[Samba] Domain member?
L.P.H. van Belle
belle at bazuin.nl
Tue Oct 26 07:37:24 UTC 2021
This is something in your setup.
Can you run this one and post the output.
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
If needed, anonymize where needed.
Greetz,
Louis
> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens
> Joachim Lindenberg via samba
> Verzonden: dinsdag 26 oktober 2021 8:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Domain member?
>
> Hello Rowland,
> I read
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_
> Member, and I specifically read "If your users will only use
> the Samba AD DC for authentication and will not store data on
> it or log into it, you can use the the winbind 'rid' backend,
> this calculates the user and group IDs from the Windows RID,
> if you use the same [global] section of the smb.conf on every
> Unix domain member, you will get the same IDs." - that´s the
> reason I started with a smb.conf of a DC and removed stuff
> that was apparently irrelevant. Is this section of
> documentation also wrong?
>
> > sudo dpkg -l winbind
> Desired=Unknown/Install/Remove/Purge/Hold
> |
> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-a
> Wait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name Version Architecture Description
> +++-==============-=======================-============-======
> =======================================>
> ii winbind 2:4.14.8+dfsg-0.1focal1 amd64
> service to resolve user and group information>
>
> in fact winbind is running after yet another system restart,
> i.e. it looks like some initialization issue during or after
> installation. However it reports:
> Oct 26 06:25:46 le winbindd[832]: [2021/10/26
> 06:25:46.806438, 0]
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
> Oct 26 06:25:46 le winbindd[832]:
> gse_get_client_auth_token: gss_init_sec_context failed with [
> Miscellaneous failure (see text): Client (L>
> Oct 26 06:25:52 le winbindd[832]: [2021/10/26
> 06:25:52.951201, 0]
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
> Oct 26 06:25:52 le winbindd[832]:
> gse_get_client_auth_token: gss_init_sec_context failed with [
> Miscellaneous failure (see text): Client (L>
> Oct 26 06:26:32 le winbindd[832]: [2021/10/26
> 06:26:32.079056, 0]
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
> Oct 26 06:26:32 le winbindd[832]:
> gse_get_client_auth_token: gss_init_sec_context failed with [
> Miscellaneous failure (see text): Client (L>
> Oct 26 06:26:38 le winbindd[832]: [2021/10/26
> 06:26:38.202614, 0]
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
>
> On the right: gse_get_client_auth_token: gss_init_sec_context
> failed with [ Miscellaneous failure (see text): Client
> (LE$@SAMBA.LINDENBERG.ONE) unknown]
>
> I searched for that error, but only M$ or ancient stuff..
> Thanks, Joachim
>
>
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von
> Rowland Penny via samba
> Gesendet: Monday, 25 October 2021 22:28
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Domain member?
>
> On Mon, 2021-10-25 at 22:06 +0200, Joachim Lindenberg via samba wrote:
> > > How did you join the domain ?
> > I joined using net ads join -U Joachim (which happens to be domain
> > admin). No error (after fixing a hostname setup issue).
>
> OK.
>
> >
> > > The line above is only used on a DC
> > I excerpted this from an existing DC. Removed it. No change.
> > Is there a consistency check I can run?
>
> Yes, but you probably don't need it (more on this later)
>
> >
> > > Are you using sssd ?
> > I don´t (yet) know what sssd is about.
>
> As this is Ubuntu, you may have it installed.
> You can check with:
> sudo dpkg -l winbind
>
> The last line will look like this if it isn't installed:
>
> un sssd <none> <none> (no description
> available)
>
> >
> > > Have you installed winbind ?
> > I followed
> >
> https://wiki.samba.org/index.php/Distribution-specific_Package_Install
> > ation#Ubuntu
> > , and yes, winbind is installed.
> >
> > > You have only stopped Samba using nmbd, you need to stop
> it and then
> > > disable it.
> > I didn´t enable it at all. Some magic? If smb.conf asks for no
> > netbios, shouldn´t the process exit?
>
> Debian based distros start packages when they are installed,
> so no magic is involved.
>
> I suggest you go and read this:
>
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>
> and one of these:
> https://wiki.samba.org/index.php/Idmap_config_ad
> https://wiki.samba.org/index.php/Idmap_config_rid
> https://wiki.samba.org/index.php/Idmap_config_autorid
>
> You need to add 'idmap config' lines to your smb.conf (if you
> don't know what they are, you will once you have read the
> above wiki pages).
> You also need to find out why 'systemctl start winbind' doesn't work.
>
> Rowland
>
>
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list