[Samba] [NTLMv2] status [NT_STATUS_NO_SUCH_USER]

Rowland Penny rpenny at samba.org
Wed Jun 22 08:29:12 UTC 2022 

On Wed, 2022-06-22 at 10:06 +0200, lists--- via samba wrote:
> Good morning list,
> 
> as our first domain member runs fine for quite some weeks I set-up a 
> second one yesterday, exactly as I set-up the first one (at least I 
> think so ;)) using 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> 
> But I can't connect to it, in /var/log/samba/samba_auth_audit.log can
> be 
> found:
> [2022/06/22 09:12:56.496441,  2] 
> ../../auth/auth_log.c:647(log_authentication_event_human_readable)
>    Auth: [SMB2,(null)] user [.]\[USERNAME] at [Mi, 22 Jun 2022 
> 09:12:56.496403 CEST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] 
> workstation [DESKTOP-76IGOT6] remote host ...
> 
> Testing the connection to the ADDC using:
> 
> wbinfo --ping-dc
> checking the NETLOGON for domain[DOMAIN] dc connection to 
> "dc1.DOMAIN.de" succeeded
> 
> getent hosts HOSTNAME
> 10.147.166.6    HOSTNAME.afp.DOMAIN.de HOSTNAME
> 
> getent hosts 1st member server
> 10.147.166.6    1STMS.afp.DOMAIN.de 1STMS

Why is anything other than '127.0.0.1' and the hosts ipaddress in
/etc/hosts ?

> 
> getent group DOMAIN\\AFP_ALL
> DOMAIN\afp_all:x:115702:
> 
> getent passwd DOMAIN\\USERNAME
> DOMAIN\USERNAME:*:230224:310513::/srv/samba/users/USERNAME:/bin/bash
> 
> /etc/krb5.conf looks fine for me.

Might look good to you, but we cannot see it :-)

> /etc/samba/smb.conf is the same as on first member server

I hope 'netbios name' isn't set.

> /etc/nsswitch.conf is modified as written in 
> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
> 
> Adding the system to AD worked ...:
> samba-tool domain join DOMAIN MEMBER -U"DOMAIN\sec_account"
> Password for [DOMAIN\sec_account]:
> libnet_join_precreate_machine_acct: Machine account successfully
> created
>       join: struct secrets_domain_infoB
>          [...]
> ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No
> such 
> file or directory
> ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with 
> backend 'tdb': Unable to open tdb
> '/var/lib/samba/private/secrets.ldb': 
> No such file or directory
> Joined domain DOMAIN (S-1-5-21-854245398-484763869-1343024091)

You are supposed to run that command as root.
Did the join actually work ? test with 'net ads testjoin' run by root
or with sudo.

> 
> smbd -V
> Version 4.15.7-Debian
> 
> What did I wrong?

I have no idea at this point. :-)

Rowland

More information about the samba mailing list