[Samba] Unable to join domain I think.
Rob Campbell
robcampbell08105 at gmail.com
Wed Sep 14 12:57:36 UTC 2022
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Wed, Sep 14, 2022 at 3:18 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 13/09/2022 22:08, Rob Campbell wrote:
> >
> >
> > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> > In all things, Be Intentional.
> >
> >
> > On Tue, Sep 13, 2022 at 4:33 PM Rowland Penny via samba
> > <samba at lists.samba.org <mailto:samba at lists.samba.org>> wrote:
> >
> >
> >
> > On 13/09/2022 21:22, Rob Campbell wrote:
> > > [Tue Sep 13 16:15:43] [*root at dc02~$*] net ads testjoin
> > > Join is OK
> >
> > If I remember correctly, DC02 is a Unix domain member, so that (from
> > info provided) appears to working correctly.
> >
> > >
> > > [Tue Sep 13 16:19:14] [*root at D01~$*] net ads testjoin
> > > ads_connect: No logon servers are currently available to service
> the
> > > logon request.
> > > Join to domain is not valid: No logon servers are currently
> > available to
> > > service the logon request.
> >
> > Can you go here:
> >
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
> > <
> https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh
> >
> >
> > Download the script and run it on 'D01'
> > post the output here in a post, do not attach it, this list strips
> > attachments. Sanitise it you must.
> >
> >
> > [Tue Sep 13 17:04:30] [root at D01~$] samba-collect-debug-info.sh
> >
> > Please wait, collecting debug info.
> >
> > Password for Administrator at HOME.ROB-CAMPBELL.LAN:
> > Warning: Your password will expire in 41 days on Tue 25 Oct 2022
> > 12:47:59 AM EDT
> > Warning: No smb.conf found
> >
> >
> > The debug info about your system can be found in this file:
> > /tmp/samba-debug-info.txt
> >
> > Please check this and if required, sanitise it.
> > Then copy & paste it into an email to the samba list
> > Do not attach it to the email, the Samba mailing list strips attachments.
> >
> > [Tue Sep 13 17:04:41] [root at D01~$] smbd -b | grep 'CONFIGFILE' | awk
> > '{print $NF}'
> > /etc/samba/smb.conf
> > [Tue Sep 13 17:04:45] [root at D01~$] cat /etc/samba/smb.conf
> > [global]
> > security = ADS
> > workgroup = HOME
> > realm = HOME.ROB-CAMPBELL.LAN
> >
> > log file = /var/log/samba/%m.log
> > log level = 1
> >
> > idmap config * : backend = autorid
> > idmap config * : range = 10000-9999999
> > idmap config * : rangesize = 200000
> >
> > username map = /etc/samba/user.map
> >
> > template shell = /bin/bash
> > template homedir = /home/%U
> > [Tue Sep 13 17:04:47] [root at D01~$] cat /tmp/samba-debug-info.txt
> > Config collected --- 2022-09-13-17:04 -----------
> >
> > Hostname: D01
> > DNS Domain: home.rob-campbell.lan
> > Realm: HOME.ROB-CAMPBELL.LAN
> > FQDN: d01.home.rob-campbell.lan
> > ipaddress: 10.0.0.18 2600:4040:4666:f900::1406
> >
> > -----------
> >
> > This computer is running Debian 11.4 x86_64
> >
> > -----------
> >
> > running command : ip a
> > 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
