[Samba] samba+winbindd problem joining Ubuntu 20+ to windows 2000 domain
Ivan Lopez
ilopez at enress.gov.ar
Wed May 31 15:44:11 UTC 2023
Hi, Rowland. Thanks for your answer. There is the result of testparm -s
in Ubuntu 20. I've send the result of testparm -v because I thought that
some default could have changed between versions.
#sudo testparm -s
Load smb config files from /etc/samba/smb.conf
lpcfg_do_global_parameter: WARNING: The "syslog" option is deprecated
Loaded services file OK.
Weak crypto is allowed
Server role: ROLE_DOMAIN_MEMBER
# Global parameters
[global]
client ipc min protocol = NT1
client min protocol = NT1
client max protocol = NT1
dns proxy = No
log file = /var/log/samba/log.%m
map to guest = Bad User
max log size = 1000
obey pam restrictions = Yes
pam password change = Yes
panic action = /usr/share/samba/panic-action %d
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
passwd program = /usr/bin/passwd %u
realm = OUR.REALM
security = ADS
server role = standalone server
server string = %h server (Samba, Ubuntu)
syslog = 0
template shell = /bin/bash
unix password sync = Yes
usershare allow guests = Yes
winbind use default domain = Yes
workgroup = OUR
idmap config our : range = 16777220-33554431
idmap config our : backend = rid
idmap config * : range = 5000-16777200
idmap config * : backend = tdb
[printers]
browseable = No
comment = All Printers
create mask = 0700
path = /var/spool/samba
printable = Yes
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
Thanks.
Iván
El 31/5/23 a las 11:13, Rowland Penny via samba escribió:
>
>
> On 31/05/2023 14:40, Ivan Lopez via samba wrote:
>> Hi, people. How are you?. I hope you are very well
>>
>> Could you help us, please?. We've a problem with
>> Ubuntu+samba+winbindd joining an old Windows 2000 Active Directory
>> domain (we are testing migrate our domain to SAMBA4 but, for now, we
>> must continue using the current domain).
>>
>> We have no problems joining Ubuntu 18 and, in the past, we've joined
>> Ubuntu 20 PCs. It seems to be some update in libraries or packages
>> involved in interactions winbindd/samba-Windows 2000 AD has broken
>> something in our environment and now, join an updated Ubuntu 20 can't
>> be done. We can install ubuntu 18, join the PC to domain and then,
>> update to Ubuntu 20 but is a pain because we are planning go to
>> ubuntu 22.
>>
>> *In the PC (ubuntu 20) we are trying to join:*
>>
>> a) Result of net ads:
>>
>> sudo net ads join -U Administrador
>> [sudo] contraseña para sistemas:
>> Password for [OUR\Administrador]:
>> ads_print_error: AD LDAP ERROR: 53 (Server is unwilling to perform):
>> 00002077: SvcErr: DSID-031D0AAB, problem 5003 (WILL_NOT_PERFORM), data 0
>>
>> connect_to_domain_password_server: unable to open the domain client
>> session to machine mailsrv.OUR.REALM. Flags[0x00000000] Error was :
>> NT_STATUS_ACCESS_DENIED.
>> Failed to join domain: failed to verify domain membership after
>> joining: {Access Denied} A process has requested access to an object
>> but has not been granted those access rights.
>>
>> c) After that, winbindd can't be started. In winbind logs:
>>
>> [2023/05/31 08:51:46.501656, 0]
>> ../../source3/winbindd/winbindd.c:1722(main)
>> winbindd version 4.15.13-Ubuntu started.
>> Copyright Andrew Tridgell and the Samba Team 1992-2021
>> [2023/05/31 08:51:46.505271, 0]
>> ../../source3/winbindd/winbindd_cache.c:3085(initialize_winbindd_cache)
>> initialize_winbindd_cache: clearing cache and re-creating with
>> version number 2
>> [2023/05/31 08:51:46.507658, 0]
>> ../../source3/winbindd/winbindd_util.c:1376(init_domain_list)
>> Could not fetch our SID - did we join?
>> [2023/05/31 08:51:46.507681, 0]
>> ../../source3/winbindd/winbindd.c:1460(winbindd_register_handlers)
>> unable to initialize domain list
>>
>> b) Result of testparm -v:
>
> Before we go any further, can you run that command again, but replace
> the '-v' with '-s'
>
> Rowland
>
More information about the samba
mailing list