Jason Long
2021-Jul-12 18:44 UTC
[Samba] I can't login into my Linux client with Samba DC users.
Hello, I had a thread with the name "I can't join my Linux client to my Samba DC." and I joined my Linux client to my Samba DC, but I can't login into my Linux client with my Samba DC users. I have a Samba DC as below: # samba-tool domain info 192.168.56.7 Forest? ? ? ? ? ?: mydomain.z Domain? ? ? ? ? ?: mydomain.z Netbios domain? ?: MYDOMAIN DC name? ? ? ? ? : mydc.mydomain.z DC netbios name? : MYDC Server site? ? ? : Default-First-Site-Name Client site? ? ? : Default-First-Site-Name And I want to join my Linux client to my Samba DC. The content of "smb.conf" file on my Linux client is: [global] ? ?workgroup = MYDC ? ?security = ADS ? ?realm = MYDC.MYDOMAIN.Z ? ?winbind refresh tickets = Yes ? ?vfs objects = acl_xattr ? ?map acl inherit = Yes ? ?store dos attributes = Yes ? ?dedicated keytab file = /etc/krb5.keytab ? ?kerberos method = secrets and keytab ? ?winbind use default domain = yes ? ?idmap config * : backend = tdb ? ?idmap config * : range = 3000-7999 ? ?idmap config MYDC : backend = rid ? ?idmap config MYDC : range = 10000-999999 # Template settings for login shell and home directory ? ?template shell = /bin/bash ? ?template homedir = /home/%U # samba-tool user list krbtgt Guest user2 user3 user4 peter Administrator user1 user5 And Samba tells me that my Linux client joined to the network: # samba-tool computer list MYDC$ CLIENT$ But when I want to login to my Linux client with above usernames, then it showed me "Login incorrect". I used "user5", "user5 at mydomain.z" and "mydomain\user5" forms. I did: # getent passwd user5 MYDOMAIN\user5:*:3000022:100::/home/user5:/bin/bash I executed "https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh" script on both server and client and the result is: On Server: https://pastebin.ubuntu.com/p/wvYTWmPr4S/ On Linux Client: # cat /tmp/samba-debug-info.txt Collected config? --- 2021-07-12-22:53 ----------- Hostname: CLIENT DNS Domain: localhost.localdomain FQDN: CLIENT.localhost.localdomain ipaddress: 192.168.56.9 10.0.3.15? ----------- WARNING: kinit Administrator will fail and this needs to be fixed first. unable to verify DNS kerberos._tcp SRV records ? ;; Got SERVFAIL reply from 192.168.56.7, trying next server ;; connection timed out; no servers could be reached How can I fix this problem? Thank you.
Rowland Penny
2021-Jul-12 18:59 UTC
[Samba] I can't login into my Linux client with Samba DC users.
On Mon, 2021-07-12 at 18:44 +0000, Jason Long via samba wrote:> Hello, > I had a thread with the name "I can't join my Linux client to my > Samba DC." and I joined my Linux client to my Samba DC, but I can't > login into my Linux client with my Samba DC users. > I have a Samba DC as below: > > > # samba-tool domain info 192.168.56.7 > Forest : mydomain.z > Domain : mydomain.z > Netbios domain : MYDOMAIN > DC name : mydc.mydomain.z > DC netbios name : MYDC > Server site : Default-First-Site-Name > Client site : Default-First-Site-Name > > > > > And I want to join my Linux client to my Samba DC. The content of > "smb.conf" file on my Linux client is: > > > [global] > workgroup = MYDC > security = ADS > realm = MYDC.MYDOMAIN.ZYour realm isn't 'MYDC.MYDOMAIN.Z' , from what you have posted, your realm should be 'MYDOMAIN.Z' Also, I doubt that your workgroup name is 'MYDC' as this appears to be your DCs short hostname. If your workgroup (aka NetBios domain name) is the same as your DC's short hostname, then I suggest you fix this Rowland