[Samba] samba+winbindd problem joining Ubuntu 20+ to windows 2000 domain
Rowland Penny
rpenny at samba.org
Wed May 31 14:13:44 UTC 2023
On 31/05/2023 14:40, Ivan Lopez via samba wrote:
> Hi, people. How are you?. I hope you are very well
>
> Could you help us, please?. We've a problem with Ubuntu+samba+winbindd
> joining an old Windows 2000 Active Directory domain (we are testing
> migrate our domain to SAMBA4 but, for now, we must continue using the
> current domain).
>
> We have no problems joining Ubuntu 18 and, in the past, we've joined
> Ubuntu 20 PCs. It seems to be some update in libraries or packages
> involved in interactions winbindd/samba-Windows 2000 AD has broken
> something in our environment and now, join an updated Ubuntu 20 can't be
> done. We can install ubuntu 18, join the PC to domain and then, update
> to Ubuntu 20 but is a pain because we are planning go to ubuntu 22.
>
> *In the PC (ubuntu 20) we are trying to join:*
>
> a) Result of net ads:
>
> sudo net ads join -U Administrador
> [sudo] contraseña para sistemas:
> Password for [OUR\Administrador]:
> ads_print_error: AD LDAP ERROR: 53 (Server is unwilling to perform):
> 00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT_PERFORM), data 0
>
> connect_to_domain_password_server: unable to open the domain client
> session to machine mailsrv.OUR.REALM. Flags[0x00000000] Error was :
> NT_STATUS_ACCESS_DENIED.
> Failed to join domain: failed to verify domain membership after joining:
> {Access Denied} A process has requested access to an object but has not
> been granted those access rights.
>
> c) After that, winbindd can't be started. In winbind logs:
>
> [2023/05/31 08:51:46.501656, 0]
> ../../source3/winbindd/winbindd.c:1722(main)
> winbindd version 4.15.13-Ubuntu started.
> Copyright Andrew Tridgell and the Samba Team 1992-2021
> [2023/05/31 08:51:46.505271, 0]
> ../../source3/winbindd/winbindd_cache.c:3085(initialize_winbindd_cache)
> initialize_winbindd_cache: clearing cache and re-creating with
> version number 2
> [2023/05/31 08:51:46.507658, 0]
> ../../source3/winbindd/winbindd_util.c:1376(init_domain_list)
> Could not fetch our SID - did we join?
> [2023/05/31 08:51:46.507681, 0]
> ../../source3/winbindd/winbindd.c:1460(winbindd_register_handlers)
> unable to initialize domain list
>
> b) Result of testparm -v:
Before we go any further, can you run that command again, but replace
the '-v' with '-s'
Rowland
More information about the samba
mailing list