> > group default qlen 1000
> > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> > inet 127.0.0.1/8 <http://127.0.0.1/8> scope host lo
> > inet6 ::1/128 scope host
> > 2: enp3s0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN
> > group default qlen 1000
> > link/ether c8:0a:a9:0e:93:23 brd ff:ff:ff:ff:ff:ff
> > 3: wlo1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> > state UP group default qlen 1000
> > link/ether c4:17:fe:4e:1a:8b brd ff:ff:ff:ff:ff:ff
> > altname wlp2s0
> > inet 10.0.0.18/24 <http://10.0.0.18/24> brd 10.0.0.255 scope
> global
> > dynamic noprefixroute wlo1
> > valid_lft 83491sec preferred_lft 83491sec
> > inet6 2600:4040:4666:f900::1406/128 scope global dynamic
> noprefixroute
> > valid_lft 2359sec preferred_lft 559sec
> > inet6 fe80::7563:2b02:c335:1a7d/64 scope link noprefixroute
> >
> > -----------
> >
> > Checking file: /etc/hosts
> >
> > 127.0.0.1 localhost
> > 10.0.0.18 d01.home.rob-campbell.lan d01
> >
> > # The following lines are desirable for IPv6 capable hosts
> > ::1 localhost ip6-localhost ip6-loopback
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> >
> > -----------
> >
> > Checking file: /etc/resolv.conf
> >
> > nameserver 10.0.0.10
> > search HOME.ROB-CAMPBELL.LAN
> >
> > -----------
> >
> > Kerberos SRV _kerberos._tcp.home.rob-campbell.lan record(s) verified ok,
> > sample output:
> > Server: 10.0.0.10
> > Address: 10.0.0.10#53
> >
> > _kerberos._tcp.home.rob-campbell.lan service = 0 100 88
> > dc01.home.rob-campbell.lan.
> >
> > -----------
> >
> > 'kinit Administrator' checked successfully.
> >
> > -----------
> >
> > Samba is not being run as a DC or a Unix domain member.
>
> I think that message needs changing, it really means that no Samba
> binaries are running.
>
> >
> > -----------
> >
> > Checking file: /etc/krb5.conf
> >
> > [libdefaults]
> > default_realm = HOME.ROB-CAMPBELL.LAN
> > dns_lookup_realm = false
> > dns_lookup_kdc = true
> >
> > -----------
> >
> > Checking file: /etc/nsswitch.conf
> >
> > # /etc/nsswitch.conf
> > #
> > # Example configuration of GNU Name Service Switch functionality.
> > # If you have the `glibc-doc-reference' and `info' packages installed,
> try:
> > # `info libc "Name Service Switch"' for information about this file.
> >
> > passwd: files winbind systemd sss
> > group: files winbind systemd sss
> > shadow: files sss
> > gshadow: files
> >
> > hosts: files mdns4_minimal [NOTFOUND=return] dns myhostname
> > networks: files
> >
> > protocols: db files
> > services: db files sss
> > ethers: db files
> > rpc: db files
> >
> > netgroup: nis sss
> > automount: sss
> >
>
> I would remove all the 'sss'
>
This was supposed to be done on the members, dc or both? This output was
from a member so I did remove it from all the members. Changing hosts:
files dns was supposed to be changed on the DC, right?
>
> > -----------
> >
> >
> > Time on the DC with PDC Emulator role is: 2022-09-13T17:04:40
> >
> >
> > Time on this computer is: 2022-09-13T17:04:41
> >
> >
> > Time verified ok, within the allowed 300sec margin.
