[Samba] Cant connect to AD member
basti
mailinglist at unix-solution.de
Mon Sep 4 14:39:39 UTC 2023
Hello,
I have setup a Samba AD-DC qand a member server. all debian12.
When I try to connect from windows client to dc1 all is fine.
The same machine can't connect to member server.
[global]
workgroup = NET
security = ADS
realm = NET.EXAMPLE.DE
log file = /var/log/samba/%m.log
log level = 1
winbind refresh tickets = Yes
vfs objects = acl_xattr
map acl inherit = Yes
store dos attributes = Yes
#dedicated keytab file = /etc/krb5.keytab
#kerberos method = secrets and keytab
winbind use default domain = yes
# Default ID mapping configuration for local BUILTIN accounts
# and groups on a domain member. The default (*) domain:
# - must not overlap with any domain ID mapping configuration!
# - must use an read-write-enabled back end, such as tdb.
idmap config * : backend = tdb
idmap config * : range = 3000-7999
# idmap config for the NET domain
idmap config NET:backend = ad
idmap config NET:schema_mode = rfc2307
idmap config NET:range = 10000-999999
idmap config NET:unix_nss_info = yes
# fix dfs error's in log ?
host msdfs = no
dns proxy = no
log file = /var/log/samba/log.%m
max log size = 10000
panic action = /usr/share/samba/panic-action %d
map to guest = bad user
#======================= Share Definitions =======================
....
root at fs:~# smbclient -N -L \\localhost
Sharename Type Comment
--------- ---- -------
praxis Disk
dagmar Disk
thomas Disk
iustest Disk
IPC$ IPC IPC Service (Samba 4.17.10-Debian)
SMB1 disabled -- no workgroup available
root at fs:~#
wbinfo -u works
getent passwd username works
smbclient from a other linux machine works.
root at fs:~# net rpc rights list -U Administrator -S fs
Password for [NET\Administrator]:
Could not connect to server fs
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
root at fs:~#
Sep 04 16:32:22 fs smbd[713]: [2023/09/04 16:32:22.778684, 0]
../../source3/auth/auth_util.c:1927(check_account)
Sep 04 16:32:22 fs smbd[713]: check_account: Failed to convert SID
S-1-5-21-2233635944-4000802713-2790315286-500 to a UID
(dom_user[NET\administrator])
Windows say: error 0x8004005
smbclient from test linux to fs works also.
I have no idea anymore whats is wrong here.
More information about the samba
mailing list