[Samba] Joining Linux Domain Member to Samba DC, issues

Mark Foley mfoley at novatec-inc.com
Mon May 20 04:07:38 UTC 2024 

On 5/19/2024 3:50 PM, Rowland Penny via samba wrote:
> On Sun, 19 May 2024 15:26:03 -0400
> Mark Foley via samba <samba at lists.samba.org> wrote:
>
>> I've successfully joined several Linux hosts as Domain Members thus
>> far; except for this one particular host that seems to fail in a
>> different way each time I try -- I've even scratch-installed this
>> host from installation DVD.
>>
>> All the tests listed in
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>> work. My latest attempt is as follows:
>>
>> # net ads join -U administrator
>> Password for [HPRS\administrator]:
>> ldb: unable to dlopen /usr/lib64/ldb/local_password.so :
>> /usr/lib64/libsamdb-common-samba4.so: version `SAMBA_4.6.16' not
>> found (required by /usr/lib64/ldb/local_password.so)
>> ldb: unable to dlopen /usr/lib64/ldb/simple_dn.so :
>> /usr/lib64/libdsdb-module-samba4.so: version `SAMBA_4.6.16' not found
>> (required by /usr/lib64/ldb/simple_dn.so)
>> ldb: unable to dlopen /usr/lib64/ldb/simple_ldap_map.so :
>> /usr/lib64/libsamdb-common-samba4.so: version `SAMBA_4.6.16' not
>> found (required by /usr/lib64/ldb/simple_ldap_map.so)
>> Using short domain name -- HPRS
>> Joined 'WEBSERVER' to dns domain 'hprs.local'
>> DNS Update for webserver.hprs.local failed: ERROR_DNS_UPDATE_FAILED
>> DNS update failed: NT_STATUS_UNSUCCESSFUL
>>
>> # samba --version
>> Version 4.18.9
>>
>> A couple of points of interest: neither the Domain Controller nor the
>> other Linux Domain Member on this LAN have the file
>> /usr/lib64/ldb/local_password.so. On this problem child, that file is
>> dated 11/28/2018. Two other files in that directory have the same
>> date: simple_dn.so and simple_ldap_map.so. All the rest of the files
>> in that directory have the same dates as the Domain Controller and
>> the other Domain Member, 11/30/2023.
>>
>> My current Samba Version on all three of these computers is 4.18.9.
>> The old samba version before upgrading was 4.6.16 -- the very version
>> listed above as "SAMBA_4.16.16" not found.
>>
>> Before I do something stupid, I was to bounce a thought off the
>> sambaList experts. I'm theorizing that the previous version of Samba
>> (4.6.16) was not completely removed and left some files (like
>> local_password.so) laying around.
>>
>> My proposed solution is to completely uninstall Samba and any and all
>> vestiges thereof, and reinstall from scratch.
>>
>> Does that sound reasonable, or could I just delete these 3 old files
>> and try again? Note that this host works fine doing samba shares.
>>
>> Thanks --Mark
> I haven't seen this for a few years, either your upgrade hasn't
> upgraded everything or the upgrade hasn't removed files that it
> should. Either way, I would backup any data you need from the computer
> and then blow it away and start afresh.
>
> Rowland
OK, I'm going to try baby-steps working back to a wipe/reinstall if 
necessary. First, I removed the three old 2018 files: local_password.so, 
simple_dn.so and simple_ldap_map.so. Then I attempted to re-join the 
domain. I got:

# net ads join -U administrator
Password for [HPRS\administrator]:
Using short domain name -- HPRS
Joined 'WEBSERVER' to dns domain 'hprs.local'
DNS Update for webserver.hprs.local failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL

I'm guessing (hoping) the DNS errors were because WEBSERVER already had 
an A record configured. I did the following to verify there was a A record:

# samba-tool dns query mail.hprs.local hprs.local webserver.hprs.local A 
-Uadministrator
   Name=, Records=1, Children=0
     A: 192.168.0.3 (flags=f0, serial=119, ttl=900)

Which looks like it worked. I further verified that WEBSERVER was a 
domain member (on the DC):

# ldbsearch -H /var/lib/samba/private/sam.ldb '(objectclass=computer)' dn
# record 13
dn: CN=WEBSERVER,CN=Computers,DC=hprs,DC=local

So, I *think* the join worked. I now have the following smb.conf, adding 
a share (xfer):

[global]
         max log size = 10000
         realm = HPRS.LOCAL
         security = ADS
         server role = member server
         server string = HPRS WEBSERVER server
         template homedir = /home/%U
         template shell = /bin/bash
         workgroup = HPRS
         idmap config hprs : range = 10000-999999
         idmap config hprs : backend = rid
         idmap config * : range = 3000-7999
         idmap config * : backend = tdb

vfs objects = acl_xattr
map acl inherit = yes

load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes

[xfer]
path = /home/ohprs/xfer
public = yes
readonly = no
locking = yes
printable = no
create mask = 0660
directory mask = 0771

I updated nsswitch.conf to add winbind to passwd: and group: then fired 
up smbd, nmbd and winbindd -- and it worked! I can map the xfer share 
from Windows which silently uses domain credentials. I added several 
more shares and was able to map them all! I may have to tweak 
permissions somewhere, but that should be a minor problem.

Thus far it seems that simply removing those old files did the trick 
without having to uninstall/reinstall Samba, or wipe/install the whole 
system. I'll keep my fingers crossed on this one.

Thanks --Mark

More information about the samba mailing list