Good morning list,
as our first domain member runs fine for quite some weeks I set-up a
second one yesterday, exactly as I set-up the first one (at least I
think so ;)) using
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
But I can't connect to it, in /var/log/samba/samba_auth_audit.log can be
found:
[2022/06/22 09:12:56.496441, 2]
../../auth/auth_log.c:647(log_authentication_event_human_readable)
Auth: [SMB2,(null)] user [.]\[USERNAME] at [Mi, 22 Jun 2022
09:12:56.496403 CEST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER]
workstation [DESKTOP-76IGOT6] remote host ...
Testing the connection to the ADDC using:
wbinfo --ping-dc
checking the NETLOGON for domain[DOMAIN] dc connection to
"dc1.DOMAIN.de" succeeded
getent hosts HOSTNAME
10.147.166.6 HOSTNAME.afp.DOMAIN.de HOSTNAME
getent hosts 1st member server
10.147.166.6 1STMS.afp.DOMAIN.de 1STMS
getent group DOMAIN\\AFP_ALL
DOMAIN\afp_all:x:115702:
getent passwd DOMAIN\\USERNAME
DOMAIN\USERNAME:*:230224:310513::/srv/samba/users/USERNAME:/bin/bash
/etc/krb5.conf looks fine for me.
/etc/samba/smb.conf is the same as on first member server
/etc/nsswitch.conf is modified as written in
https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
Adding the system to AD worked ...:
samba-tool domain join DOMAIN MEMBER -U"DOMAIN\sec_account"
Password for [DOMAIN\sec_account]:
libnet_join_precreate_machine_acct: Machine account successfully created
join: struct secrets_domain_infoB
[...]
ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with
backend 'tdb': Unable to open tdb
'/var/lib/samba/private/secrets.ldb':
No such file or directory
Joined domain DOMAIN (S-1-5-21-854245398-484763869-1343024091)
smbd -V
Version 4.15.7-Debian
What did I wrong?
Have a nice day! :)
Torsten
Sorry ... fixed it myself. I forgot to comment map to guest = Bad User Now it works as it should. Cheers, Torsten Am 22.06.2022 um 10:06 schrieb lists--- via samba:> Good morning list, > > as our first domain member runs fine for quite some weeks I set-up a > second one yesterday, exactly as I set-up the first one (at least I > think so ;)) using > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > But I can't connect to it, in /var/log/samba/samba_auth_audit.log can be > found: > [2022/06/22 09:12:56.496441,? 2] > ../../auth/auth_log.c:647(log_authentication_event_human_readable) > ? Auth: [SMB2,(null)] user [.]\[USERNAME] at [Mi, 22 Jun 2022 > 09:12:56.496403 CEST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [DESKTOP-76IGOT6] remote host ... > > Testing the connection to the ADDC using: > > wbinfo --ping-dc > checking the NETLOGON for domain[DOMAIN] dc connection to > "dc1.DOMAIN.de" succeeded > > getent hosts HOSTNAME > 10.147.166.6??? HOSTNAME.afp.DOMAIN.de HOSTNAME > > getent hosts 1st member server > 10.147.166.6??? 1STMS.afp.DOMAIN.de 1STMS > > getent group DOMAIN\\AFP_ALL > DOMAIN\afp_all:x:115702: > > getent passwd DOMAIN\\USERNAME > DOMAIN\USERNAME:*:230224:310513::/srv/samba/users/USERNAME:/bin/bash > > /etc/krb5.conf looks fine for me. > /etc/samba/smb.conf is the same as on first member server > /etc/nsswitch.conf is modified as written in > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > Adding the system to AD worked ...: > samba-tool domain join DOMAIN MEMBER -U"DOMAIN\sec_account" > Password for [DOMAIN\sec_account]: > libnet_join_precreate_machine_acct: Machine account successfully created > ???? join: struct secrets_domain_infoB > ??????? [...] > ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such > file or directory > ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with > backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': > No such file or directory > Joined domain DOMAIN (S-1-5-21-854245398-484763869-1343024091) > > smbd -V > Version 4.15.7-Debian > > What did I wrong? > > Have a nice day! :) > Torsten >
On Wed, 2022-06-22 at 10:06 +0200, lists--- via samba wrote:> Good morning list, > > as our first domain member runs fine for quite some weeks I set-up a > second one yesterday, exactly as I set-up the first one (at least I > think so ;)) using > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > But I can't connect to it, in /var/log/samba/samba_auth_audit.log can > be > found: > [2022/06/22 09:12:56.496441, 2] > ../../auth/auth_log.c:647(log_authentication_event_human_readable) > Auth: [SMB2,(null)] user [.]\[USERNAME] at [Mi, 22 Jun 2022 > 09:12:56.496403 CEST] with [NTLMv2] status [NT_STATUS_NO_SUCH_USER] > workstation [DESKTOP-76IGOT6] remote host ... > > Testing the connection to the ADDC using: > > wbinfo --ping-dc > checking the NETLOGON for domain[DOMAIN] dc connection to > "dc1.DOMAIN.de" succeeded > > getent hosts HOSTNAME > 10.147.166.6 HOSTNAME.afp.DOMAIN.de HOSTNAME > > getent hosts 1st member server > 10.147.166.6 1STMS.afp.DOMAIN.de 1STMSWhy is anything other than '127.0.0.1' and the hosts ipaddress in /etc/hosts ?> > getent group DOMAIN\\AFP_ALL > DOMAIN\afp_all:x:115702: > > getent passwd DOMAIN\\USERNAME > DOMAIN\USERNAME:*:230224:310513::/srv/samba/users/USERNAME:/bin/bash > > /etc/krb5.conf looks fine for me.Might look good to you, but we cannot see it :-)> /etc/samba/smb.conf is the same as on first member serverI hope 'netbios name' isn't set.> /etc/nsswitch.conf is modified as written in > https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member > > Adding the system to AD worked ...: > samba-tool domain join DOMAIN MEMBER -U"DOMAIN\sec_account" > Password for [DOMAIN\sec_account]: > libnet_join_precreate_machine_acct: Machine account successfully > created > join: struct secrets_domain_infoB > [...] > ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No > such > file or directory > ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with > backend 'tdb': Unable to open tdb > '/var/lib/samba/private/secrets.ldb': > No such file or directory > Joined domain DOMAIN (S-1-5-21-854245398-484763869-1343024091)You are supposed to run that command as root. Did the join actually work ? test with 'net ads testjoin' run by root or with sudo.> > smbd -V > Version 4.15.7-Debian > > What did I wrong?I have no idea at this point. :-) Rowland