[Samba] Cant connect to AD member

basti mailinglist at unix-solution.de
Mon Sep 4 14:39:39 UTC 2023

I have setup a Samba AD-DC qand a member server. all debian12.

When I try to connect from windows client to dc1 all is fine.
The same machine can't connect to member server.

    workgroup = NET
    security = ADS
    realm = NET.EXAMPLE.DE

    log file = /var/log/samba/%m.log
    log level = 1

    winbind refresh tickets = Yes
    vfs objects = acl_xattr
    map acl inherit = Yes
    store dos attributes = Yes

    #dedicated keytab file = /etc/krb5.keytab
    #kerberos method = secrets and keytab

    winbind use default domain = yes

    # Default ID mapping configuration for local BUILTIN accounts
    # and groups on a domain member. The default (*) domain:
    # - must not overlap with any domain ID mapping configuration!
    # - must use an read-write-enabled back end, such as tdb.
    idmap config * : backend = tdb
    idmap config * : range = 3000-7999
    # idmap config for the NET domain
    idmap config NET:backend = ad
    idmap config NET:schema_mode = rfc2307
    idmap config NET:range = 10000-999999
    idmap config NET:unix_nss_info = yes

     # fix dfs error's in log ?
     host msdfs = no

    dns proxy = no
    log file = /var/log/samba/log.%m
    max log size = 10000
    panic action = /usr/share/samba/panic-action %d

    map to guest = bad user

#======================= Share Definitions =======================

root at fs:~# smbclient -N  -L \\localhost

	Sharename       Type      Comment
	---------       ----      -------
	praxis          Disk
	dagmar          Disk
	thomas          Disk
	iustest         Disk
	IPC$            IPC       IPC Service (Samba 4.17.10-Debian)
SMB1 disabled -- no workgroup available
root at fs:~#

wbinfo -u works
getent passwd username works

smbclient from a other linux machine works.

root at fs:~# net rpc rights list -U Administrator -S fs
Password for [NET\Administrator]:
Could not connect to server fs
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
root at fs:~#

Sep 04 16:32:22 fs smbd[713]: [2023/09/04 16:32:22.778684,  0] 
Sep 04 16:32:22 fs smbd[713]:   check_account: Failed to convert SID 
S-1-5-21-2233635944-4000802713-2790315286-500 to a UID 

Windows say: error 0x8004005

smbclient from test linux to fs works also.

I have no idea anymore whats is wrong here.

More information about the samba mailing list