Gordon Messmer
2018-Dec-31 18:41 UTC
[CentOS] upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
On 12/31/18 12:03 AM, Miroslav Geisselreiter wrote:> > This command is not working after upgrade. Logs say something about > crap domain: > set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was > a DC for domain NT4MEMBER, refusing to initializeWhat do you get from "wbinfo --ping-dc"?
Miroslav Geisselreiter
2019-Jan-01 08:21 UTC
[CentOS] upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
# wbinfo --ping-dc checking the NETLOGON for domain[NT4DOMAIN] dc connection to "nt4member.intranet.xx" succeeded Here is debug log from winbind: [15833]: request interface version (version = 30) [15833]: request location of privileged pipe [15833]: request interface version (version = 30) [15833]: request misc info [15833]: request netbios name [15833]: request domain name [15833]: domain_info [NT4DOMAIN] set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize ldb_wrap open of secrets.ldb rpccli_create_netlogon_creds failed for NT4DOMAIN, unable to create NETLOGON credentials: NT_STATUS_NO_MEMORY set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was a DC for domain NT4MEMBER, refusing to initialize Dne 31.12.2018 v 19:41 Gordon Messmer napsal(a):> On 12/31/18 12:03 AM, Miroslav Geisselreiter wrote: >> >> This command is not working after upgrade. Logs say something about >> crap domain: >> set_dc_type_and_flags_connect: DC for domain NT4DOMAIN claimed it was >> a DC for domain NT4MEMBER, refusing to initialize > > > What do you get from "wbinfo --ping-dc"? > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
Gordon Messmer
2019-Jan-02 19:31 UTC
[CentOS] upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
On 1/1/19 12:21 AM, Miroslav Geisselreiter wrote:> # wbinfo --ping-dc > checking the NETLOGON for domain[NT4DOMAIN] dc connection to > "nt4member.intranet.xx" succeededWell, the host where you ran that command thinks that "nt4member" is the DC.? Do you see anything in your configuration file that might indicate why?? You haven't given us enough information to be much more use.
Gordon Messmer
2019-Jan-02 20:54 UTC
[CentOS] upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
On 1/2/19 12:09 PM, Miroslav Geisselreiter wrote:> some parameters from smb.conf: > [global] > ??? workgroup = NT4DOMAIN > ??? netbios name = nt4member > ??????? security = domain > ??????? passdb backend = ldapsam:"ldap://ldap1server.intranet.xx > ldap://ldap2server.intranet.xx"I'm not sure it makes sense to use "security = domain" with an ldap passdb backend.? If you're using a real NT4 domain, then you shouldn't need a passdb backend at all.? If you're not in an NT4 domain, then you should set "security = USER". The man page for smb.conf notes "This mode will only work correctly if net(8) has been used to add this machine into a Windows NT Domain."? Did you add this host to a Windows NT domain, using "net join ..."?
Miroslav Geisselreiter
2019-Jan-03 14:09 UTC
[CentOS] upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
Dne 2.1.2019 v 21:54 Gordon Messmer napsal(a):> On 1/2/19 12:09 PM, Miroslav Geisselreiter wrote: >> some parameters from smb.conf: >> [global] >> ??? workgroup = NT4DOMAIN >> ??? netbios name = nt4member >> ??????? security = domain >> ??????? passdb backend = ldapsam:"ldap://ldap1server.intranet.xx >> ldap://ldap2server.intranet.xx" > > > I'm not sure it makes sense to use "security = domain" with an ldap > passdb backend.? If you're using a real NT4 domain, then you shouldn't > need a passdb backend at all.? If you're not in an NT4 domain, then > you should set "security = USER". > > The man page for smb.conf notes "This mode will only work correctly if > net(8) has been used to add this machine into a Windows NT Domain."? > Did you add this host to a Windows NT domain, using "net join ..."? >Yes, I add this host with command: net rpc join MEMBER -S NT4LIKEDOMAINSERVER -U root I tried to change "security = USER" but it did not help. I have to say that before upgrade samba from 4.7.1-9 to 4.8.3-4 I did not use and did not run winbind daemon. But now it is necessary to run winbind according to samba documentation: https://www.samba.org/samba/history/samba-4.8.0.html Domain member setups require winbindd ------------------------------------- Setups with "security = domain" or "security = ads" require a running 'winbindd' now. The fallback that smbd directly contacts domain controllers is gone. Without windbind running samba 4.8 do not allow mount smb shares so I have to run winbind.
Possibly Parallel Threads
- upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
- upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
- upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
- upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap
- upg. CentOS 7.5 to 7.6: unable to mount smb shares - samba NT domain member using ldap