shridhar shetty
2016-Oct-13 13:29 UTC
[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
Thanks Rowland, I have been using "idmap config xxxx : backend = rid" instead of "ad". So i understand that nothing is to be set from the windows AD side. and i am running wbinfo -t as root user. Few observations. * I have multiple Active directory DCs. And in the site where the machine is located, we have 2 ReadOnly DCs. * On capturing network packets, I observed that the requests are being sent to Readonly DCs. Should that be a problem? Thanks Shridhar On Thu, Oct 13, 2016 at 12:44 PM, Rowland Penny via samba < samba at lists.samba.org> wrote:> On Thu, 13 Oct 2016 02:26:08 +0530 > shridhar shetty <shridhar.sanjeeva at gmail.com> wrote: > > > My apologies for the same. I shamelessly borrowed these settings from > > existing working setup after mine was not working. > > > > Changed smb.conf file. But result is the same. > > wbinfo -u and wbinfo -g works and gives me users but wbinfo -t doesnt. > > > > [global] > > workgroup = xxxx > > netbios name = inmusbackup01 > > server string = FILE SERVER > > realm = xxx.xxx.COM > > > > #Winbindd configuration > > winbind separator = + > > winbind enum users = yes > > winbind enum groups = yes > > winbind use default domain = yes > > template homedir = /home/%U > > template shell = /bin/bash > > winbind refresh tickets = yes > > > > #Setting Security level > > security = ads > > kerberos method = secrets and keytab > > encrypt passwords = yes > > > > idmap config *:backend = tdb > > idmap config *:range = 2000-9999 > > idmap config xxxx : backend = ad > > idmap config xxxx : range = 10000-999999 > > > > Just a couple of questions, have you given your users a uidNumber > attribute containing a unique number inside 10000-999999 and Domain > Users a gidNumber inside the same range ? > > Are you running the 'wbinfo -t' command as root ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2016-Oct-13 13:30 UTC
[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
On Thu, 13 Oct 2016 18:59:05 +0530 shridhar shetty <shridhar.sanjeeva at gmail.com> wrote:> Thanks Rowland, > > I have been using "idmap config xxxx : backend = rid" instead of > "ad". So i understand that nothing is to be set from the windows AD > side. > > and i am running wbinfo -t as root user. > > Few observations. > * I have multiple Active directory DCs. And in the site where the > machine is located, we have 2 ReadOnly DCs. > * On capturing network packets, I observed that the requests are > being sent to Readonly DCs. Should that be a problem? > > Thanks > Shridhar > >If you are not setting anything in AD, you need to use the 'rid' backend. It shouldn't matter what DC is being used, as long as it can return the required data. Rowland
shridhar shetty
2016-Oct-13 13:43 UTC
[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
That is what I said. I have been using backend = rid. On Thu, Oct 13, 2016 at 6:59 PM, shridhar shetty < shridhar.sanjeeva at gmail.com> wrote:> Thanks Rowland, > > I have been using "idmap config xxxx : backend = rid" instead of "ad". So > i understand that nothing is to be set from the windows AD side. > > and i am running wbinfo -t as root user. > > Few observations. > * I have multiple Active directory DCs. And in the site where the machine > is located, we have 2 ReadOnly DCs. > * On capturing network packets, I observed that the requests are being > sent to Readonly DCs. Should that be a problem? > > Thanks > Shridhar > > > On Thu, Oct 13, 2016 at 12:44 PM, Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Thu, 13 Oct 2016 02:26:08 +0530 >> shridhar shetty <shridhar.sanjeeva at gmail.com> wrote: >> >> > My apologies for the same. I shamelessly borrowed these settings from >> > existing working setup after mine was not working. >> > >> > Changed smb.conf file. But result is the same. >> > wbinfo -u and wbinfo -g works and gives me users but wbinfo -t doesnt. >> > >> > [global] >> > workgroup = xxxx >> > netbios name = inmusbackup01 >> > server string = FILE SERVER >> > realm = xxx.xxx.COM >> > >> > #Winbindd configuration >> > winbind separator = + >> > winbind enum users = yes >> > winbind enum groups = yes >> > winbind use default domain = yes >> > template homedir = /home/%U >> > template shell = /bin/bash >> > winbind refresh tickets = yes >> > >> > #Setting Security level >> > security = ads >> > kerberos method = secrets and keytab >> > encrypt passwords = yes >> > >> > idmap config *:backend = tdb >> > idmap config *:range = 2000-9999 >> > idmap config xxxx : backend = ad >> > idmap config xxxx : range = 10000-999999 >> > >> >> Just a couple of questions, have you given your users a uidNumber >> attribute containing a unique number inside 10000-999999 and Domain >> Users a gidNumber inside the same range ? >> >> Are you running the 'wbinfo -t' command as root ? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >> > >
Rowland Penny
2016-Oct-13 13:58 UTC
[Samba] NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
On Thu, 13 Oct 2016 19:13:25 +0530 shridhar shetty <shridhar.sanjeeva at gmail.com> wrote:> That is what I said. > I have been using backend = rid. >The last smb.conf you posted had this line: idmap config xxxx : backend = ad Rowland
Possibly Parallel Threads
- NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
- NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
- NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
- NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC
- NT_STATUS_NO_TRUST_SAM_ACCOUNT after temporary connectivity break to AD DC