thr3ads.net - samba - [Samba] Problem connecting Samba and Windows Active Directory [Aug 2021]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2021-Aug-25 10:11 UTC

[Samba] Problem connecting Samba and Windows Active Directory

On Wed, 2021-08-25 at 09:45 +0000, Luca Bertoncello via samba
wrote:> Hi list!
> 
> We have two Server with Debian 11 and Samba 4.13.5 (from Debian
> repositories) that have to connect as member to our AD.
> Our goal is, that our users can use the shares on the Servers using
> their AD credentials.
> 
> So I configured Samba and joined the domain. No problems and all
> worked some weeks.
> Suddenly, without any changes in the configuration or other action on
> the Server, they can't speak with the AD anymore.
> 
> We already had the problem and a rejoin has solved the problem, but
> now we have the problem again, so I'm searching a better solution.
> 
> I see, if I try to ping the DC:
> 
> root at nasmedia02:/etc/samba# wbinfo --ping-dc
> checking the NETLOGON for domain[AD-QUEO-ORG] dc connection to ""
> failed
> failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND
> 
> and
> 
> root at nasmedia02:/etc/samba# wbinfo --check-secret
> checking the trust secret for domain AD-QUEO-ORG via RPC calls failed
> wbcCheckTrustCredentials(AD-QUEO-ORG): error code was
> NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND (0xc0000233)
> failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
> Could not check secret
> 
> Can someone help me?
> Other Server, with Debian 10 don't have the problem with the same
> configuration and Samba 4.9.5.
> 
Please post your smb.conf

Rowland

Luca Bertoncello

2021-Aug-25 10:39 UTC

head link

[Samba] Problem connecting Samba and Windows Active Directory

Hi Rowland,

hier the smb.conf:

-------------------------------------
[global]
        server string = NAS Mediaserver
        interfaces = lo, eno1
        bind interfaces only = yes
        wins server = ad01.ad.queo.org, ad02.ad.queo.org
        name resolve order = wins, host
        multicast dns register = no
        enable core files = no
        log file = /var/log/samba/log.%m
        log level = 1
        deadtime = 15
        disable netbios = yes
        lm announce = no
        local master = no
        enhanced browsing = no
        reset on zero vc = yes
        kernel share modes = no
        posix locking = no
        strict locking = no
        use sendfile = yes
        async smb echo handler = yes
        host msdfs = no
        csc policy = disable

        case sensitive = yes
        mangled names = no
        hide unreadable = yes
        hide files = /lost+found/
        hide dot files = no
        veto files =
/.DS_Store/._.DS_Store/._.TemporaryItems/.TemporaryItems/Thumbs.db/
        delete veto files = yes

        workgroup = AD-QUEO-ORG
        realm = AD.QUEO.ORG
        server role = MEMBER
        server services = +smb
        security = ADS
        kerberos method = system keytab
        obey pam restrictions = no
        map to guest = Bad User
        guest account = nobody
        client signing = auto
        client min protocol = NT1
        server signing = auto
        server min protocol = NT1
        create krb5 conf = no
        acl map full control = no
        idmap config * : range = 2000-10000
        idmap config AD-QUEO-ORG : backend = ad
        idmap config AD-QUEO-ORG : range = 200000-1000200000
        idmap config AD-QUEO-ORG : unix_primary_group = yes
        idmap config AD-QUEO-ORG : schema_mode = rfc2307
        idmap config AD-QUEO-ORG : unix_nss_info = yes
        winbind cache time = 600
        winbind enum users = yes
        winbind enum groups = yes
        winbind refresh tickets = yes
        winbind use default domain = true
        winbind nss info = rfc2307
        utmp = no
        load printers = No
        disable spoolss = yes
        printing = bsd
        printcap name = /dev/null

        template homedir = /home/%U
        template shell = /bin/bash

[queo.communication]
        comment = Media Share
        path = /srv/hdd-mirror1/media-share/queo.communication
        valid users = "@AD-QUEO-ORG\Funktion - Zugriff
Netzwerkfreigaben"
        force user = mediashare
        force group = mediashare
        read only = No
        directory mask = 0755
        force directory mode = 0755
        create mask = 0644
        force create mode = 0644
        vfs objects = shadow_copy2
        shadow:snapdir = .zfs/snapshot
        shadow:sort = desc
        shadow: format = -%Y-%m-%d-%H%M
        shadow: snapprefix =
^zfs-auto-snap_\(frequent\)\{0,1\}\(hourly\)\{0,1\}\(daily\)\{0,1\}\(monthly\)\{0,1\}
        shadow: delimiter = -20
-------------------------------------

-----Urspr?ngliche Nachricht-----
Von: samba <samba-bounces at lists.samba.org> Im Auftrag von Rowland Penny
via samba
Gesendet: Mittwoch, 25. August 2021 12:12
An: samba at lists.samba.org
Betreff: Re: [Samba] Problem connecting Samba and Windows Active Directory


Please post your smb.conf

samba - Aug 2021 - Problem connecting Samba and Windows Active Directory

[Samba] Problem connecting Samba and Windows Active Directory

[Samba] Problem connecting Samba and Windows Active Directory