debian 10: I can not integrate a linux machine into a Samba Ad
nathalie ramat
nathalie.ramat at univ-littoral.fr
Thu May 9 07:29:05 UTC 2019
Hello
I have a old version of samba which communicate with users windows 7 and user debian Linux.I have to integrate new machines under Windows 10.
I am testing the samba version 4.9.5.
I am use the packages of debian testing (debian 10) for a server and the user.
I want to use samba as AD. I have generated my AD with the following command : samba-tool domain provision --use-rfc2307 --interactive
everything was generated correctly apparently
But when I execute the commande samba -i I have the following errors :
/usr/sbin/smbd: pid_to_procid: messaging_dgm_get_unique failed: Aucun
fichier ou dossier de ce type
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 16162 failed:
NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: pid_to_procid: messaging_dgm_get_unique failed: Aucun
fichier ou dossier de ce type
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 24980 failed:
NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: pid_to_procid: messaging_dgm_get_unique failed: Aucun
fichier ou dossier de ce type
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 16173 failed:
NT_STATUS_OBJECT_NAME_NOT_FOUND
/usr/sbin/smbd: pid_to_procid: messaging_dgm_get_unique failed: Aucun
fichier ou dossier de ce type
/usr/sbin/smbd: send_all_fn: messaging_send_buf to 31019 failed:
NT_STATUS_OBJECT_NAME_NOT_FOUND
Nevertheless, I can to integrate my windows machines (7 and 10) into my domain.
But for my linux machines - impossible
if I use the command net rpc join -S nordend.LENZSPITZE.CALAIS.FR -U administrator .The client wait and doesn't ask the password
or if i use net ads join -S nordend.LENZSPITZE.CALAIS.FR -U administrator the linux client asks for the password - and wait for the answer of the server
In the logs of the server , I realized that he was trying to identify the machine via the kerberos database.
However, the machine could not generate a kerberos ticket because I can
not join her to the domain.
Kerberos: AS-REQTESTBUGSTER$@LENZSPITZE.CALAIS.FR from
ipv4:192.168.22.xxx:59861 for
krbtgt/LENZSPITZE.CALAIS.FR at LENZSPITZE.CALAIS.FR
Kerberos: UNKNOWN --TESTBUGSTER$@LENZSPITZE.CALAIS.FR: no such entry
found in hdb
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user
[(null)]\[TESTBUGSTER$@LENZSPITZE.CALAIS.FR] at [Fri, 26 Apr 2019
12:39:14.537545 CEST] with [(null)] status [NT_STATUS_NO_SUCH_USER]
workstation [(null)] remote host [ipv4:192.168.22.xxx:59861] mapped to
[(null)]\[(null)]. local host [NULL]
{"timestamp": "2019-04-26T12:39:14.537598+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress": null,
"remoteAddress": "ipv4:192.168.22.xx:59861", "serviceDescription":
"Kerberos KDC", "authDescription": "ENC-TS Pre-authentication",
"clientDomain": null, "clientAccount":
"TESTBUGSTER$@LENZSPITZE.CALAIS.FR", "workstation": null,
"becameAccount": null, "becameDomain": null, "becameSid": null,
"mappedAccount": null, "mappedDomain": null, "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": null, "duration": 2589}}
/usr/sbin/smbd: ldb_wrap open of secrets.ldb
/usr/sbin/smbd: Got NTLMSSP neg_flags=0x62088215
/usr/sbin/smbd: Got user=[TESTBUGSTER$] domain=[LENZSPITZE]
workstation=[TESTBUGSTER] len1=24 len2=356
/usr/sbin/smbd: auth_check_password_send: Checking password for unmapped
user [LENZSPITZE]\[TESTBUGSTER$]@[TESTBUGSTER]
/usr/sbin/smbd: auth_check_password_send: user is:
[LENZSPITZE]\[TESTBUGSTER$]@[TESTBUGSTER]
/usr/sbin/smbd: sam_search_user: Couldn't find user [TESTBUGSTER$] in
samdb, under DC=lenzspitze,DC=calais,DC=fr
/usr/sbin/smbd: auth_check_password_recv: sam authentication for user
[LENZSPITZE\TESTBUGSTER$] FAILED with error NT_STATUS_NO_SUCH_USER,
authoritative=1
/usr/sbin/smbd: Auth: [SMB2,NTLMSSP] user [LENZSPITZE]\[TESTBUGSTER$] at
