Hi,
I'm doing Samba PDC (named as LUMAD, 192.168.2.154 on Fedora 27) using
samba 4.7.4 with Windows 2016 AD (named as SANDBOX, ip 192.168.2.144) as
the trusted domain, but there's some issue with it. I *can't login
*using
Windows AD credentials but on the *Samba PDC account works well *on Windows
7 as initial test and it's mimicking with our production server. I used to
classic upgrade and successfully made it with some users been remove, but
my concern is on the trust if broken or not once upgraded as the main
purpose of this testing machines before applying it to the production
server.
In other words,LUMAD has one way trust to the SANDBOX, supposedly any users
in the SANDBOX can login to LUMAD domain.
If login as sandbox\txunil (with WINS pointed to 192.168.2.144, tried also
without WINS) got these issues:
On Windows 7: “There are currrently no logon servers available to service
the logon request.”
on logs:
2018/01/29 15:38:10.466015, 0]
../source3/passdb/lookup_sid.c:1605(get_primary_group_sid)
Failed to find a Unix account for win7test$
[2018/01/29 15:38:11.178995, 0]
../source3/passdb/lookup_sid.c:1605(get_primary_group_sid)
Failed to find a Unix account for win7test$
[2018/01/29 15:38:11.247683, 0]
../source3/auth/check_samsec.c:493(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
[2018/01/29 15:41:00.966585, 0]
../source3/passdb/lookup_sid.c:1605(get_primary_group_sid)
Failed to find a Unix account for win7test$
[2018/01/29 15:41:01.033220, 0]
../source3/auth/check_samsec.c:493(check_sam_security)
check_sam_security: make_server_info_sam() failed with
'NT_STATUS_NO_SUCH_USER'
or using smbclient
[root at lumad samba]# smbclient -L 192.168.2.144 -U sandbox\\txunil
WARNING: The "syslog" option is deprecated
WARNING: The "use spnego" option is deprecated
WARNING: The "idmap backend" option is deprecated
WARNING: The "idmap uid" option is deprecated
WARNING: The "idmap gid" option is deprecated
Enter SANDBOX\txunil's password:
Sharename Type Comment
--------- ---- -------
ADMIN$ Disk Remote Admin
C$ Disk Default share
IPC$ IPC Remote IPC
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
Reconnecting with SMB1 for workgroup listing.
Connection to 192.168.2.144 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Failed to connect with SMB1 -- no workgroup available
Hope someone can please give insights or any missed configurations.
Thanks,
Mario
Some other infos:
[root at lumad samba]# net rpc trustdom list
Enter root's password:
Trusted domains list:
SANDBOX S-1-5-21-784393921-3851942112-706912257
Trusting domains list:
none
[root at lumad samba]# smbclient -V
Version 4.7.4
[root at lumad samba]# samba -V
Version 4.7.4
[root at lumad samba]# nmblookup -T -M -A 192.168.2.144
Looking up status of 192.168.2.144
SANDBOXPC <00> - M <ACTIVE>
SANDBOX <00> - <GROUP> M <ACTIVE>
SANDBOX <1c> - <GROUP> M <ACTIVE>
SANDBOXPC <20> - M <ACTIVE>
SANDBOX <1b> - M <ACTIVE>
MAC Address = 00-0D-30-C3-16-72
[root at lumad samba]# nmblookup -T -M -A LUMAD
Looking up status of 192.168.2.154
LUMAD-DC <00> - H <ACTIVE>
LUMAD-DC <03> - H <ACTIVE>
LUMAD-DC <20> - H <ACTIVE>
..__MSBROWSE__. <01> - <GROUP> H <ACTIVE>
LUMAD <1b> - H <ACTIVE>
LUMAD <1c> - <GROUP> H <ACTIVE>
LUMAD <1d> - H <ACTIVE>
LUMAD <1e> - <GROUP> H <ACTIVE>
MAC Address = 00-00-00-00-00-00
[root at lumad samba]# wbinfo -g
domain admins
domain computers
summer
postgrads
generic
domain users
domain guests
...
getent passwd and wbinfo -u will display the users... but not on the
Windows AD.
alu:*:111132:513:alu:/home/alu:
bdu:*:105297:513:bdu:/home/bdu:
bli:*:111143:513:bli:/home/bli:
....
