[Samba] Domain member?

L.P.H. van Belle belle at bazuin.nl
Tue Oct 26 07:37:24 UTC 2021 

This is something in your setup. 

Can you run this one and post the output. 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh

If needed, anonymize where needed. 


Greetz,

Louis
 

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Joachim Lindenberg via samba
> Verzonden: dinsdag 26 oktober 2021 8:45
> Aan: samba at lists.samba.org
> Onderwerp: Re: [Samba] Domain member?
> 
> Hello Rowland,
> I read 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_
> Member, and I specifically read "If your users will only use 
> the Samba AD DC for authentication and will not store data on 
> it or log into it, you can use the the winbind 'rid' backend, 
> this calculates the user and group IDs from the Windows RID, 
> if you use the same [global] section of the smb.conf on every 
> Unix domain member, you will get the same IDs." - that´s the 
> reason I started with a smb.conf of a DC and removed stuff 
> that was apparently irrelevant. Is this section of 
> documentation also wrong?
> 
> > sudo dpkg -l winbind
> Desired=Unknown/Install/Remove/Purge/Hold
> | 
> Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-a
> Wait/Trig-pend
> |/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
> ||/ Name           Version                 Architecture Description
> +++-==============-=======================-============-======
> =======================================>
> ii  winbind        2:4.14.8+dfsg-0.1focal1 amd64        
> service to resolve user and group information>
> 
> in fact winbind is running after yet another system restart, 
> i.e. it looks like some initialization issue during or after 
> installation. However it reports:
> Oct 26 06:25:46 le winbindd[832]: [2021/10/26 
> 06:25:46.806438,  0] 
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
> Oct 26 06:25:46 le winbindd[832]:   
> gse_get_client_auth_token: gss_init_sec_context failed with [ 
> Miscellaneous failure (see text): Client (L>
> Oct 26 06:25:52 le winbindd[832]: [2021/10/26 
> 06:25:52.951201,  0] 
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
> Oct 26 06:25:52 le winbindd[832]:   
> gse_get_client_auth_token: gss_init_sec_context failed with [ 
> Miscellaneous failure (see text): Client (L>
> Oct 26 06:26:32 le winbindd[832]: [2021/10/26 
> 06:26:32.079056,  0] 
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
> Oct 26 06:26:32 le winbindd[832]:   
> gse_get_client_auth_token: gss_init_sec_context failed with [ 
> Miscellaneous failure (see text): Client (L>
> Oct 26 06:26:38 le winbindd[832]: [2021/10/26 
> 06:26:38.202614,  0] 
> ../../source3/librpc/crypto/gse.c:547(gse_get_client_auth_token)
> 
> On the right: gse_get_client_auth_token: gss_init_sec_context 
> failed with [ Miscellaneous failure (see text): Client 
> (LE$@SAMBA.LINDENBERG.ONE) unknown]
> 
> I searched for that error, but only M$ or ancient stuff..
> Thanks, Joachim
> 
> 
> -----Ursprüngliche Nachricht-----
> Von: samba <samba-bounces at lists.samba.org> Im Auftrag von 
> Rowland Penny via samba
> Gesendet: Monday, 25 October 2021 22:28
> An: samba at lists.samba.org
> Betreff: Re: [Samba] Domain member?
> 
> On Mon, 2021-10-25 at 22:06 +0200, Joachim Lindenberg via samba wrote:
> > > How did you join the domain ?
> > I joined using net ads join -U Joachim (which happens to be domain 
> > admin). No error (after fixing a hostname setup issue).
> 
> OK.
> 
> > 
> > > The line above is only used on a DC
> > I excerpted this from an existing DC. Removed it. No change. 
> > Is there a consistency check I can run?
> 
> Yes, but you probably don't need it (more on this later)
> 
> > 
> > > Are you using sssd ?
> > I don´t (yet) know what sssd is about.
> 
> As this is Ubuntu, you may have it installed.
> You can check with:
> sudo dpkg -l winbind
> 
> The last line will look like this if it isn't installed:
> 
> un  sssd           <none>       <none>       (no description 
> available)
> 
> > 
> > > Have you installed winbind ?
> > I followed
> > 
> https://wiki.samba.org/index.php/Distribution-specific_Package_Install
> > ation#Ubuntu
> > , and yes, winbind is installed.
> > 
> > > You have only stopped Samba using nmbd, you need to stop 
> it and then 
> > > disable it.
> > I didn´t enable it at all. Some magic? If smb.conf asks for no 
> > netbios, shouldn´t the process exit?
> 
> Debian based distros start packages when they are installed, 
> so no magic is involved.
> 
> I suggest you go and read this:
> 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> 
> and one of these:
> https://wiki.samba.org/index.php/Idmap_config_ad
> https://wiki.samba.org/index.php/Idmap_config_rid
> https://wiki.samba.org/index.php/Idmap_config_autorid
> 
> You need to add 'idmap config' lines to your smb.conf (if you 
> don't know what they are, you will once you have read the 
> above wiki pages).
> You also need to find out why 'systemctl start winbind' doesn't work.
> 
> Rowland
> 
> 
> 
> 
> 
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>

More information about the samba mailing list