[Samba] Not able to join Debian 10 to AD using winbind
Patrick Goetz
pgoetz at math.utexas.edu
Tue Nov 2 08:55:48 UTC 2021
Your output seems to be missing the "name" and "userPrincipalName"
fields, in addition to quite a bit of other information. This is what I
get when I run the same command in my test domain (I omitted the
referrals at the end):
root at samba-dc:~# sudo ldbsearch -H ldap://samba-dc.ea.linuxcs.com -P -b
'dc=ea,dc=linuxcs,dc=com'
'(&(objectCategory=person)(objectClass=user)(sAMAccountName=mduffie))'
# record 1
dn: CN=mduffy,OU=Users,OU=Episcopal Archives,DC=ea,DC=linuxcs,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
cn: mduffie
instanceType: 4
whenCreated: 20211030134807.0Z
uSNCreated: 4079
name: mduffy
objectGUID: d0ba107f-0be3-4208-93a1-002f6f5d8209
badPwdCount: 0
codePage: 0
countryCode: 0
badPasswordTime: 0
lastLogoff: 0
lastLogon: 0
primaryGroupID: 513
objectSid: S-1-5-21-2398640129-655337111-1434392923-1103
logonCount: 0
sAMAccountName: mduffie
sAMAccountType: 805306368
userPrincipalName: mduffie at ea.linuxcs.com
objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ea,DC=linuxcs,DC=com
pwdLastSet: 132800752872761420
userAccountControl: 66048
accountExpires: 0
memberOf: CN=ea-admins,OU=Groups,OU=Episcopal
Archives,DC=ea,DC=linuxcs,DC=com
whenChanged: 20211101142039.0Z
uSNChanged: 4225
distinguishedName: CN=mduffie,OU=Users,OU=Episcopal
Archives,DC=ea,DC=linuxcs,DC=com
On 11/2/21 03:41, Sac Isilia via samba wrote:
> Hi Rowland,
>
> The command given by you produced a long output of which few lines are
> below.
>
> ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b
> 'dc=emea,dc=media,dc=global,dc=loc'
> '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02))'
> WARNING: [printers] service MUST be printable!
> # record 1
> dn: CN=Konrad Ochal (62056228),OU=Managed Users,OU=Standard Users,OU=User
> Accounts,DC=emea,DC=media,DC=global,DC=loc
> objectClass: top
> objectClass: person
> objectClass: organizationalPerson
> objectClass: user
> cn: Konrad Ochal (62056228)
> sn: Ochal
>
> But when I run the id command again , it still shows no such user. How to
> fix that ?
>
> Regards
> Sachin Kumar
>
> On Tue, Nov 2, 2021 at 2:05 PM Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
>> On Tue, 2021-11-02 at 13:39 +0530, Sac Isilia wrote:
>>> Hi Rowland,
>>>
>>> Sorry for the late reply. Below are the requested details.
>>>
>>> What OS are you using on the DC ? - Windows Server 2016
>>> What version of Samba ? - 4.9.5
>>> OS Samba packages or self-compiled ? - Samba packages
>>> What is the DC's short hostname ? - AZEUW1DCEM01
>>> What is the DC's ipaddress - 10.19.26.136
>>>
>>> The same for your Unix domain member.
>>>
>>> What is your dns domain ? - emea.media.global.loc
>>> What is your Netbios domain name (also known as the workgroup) ?
>>> - EMEA-MEDIA
>>>
>>> A reminder on this issue - I was able to join the server to
>>> domain EMEA-MEDIA but i am unable to id the domain users
>>>
>>> wbinfo -t
>>> checking the trust secret for domain EMEA-MEDIA via RPC calls
>>> succeeded
>>>
>>> id EMEA-MEDIA\\kochal02
>>> id: ‘EMEA-MEDIA\\kochal02’: no such user
>>>
>>
>> Please install ldb-tools (if not already installed), then run this
>> command:
>>
>> sudo ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b
>> 'dc=emea,dc=media,dc=global,dc=loc'
>> '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02))'
>>
>> That should produce the AD object for 'kochal02'
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
More information about the samba
mailing list