[ven., 26 avril 2019 12:39:14.561942 CEST] with [NTLMv2] status
[NT_STATUS_NO_SUCH_USER] workstation [TESTBUGSTER] remote host
[ipv4:192.168.22.xxx:58998] mapped to [LENZSPITZE]\[TESTBUGSTER$]. local
host [ipv4:192.168.22.xxx:445]
/usr/sbin/smbd: {"timestamp": "2019-04-26T12:39:14.562671+0200", "type":
"Authentication", "Authentication": {"version": {"major": 1, "minor":
0}, "status": "NT_STATUS_NO_SUCH_USER", "localAddress":
"ipv4:192.168.22.xxx:445", "remoteAddress": "ipv4:192.168.22.xxx:58998",
"serviceDescription": "SMB2", "authDescription": "NTLMSSP",
"clientDomain": "LENZSPITZE", "clientAccount": "TESTBUGSTER$",
"workstation": "TESTBUGSTER", "becameAccount": null, "becameDomain":
null, "becameSid": null, "mappedAccount": "TESTBUGSTER$",
"mappedDomain": "LENZSPITZE", "netlogonComputer": null,
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000",
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": null,
"passwordType": "NTLMv2", "duration": 11627}}
/usr/sbin/smbd: gensec_spnego_server_negTokenTarg_step: SPNEGO(ntlmssp)
login failed: NT_STATUS_NO_SUCH_USER
When I execute on the server : smbclient -L localhost -U administrator
I get the following answer
Sharename Type Comment
--------- ---- -------
homes Disk
profiles Disk
print$ Disk Printer Drivers
IPC$ IPC IPC Service (Samba 4.9.5-Debian)
Administrator Disk Home directory of LENZSPITZE/Administrator
Reconnecting with SMB1 for workgroup listing.
Server Comment
--------- -------
NORDEND Samba 4.9.5-Debian
Workgroup Master
--------- -------
LENZSPITZE
I think the client and the server do not use the same protocols
communications (net rpc --> SMB1/CIFS ? ).
How can I add my linux Machine to my AD ?
I configured smb.conf at my server :
# global parameters
[global]
workgroup = LENZSPITZE
realm = lenzspitze.calais.fr
netbios name = NORDEND
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,winbindd, ntp_signd, kcc
log level = 3
log file = /var/log/samba/log.%m
max log size = 1000
template shell=/bin/bash
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
winbind separator = /
idmap config *:backend = tdb
idmap config *:range = 1000-19000éré correctement semble-t-il.
host msdfs = no
security = user
name resolve order = host
# ntlm auth = yes
# raw NTLMV2 auth = yes
# lanman auth =yes
# vfs objects = acl_xattr
map acl inherit = Yes
# store dos attributes = Yes
[netlogon]
path = /var/lib/samba/var/locks/sysvol/lenzspitze.calais.fr/scripts
read only = no
browsable = no
[sysvol]
path= /var/lib/samba/var/locks/sysvol
read only = no
browsable = no
[homes]
path=/home/%G/%U
read only = no
writable = yes
[profiles]
path=/resultats/profiles
read only = no
writable =yes
[printers]
comment = All Printers
browseable = no
path = /var/spool/samba
printable = yes
guest ok = no
read only = yes
create mask = 0700
# Windows clients look for this share name as a source of downloadable
# printer drivers
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
browseable = yes
read only = yes
guest ok = no
and my linux user :
[global]
security = ads
realm = lenzspitze.calais.fr
workgroup = LENZSPITZE
netbios name = testbugster
winbind separator = /
ntlm auth = yes
idmap uid = 0-50000
idmap gid = 0-50000
winbind enum users = yes
winbind enum groups = yes
idmap config LENZSPITZE : backend = rid
idmap config LENZSPITZE : base_rid = 0
template homedir =/etudiants/%U
template shell =/bin/bash
encrypt passwords = yes
winbind nss info = rfc2307
kerberos method = secrets and keytab
winbind use default domain = yes
log file =/var/log/samba/log.%m
log level = 3
Thank you for your help
Sincerely yours
--
Nathalie RAMAT-LECLERCQ
Service Informatique
Universite du Littoral-Côte d'Opale
SCoSI - Service Commun du Système d'Information
Pôle Systèmes et réseaux
Centre de Gestion Universitaire de Calais
50 rue ferdinand Buisson
C.S 80699
62228 CALAIS CEDEX
More information about the samba-technical
mailing list