[Samba] I can't login into my Linux client with Samba DC users.
L.P.H. van Belle
belle at bazuin.nl
Wed Jul 21 09:01:54 UTC 2021
Now we need the things Rowland asked.
Now, your on a RH based OS, and i dont know the command but,
on debian i now would run pam-auth-update
So winbind added to the allowed modules to login
But at least your on the right path now.
Can you run the debugscript again, is should show more now.
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: Jason Long [mailto:hack3rcon at yahoo.com]
> Verzonden: woensdag 21 juli 2021 10:54
> Aan: samba at lists. samba. org; L.P.H. van Belle
> Onderwerp: Re: [Samba] I can't login into my Linux client
> with Samba DC users.
>
> Hello,
> Thanks.
> I changed the "/etc/hostname" file and it only included
> "node3", then I did below commands:
>
> # hostname -d
> mydomain.z
> # hostname -s
> node3
> # hostname -f
> node3.mydomain.z
>
> After it, I rejoined my Linux client:
>
> # net ads join -U administrator
>
> And it showed me:
>
> Using short domain name -- MYDOMAIN
> Joined 'NODE3' to dns domain 'mydomain.z
>
> But, I can't use my Samba DC usernames for logging into the
> Linux client.
>
>
>
>
>
>
>
>
> On Monday, July 19, 2021, 02:25:35 PM GMT+4:30, L.P.H. van
> Belle via samba <samba at lists.samba.org> wrote:
>
>
>
>
>
>
>
> > -----Oorspronkelijk bericht-----
> > Van: Jason Long [mailto:hack3rcon at yahoo.com]
> > Verzonden: maandag 19 juli 2021 11:09
> > Aan: samba at lists. samba. org; L.P.H. van Belle
> > Onderwerp: Re: [Samba] I can't login into my Linux client
> > with Samba DC users.
> >
> > Hello,
> > Thank you so much.
> > I removed all sss entries from the server and client, then I
> > removed below line from the "/etc/hosts" file:
> > 10.0.3.15 mydc.mydomain.z
> >
> > After it, I disabled my second NIC (10.0.3.15) from both of
> > server and client, then changed "/etc/resolve.conf" file on
> > the Linux client as below:
> >
> > search mydomain.z
> > nameserver 192.168.56.7
> >
> > The date and time are same on both of server and client and
> > "Kinit Administrator" command worked on server.
> >
> > On Linux client, I executed below commands:
> >
> > # hostname -I
> > 192.168.56.9
> > # hostname -A
> > node3.mydomain.z
> > # hostname -f
> > node3.localhost.localdomain
>
> Verify this..
> /etc/hostname
>
> Should only contain :
> node3
>
> And yes, you might want to rejoin after all
> hostname/domainnames are correct on the client.
> At least thats is what i recommend.
>
> Adjust as shown, reboot, check again with :
> hostname -d
> hostname -s
> hostname -f
>
> That thats all good, then join again.
>
> Greetz,
>
> Louis
>
>
>
> >
> > Why "node3.localhost.localdomain"? Should I rejoin my Linux
> > client to my Samba domain?
> >
> >
> >
> >
> >
> > On Monday, July 19, 2021, 11:55:23 AM GMT+4:30, L.P.H. van
> > Belle via samba <samba at lists.samba.org> wrote:
> >
> >
> >
> >
> >
> > What Rowland Said +
> >
> > On "Server"
> > Theres still sss defined in nsswitch.conf
> > netgroup: sss files
> > automount: sss files
> > services: sss files
> > Remove all sss entries.
> >
> > I do think there is still something wrong because.
> > In smb.conf i see.
> > interfaces = lo enp0s17
> >
> > enp0s17: inet 192.168.56.7/24
> >
> > /etc/hosts
> > 192.168.56.7 mydc.mydomain.z mydc
> > 10.0.3.15 mydc.mydomain.z << this one isnt doing anyting
> > execpt causing problem.
> >
> > Remove it.
> >
> > Your member its hosts, should look like :
> > /etc/hosts
> > 192.168.56.9 node3.mydomain.z node3
> >
> > /etc/resolv.conf
> > search mydomain.z
> > nameserver 192.168.56.7
> >
> >
> > There is also still : 10.0.3.15 same as on the Server.
