[Samba] I can't login into my Linux client with Samba DC users.

Jason Long hack3rcon at yahoo.com
Wed Jul 21 08:54:03 UTC 2021 

Hello,
Thanks.
I changed the "/etc/hostname" file and it only included "node3", then I did below commands:

# hostname -d
mydomain.z
# hostname -s
node3
# hostname -f
node3.mydomain.z

After it, I rejoined my Linux client:

# net ads join -U administrator

And it showed me:

Using short domain name -- MYDOMAIN
Joined 'NODE3' to dns domain 'mydomain.z

But, I can't use my Samba DC usernames for logging into the Linux client.








On Monday, July 19, 2021, 02:25:35 PM GMT+4:30, L.P.H. van Belle via samba <samba at lists.samba.org> wrote: 







> -----Oorspronkelijk bericht-----
> Van: Jason Long [mailto:hack3rcon at yahoo.com] 
> Verzonden: maandag 19 juli 2021 11:09
> Aan: samba at lists. samba. org; L.P.H. van Belle
> Onderwerp: Re: [Samba] I can't login into my Linux client 
> with Samba DC users.
> 
> Hello,
> Thank you so much.
> I removed all sss entries from the server and client, then I 
> removed below line from the "/etc/hosts" file:
> 10.0.3.15  mydc.mydomain.z
> 
> After it, I disabled my second NIC (10.0.3.15) from both of 
> server and client, then changed "/etc/resolve.conf" file on 
> the Linux client as below:
> 
> search mydomain.z
> nameserver 192.168.56.7
> 
> The date and time are same on both of server and client and 
> "Kinit Administrator" command worked on server.
> 
> On Linux client, I executed below commands:
> 
> # hostname -I
> 192.168.56.9
> # hostname -A
> node3.mydomain.z
> # hostname -f
> node3.localhost.localdomain

Verify this.. 
/etc/hostname 

Should only contain : 
node3 

And yes, you might want to rejoin after all hostname/domainnames are correct on the client. 
At least thats is what i recommend. 

Adjust as shown, reboot, check again with : 
hostname -d 
hostname -s 
hostname -f

That thats all good, then join again. 

Greetz, 

Louis



> 
> Why "node3.localhost.localdomain"? Should I rejoin my Linux 
> client to my Samba domain?
> 
> 
> 
> 
> 
> On Monday, July 19, 2021, 11:55:23 AM GMT+4:30, L.P.H. van 
> Belle via samba <samba at lists.samba.org> wrote: 
> 
> 
> 
> 
> 
> What Rowland Said + 
> 
> On "Server"  
> Theres still sss defined in nsswitch.conf 
> netgroup:  sss files
> automount:  sss files
> services:  sss files
> Remove all sss entries.  
> 
> I do think there is still something wrong because.
> In smb.conf i see. 
> interfaces = lo enp0s17 
> 
> enp0s17:  inet 192.168.56.7/24 
> 
> /etc/hosts 
> 192.168.56.7 mydc.mydomain.z mydc 
> 10.0.3.15  mydc.mydomain.z    << this one isnt doing anyting 
> execpt causing problem. 
> 
> Remove it. 
> 
> Your member its hosts, should look like : 
> /etc/hosts 
> 192.168.56.9 node3.mydomain.z node3
> 
> /etc/resolv.conf 
> search mydomain.z
> nameserver 192.168.56.7
> 
> 
> There is also still : 10.0.3.15  same as on the Server. 
> In order to change. 
> 1) you network config ( ip/internface ) 
> 2) /etc/hosts
> 3) /etc/resolvconf 
> 
> https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-
> linux-permanently/ 
> 
> Reboot, 
> 
> Verify the hostname with 
> hostname -I    All ipadresses 
> hostname -A All hostnames and alias names. 
> 
> And hostname -f = FQDN (hostname -s  + hostname -d ) 
> hostname -d = dns domain (search line in resolve.conf) 
> 
> On both servers winbind must be installed and SSSd removed. 
> 
> Did you sync time of the member with the AD-DC? If not, 
> Verify on the member at least and set it to the AD-DC.
> Edit /etc/systemd/timesyncd.conf
> Systemctl daemon-reload
> 
> Then thats all done and looking ok. 
> 
> Kinit Administrator  does that work now? 
> 
> 
> Now, last question, whats the idea with the 2 nic's AD-DC, 
> thats not an easy setup. 
> 
> 
> Greetz, 
> 
> Louis
> 
> 
> > -----Oorspronkelijk bericht-----
> > Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> > Jason Long via samba
> > Verzonden: zondag 18 juli 2021 16:50
> > Aan: samba at lists.samba.org; Rowland Penny
> > Onderwerp: Re: [Samba] I can't login into my Linux client 
> > with Samba DC users.
> > 
> > Thank you.
> > I removed "sssd" from my Linux client:
> > # yum remove sssd
> > 
> > Then, changed "/etc/krb5.conf" as below:
> > 
> > [libdefaults]
> >     default_realm = MYDOMAIN.Z
> >     dns_lookup_realm = false
> >     dns_lookup_kdc = true
> > 
> > Should I install winbind and winbind-clients on the client?
> > 
> > I executed the script on the server and client and results are:
> > 
> > On server:
> > https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y
> > tk0KPMkBind5U
> > 
> > On client:
> > https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV
> > wJMZUzFNjtEwa
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny 
> > via samba <samba at lists.samba.org> wrote: 
> > 
> > 
> > 
> > 
> > 
> > On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote:
> > > 
> > 
> > > I installed Samba from its manual and in Samba manual, the "sss"
> > > existed. Why "sss" doesn't need? 
> > 
> > If sssd is installed, remove it, you cannot use sssd with Samba.
> > 
> > > 
> > > And I changed the content of "/etc/krb5.conf" to:
> > > 
> > > 
> > > On the Linux client:
> > > I added below lines to the "/etc/hosts" file:
> > > 
> > > 127.0.0.1  localhost localhost.localdomain localhost4
> > > localhost4.localdomain4
> > > ::1        localhost localhost.localdomain localhost6
> > > localhost6.localdomain6
> > > 192.168.56.7 mydc.mydomain.z mydc
> > > 10.0.3.15  mydc.mydomain.z
> > 
> > You cannot multihome a DC, choose an ipaddress and use just 
> that one.
> > 
> > > 
> > > The content of the "/etc/krb5.conf" file is:
> > > 
> > > includedir /etc/krb5.conf.d/
> > > [libdefaults]
> > >    default_realm = MYDC.MYDOMAIN.Z
> > 
> > HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' 
> IS NOT YOUR
> > REALM!!!
> > 
> > Your realm is 'MYDOMAIN.Z'
> > 
> > >    dns_lookup_realm = false
> > >    dns_lookup_kdc = true
> > > 
> > > 
> > 
> > You can remove the rest of /etc/krb5.conf , you do not need it.
> > 
> > > 
> > > 
> > > I rebooted my client and I can't login to my Linux client with my
> > > Samba DC usernames.
> > 
> > Have you installed winbind and winbind-clients ?
> > 
> > 
> > Rowland
> > 
> > 
> > 
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> > 
> > -- 
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> 
> > 
> > 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

More information about the samba mailing list