file:
> 10.0.3.15 mydc.mydomain.z
>
> After it, I disabled my second NIC (10.0.3.15) from both of
> server and client, then changed "/etc/resolve.conf" file on
> the Linux client as below:
>
> search mydomain.z
> nameserver 192.168.56.7
>
> The date and time are same on both of server and client and
> "Kinit Administrator" command worked on server.
>
> On Linux client, I executed below commands:
>
> # hostname -I
> 192.168.56.9
> # hostname -A
> node3.mydomain.z
> # hostname -f
> node3.localhost.localdomain
Verify this..
/etc/hostname
Should only contain :
node3
And yes, you might want to rejoin after all hostname/domainnames are correct on the client.
At least thats is what i recommend.
Adjust as shown, reboot, check again with :
hostname -d
hostname -s
hostname -f
That thats all good, then join again.
Greetz,
Louis
>
> Why "node3.localhost.localdomain"? Should I rejoin my Linux
> client to my Samba domain?
>
>
>
>
>
> On Monday, July 19, 2021, 11:55:23 AM GMT+4:30, L.P.H. van
> Belle via samba <samba at lists.samba.org> wrote:
>
>
>
>
>
> What Rowland Said +
>
> On "Server"
> Theres still sss defined in nsswitch.conf
> netgroup: sss files
> automount: sss files
> services: sss files
> Remove all sss entries.
>
> I do think there is still something wrong because.
> In smb.conf i see.
> interfaces = lo enp0s17
>
> enp0s17: inet 192.168.56.7/24
>
> /etc/hosts
> 192.168.56.7 mydc.mydomain.z mydc
> 10.0.3.15 mydc.mydomain.z << this one isnt doing anyting
> execpt causing problem.
>
> Remove it.
>
> Your member its hosts, should look like :
> /etc/hosts
> 192.168.56.9 node3.mydomain.z node3
>
> /etc/resolv.conf
> search mydomain.z
> nameserver 192.168.56.7
>
>
> There is also still : 10.0.3.15 same as on the Server.
> In order to change.
> 1) you network config ( ip/internface )
> 2) /etc/hosts
> 3) /etc/resolvconf
>
> https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-
> linux-permanently/
>
> Reboot,
>
> Verify the hostname with
> hostname -I All ipadresses
> hostname -A All hostnames and alias names.
>
> And hostname -f = FQDN (hostname -s + hostname -d )
> hostname -d = dns domain (search line in resolve.conf)
>
> On both servers winbind must be installed and SSSd removed.
>
> Did you sync time of the member with the AD-DC? If not,
> Verify on the member at least and set it to the AD-DC.
> Edit /etc/systemd/timesyncd.conf
> Systemctl daemon-reload
>
> Then thats all done and looking ok.
>
> Kinit Administrator does that work now?
>
>
> Now, last question, whats the idea with the 2 nic's AD-DC,
> thats not an easy setup.
>
>
> Greetz,
>
> Louis
>
>
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > Jason Long via samba
> > Verzonden: zondag 18 juli 2021 16:50
> > Aan: samba at lists.samba.org; Rowland Penny
> > Onderwerp: Re: [Samba] I can't login into my Linux client
> > with Samba DC users.
> >
> > Thank you.
> > I removed "sssd" from my Linux client:
> > # yum remove sssd
> >
> > Then, changed "/etc/krb5.conf" as below:
> >
> > [libdefaults]
> > default_realm = MYDOMAIN.Z
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> >
> > Should I install winbind and winbind-clients on the client?
> >
> > I executed the script on the server and client and results are:
> >
> > On server:
> > https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y
> > tk0KPMkBind5U
> >
> > On client:
> > https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV
> > wJMZUzFNjtEwa
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny
> > via samba <samba at lists.samba.org> wrote:
> >
> >
> >
> >
> >
> > On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote:
> > >
> >
> > > I installed Samba from its manual and in Samba manual, the "sss"
> > > existed. Why "sss" doesn't need?
> >
> > If sssd is installed, remove it, you cannot use sssd with Samba.
> >
> > >
> > > And I changed the content of "/etc/krb5.conf" to:
> > >
> > >
> > > On the Linux client:
> > > I added below lines to the "/etc/hosts" file:
> > >
> > > 127.0.0.1 localhost localhost.localdomain localhost4
> > > localhost4.localdomain4
> > > ::1 localhost localhost.localdomain localhost6
> > > localhost6.localdomain6
> > > 192.168.56.7 mydc.mydomain.z mydc
> > > 10.0.3.15 mydc.mydomain.z
> >
> > You cannot multihome a DC, choose an ipaddress and use just
> that one.
> >
> > >
> > > The content of the "/etc/krb5.conf" file is:
> > >
> > > includedir /etc/krb5.conf.d/
> > > [libdefaults]
> > > default_realm = MYDC.MYDOMAIN.Z
> >
> > HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z'
> IS NOT YOUR
> > REALM!!!
> >
> > Your realm is 'MYDOMAIN.Z'
> >
> > > dns_lookup_realm = false
> > > dns_lookup_kdc = true
> > >
> > >
> >
> > You can remove the rest of /etc/krb5.conf , you do not need it.
> >
> > >
> > >
> > > I rebooted my client and I can't login to my Linux client with my
> > > Samba DC usernames.
> >
> > Have you installed winbind and winbind-clients ?
> >
> >
> > Rowland
> >
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
>
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list