> > Time offset is currently : 0 seconds
> >
> > -----------
> >
> > Installed packages:
> > ii acl 2.2.53-10
> > amd64 access control list - utilities
> > ii attr 1:2.4.48-6
> > amd64 utilities for manipulating filesystem extended
> > attributes
> > ii fonts-quicksand 0.2016-2.1
> > all sans-serif font with round attributes
> > ii kde-spectacle 20.12.3-1
> > amd64 Screenshot capture utility
> > ii krb5-config 2.6+nmu1
> > all Configuration files for Kerberos Version 5
> > ii krb5-locales 1.18.3-6+deb11u1
> > all internationalization support for MIT Kerberos
> > ii krb5-user 1.18.3-6+deb11u1
> > amd64 basic programs to authenticate using MIT Kerberos
> > ii libacl1:amd64 2.2.53-10
> > amd64 access control list - shared library
> > ii libattr1:amd64 1:2.4.48-6
> > amd64 extended attribute handling - shared library
> > ii libgssapi-krb5-2:amd64 1.18.3-6+deb11u1
> > amd64 MIT Kerberos runtime libraries - krb5 GSS-API
> > Mechanism
> > ii libkrb5-3:amd64 1.18.3-6+deb11u1
> > amd64 MIT Kerberos runtime libraries
> > ii libkrb5support0:amd64 1.18.3-6+deb11u1
> > amd64 MIT Kerberos runtime libraries - Support library
> > ii libmoox-aliases-perl 0.001006-1.1
> > all easy aliasing of methods and attributes in Moo
> > ii libnss-winbind:amd64
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Samba nameservice
> > integration plugins
> > ii libpam-krb5:amd64 4.9-2
> > amd64 PAM module for MIT Kerberos
> > ii libpam-winbind:amd64
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Windows domain
> > authentication integration plugin
> > ii libsmbclient:amd64
> > 2:4.13.13+dfsg-1~deb11u5 amd64 shared library for
> > communication with SMB/CIFS servers
> > ii libwbclient0:amd64
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Samba winbind client
> library
> > ii python3-nacl 1.4.0-1+b1
> > amd64 Python bindings to libsodium (Python 3)
> > ii python3-pylibacl:amd64 0.6.0-1+b1
> > amd64 module for manipulating POSIX.1e ACLs (Python3
> > version)
> > ii python3-pyxattr:amd64 0.7.2-1+b1
> > amd64 module for manipulating filesystem extended
> > attributes (Python3)
> > ii python3-samba
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Python 3 bindings for Samba
> > ii samba
> > 2:4.13.13+dfsg-1~deb11u5 amd64 SMB/CIFS file, print, and
> > login server for Unix
> > ii samba-common
> > 2:4.13.13+dfsg-1~deb11u5 all common files used by
> > both the Samba server and client
> > ii samba-common-bin
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Samba common files used
> > by both the server and the client
> > ii samba-dsdb-modules:amd64
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Samba Directory Services
> > Database
> > ii samba-libs:amd64
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Samba core libraries
> > ii samba-vfs-modules:amd64
> > 2:4.13.13+dfsg-1~deb11u5 amd64 Samba Virtual FileSystem
> > plugins
> > ii smbclient
> > 2:4.13.13+dfsg-1~deb11u5 amd64 command-line SMB/CIFS
> > clients for Unix
> > ii sssd-krb5 2.4.1-2
> > amd64 System Security Services Daemon -- Kerberos
> > back end
> > ii sssd-krb5-common 2.4.1-2
> > amd64 System Security Services Daemon -- Kerberos
> helpers
> > ii vlc-plugin-samba:amd64 3.0.17.4-0+deb11u1
> > amd64 Samba plugin for VLC
> > ii winbind
> > 2:4.13.13+dfsg-1~deb11u5 amd64 service to resolve user
> > and group information from Windows NT servers
> >
> > -----------
> >
> > I did fix some things but after fixing I ran it again. Why does it
> > think I have no samba file? Does it have the wrong permissions?
> >
> >
>
> They are good questions, why can the script not find the smb.conf ?
> What does 'testparm -s' produce ?
> The permissions on the smb.conf should be '-rw-r--r--' and owned by
> 'root:root'
>
> Rowland
>
>
[Wed Sep 14 08:50:39] [root at dc02~$] testparm -s
Load smb config files from /etc/samba/smb.conf
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
log file = /var/log/samba/%m.log
realm = HOME.ROB-CAMPBELL.LAN
security = ADS
template homedir = /home/%U
template shell = /bin/bash
username map = /etc/samba/user.map
workgroup = HOME
idmap config * : rangesize = 200000
idmap config * : range = 10000-9999999
idmap config * : backend = autorid
[Wed Sep 14 08:51:10] [root at dc02~$] la /etc/samba/smb.conf
-rw-r--r-- 1 root root 596 Sep 13 00:49 /etc/samba/smb.conf
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list