[Samba] Users appears as SID instead of their own name.
Josep Maria Gorro
jmgorro at gmail.com
Sat Jun 15 11:25:40 UTC 2024
Hello Rowland.
The domain has been running on same Centos box always. It never has been
migrated or moved.
Also I checked AD on current AD server and seems to be OK.
[root at tibidabo ~]# samba-tool dbcheck
Checking 485 objects
Checked 485 objects (0 errors)
To give you more information, this is the current smbstatus output, if
could be helpful.
[root at tibidabo ~]# smbstatus
Samba version 4.6.5
PID Username Group Machine Protocol Version
Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
3273 DOMAINNAME\xserra users 172.26.0.135
(ipv4:172.26.0.135:57321) SMB3_11 -
AES-128-CMAC
2620 nobody 3000024 172.26.0.8 (ipv4:172.26.0.8:46116)
SMB3_11 - -
Service pid Machine Connected at
Encryption Signing
---------------------------------------------------------------------------------------------
IPC$ 2620 172.26.0.8 sáb jun 15 11:46:47 2024 CEST
- -
dades 3273 172.26.0.135 sáb jun 15 12:02:59 2024 CEST -
AES-128-CMAC
Locked files:
Pid Uid DenyMode Access R/W Oplock
SharePath Name Time
--------------------------------------------------------------------------------------------------
3273 3000063 DENY_NONE 0x80 RDONLY NONE
/disco_datos/dades . Sat Jun 15 12:03:01 2024
At this time only one user is connected to the domain.
Regarding Sernet, happy to ear that are good team. Waiting for their
proposal and help.
Thanks a lot.
El 15/06/2024 a las 13:12, Rowland Penny via samba escribió:
> On Sat, 15 Jun 2024 12:52:10 +0200
> Josep Maria Gorro via samba<samba at lists.samba.org> wrote:
>
>> Helo Rowland.
>>
>> I think I won't be able to thank you enough for everything you are
>> doing for me.
>>
>> I've tried and seems to run fine. But finally it throws an error and
>> performs a rollback for all changes on AD.
>> This is the transcript for the messages.
>>
>> root at montsec:/usr/local/samba/etc# samba-tool domain join
>> DOMAINNAME DC -U"administrator"
>> INFO 2024-06-15 10:28:20,881 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #104:
>> Finding a writeable DC for domain 'DOMAINNAME'
>> INFO 2024-06-15 10:28:20,966 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #106:
>> Found DC tibidabo.domainname.lan
>> Password for [DOMAINNAME\administrator]:
>> INFO 2024-06-15 10:28:33,460 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1605:
>> workgroup is DOMAINNAME
>> INFO 2024-06-15 10:28:33,460 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1608:
>> realm is domainname.lan
>> Adding CN=MONTSEC,OU=Domain Controllers,DC=domainname,DC=lan
>> Adding
>> CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
>> Adding CN=NTDS
>> Settings,CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
>> Adding SPNs to CN=MONTSEC,OU=Domain
>> Controllers,DC=domainname,DC=lan Setting account password for MONTSEC$
>> Enabling account
>> Calling bare provision
>> INFO 2024-06-15 10:28:34,333 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2110: Looking up IPv4 addresses
>> INFO 2024-06-15 10:28:34,333 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2127: Looking up IPv6 addresses
>> WARNING 2024-06-15 10:28:34,334 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2134: No IPv6 address will be assigned
>> INFO 2024-06-15 10:28:34,641 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2300: Setting up share.ldb
>> INFO 2024-06-15 10:28:34,668 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2304: Setting up secrets.ldb
>> INFO 2024-06-15 10:28:34,680 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2309: Setting up the registry
>> INFO 2024-06-15 10:28:34,702 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2312: Setting up the privileges database
>> INFO 2024-06-15 10:28:34,715 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2315: Setting up idmap db
>> INFO 2024-06-15 10:28:34,725 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2322: Setting up SAM db
>> INFO 2024-06-15 10:28:34,729 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #882: Setting up sam.ldb partitions and settings
>> INFO 2024-06-15 10:28:34,730 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #894: Setting up sam.ldb rootDSE
>> INFO 2024-06-15 10:28:34,732 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #1310: Pre-loading the Samba 4 and AD schema
>> Unable to determine the DomainSID, can not enforce uniqueness
>> constraint on local domainSIDs
>>
>> INFO 2024-06-15 10:28:34,767 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2412: A Kerberos configuration suitable for Samba AD has been
>> generated at /usr/local/samba/private/krb5.conf
>> INFO 2024-06-15 10:28:34,767 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>> #2414: Merge the contents of this file with your system krb5.conf
>> or replace it with this one. Do not create a symlink!
>> Provision OK for domain DN DC=domainname,DC=lan
>> INFO 2024-06-15 10:28:34,769 pid:27560
>> /usr/local/samba/lib/python3.10/site-packages/samba/join.py #964:
>> Starting replication
>> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>> objects[402/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>> objects[804/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>> objects[1206/1550] linked_values[0/0]
>> Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>> objects[1550/1550] linked_values[0/0]
>> Analyze and apply schema objects
>> Partition[CN=Configuration,DC=domainname,DC=lan] objects[402/1648]
>> linked_values[0/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan] objects[804/1648]
>> linked_values[0/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[1206/1648] linked_values[0/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[1608/1648] linked_values[0/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[1648/1648] linked_values[64/64]
>> Failed to commit objects: WERR_DS_DRA_RECYCLED_TARGET
>> Missing target object - retrying with DRS_GET_TGT
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[2050/1648] linked_values[64/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[2452/1648] linked_values[64/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[2854/1648] linked_values[64/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[3256/1648] linked_values[64/1]
>> Partition[CN=Configuration,DC=domainname,DC=lan]
>> objects[3296/1648] linked_values[128/64]
>> Replicating critical objects from the base DN of the domain
>> Partition[DC=domainname,DC=lan] objects[97/97]
>> linked_values[29/29] Partition[DC=domainname,DC=lan] objects[402/484]
>> linked_values[0/290] Partition[DC=domainname,DC=lan] objects[484/484]
>> linked_values[338/338] Done with always replicated NC (base, config,
>> schema) Replicating DC=DomainDnsZones,DC=domainname,DC=lan
> Where did your domain come from ?
> Did it start as a Samba domain that you provisioned, or was it upgraded
> from an early Microsoft domain ?
>
>
>> Join failed - cleaning up
> Anything after the above line is an artefact of the failure and can be
> ignored.
>
>> Regarding European support you're right. I'm waiting for a Sernet
>> response. I sent them a mail requesting support.
>>
> You should be in good hands with Sernet, quite a few of the Samba team
> are employed there.
>
> Rowland
>
--
------------------------------------------------------------------------
Josep M. Gorro <mailto:jmgorro at gmail.com>
*Systems engineer*
--
Este correo electrónico ha sido analizado en busca de virus por el software antivirus de Avast.
www.avast.com
More information about the samba
mailing list