> > In order to change.
> > 1) you network config ( ip/internface )
> > 2) /etc/hosts
> > 3) /etc/resolvconf
> >
> > https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-
> > linux-permanently/
> >
> > Reboot,
> >
> > Verify the hostname with
> > hostname -I All ipadresses
> > hostname -A All hostnames and alias names.
> >
> > And hostname -f = FQDN (hostname -s + hostname -d )
> > hostname -d = dns domain (search line in resolve.conf)
> >
> > On both servers winbind must be installed and SSSd removed.
> >
> > Did you sync time of the member with the AD-DC? If not,
> > Verify on the member at least and set it to the AD-DC.
> > Edit /etc/systemd/timesyncd.conf
> > Systemctl daemon-reload
> >
> > Then thats all done and looking ok.
> >
> > Kinit Administrator does that work now?
> >
> >
> > Now, last question, whats the idea with the 2 nic's AD-DC,
> > thats not an easy setup.
> >
> >
> > Greetz,
> >
> > Louis
> >
> >
> > > -----Oorspronkelijk bericht-----
> > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> > > Jason Long via samba
> > > Verzonden: zondag 18 juli 2021 16:50
> > > Aan: samba at lists.samba.org; Rowland Penny
> > > Onderwerp: Re: [Samba] I can't login into my Linux client
> > > with Samba DC users.
> > >
> > > Thank you.
> > > I removed "sssd" from my Linux client:
> > > # yum remove sssd
> > >
> > > Then, changed "/etc/krb5.conf" as below:
> > >
> > > [libdefaults]
> > > default_realm = MYDOMAIN.Z
> > > dns_lookup_realm = false
> > > dns_lookup_kdc = true
> > >
> > > Should I install winbind and winbind-clients on the client?
> > >
> > > I executed the script on the server and client and results are:
> > >
> > > On server:
> > > https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y
> > > tk0KPMkBind5U
> > >
> > > On client:
> > > https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV
> > > wJMZUzFNjtEwa
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny
> > > via samba <samba at lists.samba.org> wrote:
> > >
> > >
> > >
> > >
> > >
> > > On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote:
> > > >
> > >
> > > > I installed Samba from its manual and in Samba manual, the "sss"
> > > > existed. Why "sss" doesn't need?
> > >
> > > If sssd is installed, remove it, you cannot use sssd with Samba.
> > >
> > > >
> > > > And I changed the content of "/etc/krb5.conf" to:
> > > >
> > > >
> > > > On the Linux client:
> > > > I added below lines to the "/etc/hosts" file:
> > > >
> > > > 127.0.0.1 localhost localhost.localdomain localhost4
> > > > localhost4.localdomain4
> > > > ::1 localhost localhost.localdomain localhost6
> > > > localhost6.localdomain6
> > > > 192.168.56.7 mydc.mydomain.z mydc
> > > > 10.0.3.15 mydc.mydomain.z
> > >
> > > You cannot multihome a DC, choose an ipaddress and use just
> > that one.
> > >
> > > >
> > > > The content of the "/etc/krb5.conf" file is:
> > > >
> > > > includedir /etc/krb5.conf.d/
> > > > [libdefaults]
> > > > default_realm = MYDC.MYDOMAIN.Z
> > >
> > > HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z'
> > IS NOT YOUR
> > > REALM!!!
> > >
> > > Your realm is 'MYDOMAIN.Z'
> > >
> > > > dns_lookup_realm = false
> > > > dns_lookup_kdc = true
> > > >
> > > >
> > >
> > > You can remove the rest of /etc/krb5.conf , you do not need it.
> > >
> > > >
> > > >
> > > > I rebooted my client and I can't login to my Linux
> client with my
> > > > Samba DC usernames.
> > >
> > > Have you installed winbind and winbind-clients ?
> > >
> > >
> > > Rowland
> > >
> > >
> > >
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> > >
> > > --
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions: https://lists.samba.org/mailman/options/samba
> >
> > >
> > >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions: https://lists.samba.org/mailman/options/samba
> >
> >
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list