Andrzej Gryko
2018-Jul-24 20:41 UTC
[Samba] Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
Hi, Sorry for my english. I've got a problem configuring samba as DC on the newest Debian. While trying to login from windows 10, there is an error, it ask for name and password (when user and pass are incorrect, windows tells about it). In /var/log/samba/log.samba there is an entry: *Failed to create user record CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local: acl: unable to get access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local* gryko.local is my domain. smb.conf is generated by "samba-tool domain provision". While instaling samba, debian didn't install winbind, so I installed it manually. root 1418 0.0 2.6 514780 51580 ? Ss 18:31 0:00 samba root 1419 0.0 1.7 514780 33696 ? S 18:31 0:00 \_ samba root 1425 0.0 2.9 509896 58180 ? Ss 18:31 0:00 | \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground root 1436 0.0 1.7 502308 34484 ? S 18:31 0:00 | \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground root 1437 0.0 1.7 502332 34564 ? S 18:31 0:00 | \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground root 1439 0.0 1.7 509880 35344 ? S 18:31 0:00 | \_ /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground root 1420 0.0 2.3 519352 45708 ? S 18:31 0:00 \_ samba root 1421 0.0 1.9 514780 38112 ? S 18:31 0:00 \_ samba root 1422 0.0 1.7 514780 33696 ? S 18:31 0:00 \_ samba root 1423 0.0 2.1 515200 42840 ? S 18:31 0:00 \_ samba root 1424 0.0 1.9 514780 38352 ? S 18:31 0:00 \_ samba root 1426 0.0 2.2 518980 44468 ? S 18:31 0:00 \_ samba root 1427 0.0 1.9 514780 39036 ? S 18:31 0:00 \_ samba root 1428 0.0 1.7 514780 33696 ? S 18:31 0:00 \_ samba root 1429 0.0 2.7 465708 53528 ? Ss 18:31 0:00 | \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground root 1435 0.0 2.1 471652 43048 ? S 18:31 0:00 | \_ /usr/sbin/winbindd -D --option=server role check:inhibit=yes --foreground root 1430 0.0 1.7 514780 33696 ? S 18:31 0:00 \_ samba root 1431 0.0 2.3 514780 46944 ? S 18:31 0:00 \_ samba root 1432 0.0 1.8 514780 37188 ? S 18:31 0:00 \_ samba kinit administrator - works properly. smbclient -L localhost -U ... - properly Any idea? Thanks Regards
Rowland Penny
2018-Jul-24 21:04 UTC
[Samba] Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
On Tue, 24 Jul 2018 22:41:41 +0200 Andrzej Gryko via samba <samba at lists.samba.org> wrote:> Hi, > Sorry for my english. > > I've got a problem configuring samba as DC on the newest Debian. While > trying to login from windows 10, there is an error, it ask for name > and password (when user and pass are incorrect, windows tells about > it). In /var/log/samba/log.samba there is an entry: > *Failed to create user record > CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local: acl: unable to get > access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local* > > gryko.local is my domain.I take it that you didn't get the message that you shouldn't use '.local' as it interferes with avahi, so if avahi is running, stop it. How did you join the win10 machine to the domain ?> > smb.conf is generated by "samba-tool domain provision".can you please post smb.conf> While instaling samba, debian didn't install winbind, so I installed > it manually.Yes that is standard now.> kinit administrator - works properly. > smbclient -L localhost -U ... - properlyIt looks like something isn't configured correctly, double check everything. Rowland
Andrzej Gryko
2018-Jul-25 06:55 UTC
[Samba] Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
Avahi is not running. My smb.conf: # Global parameters [global] netbios name = SAMBA realm = GRYKO.LOCAL server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = GRYKO server role = active directory domain controller [netlogon] path = /var/lib/samba/sysvol/gryko.local/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No I didn't tell that I ran debian on Microsoft Hyper-V machine, I try to connect to DC typing "gryko.local" as a domain in win 10 system properties, and next typing username and password (also I type domainname\username and password). I installed two virtual machines and on both there is the same error in log.samba. I installed samba by: " *apt-get install samba smbclient bind9 krb5-user" and next I installed winbind by apt-get too.* *my sysvol directory:* *drwxrwx---+ 3 root 3000000 4096 lip 22 17:28 sysvolmy scripts dir:drwxrwx---+ 2 root 3000000 4096 lip 22 16:47 scriptsShould I install anything else?RegardsAndrzej* ---------- Forwarded message --------- From: Rowland Penny via samba <samba at lists.samba.org> Date: wt., 24 lip 2018 o 23:05 Subject: Re: [Samba] Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ... To: <samba at lists.samba.org> On Tue, 24 Jul 2018 22:41:41 +0200 Andrzej Gryko via samba <samba at lists.samba.org> wrote:> Hi, > Sorry for my english. > > I've got a problem configuring samba as DC on the newest Debian. While > trying to login from windows 10, there is an error, it ask for name > and password (when user and pass are incorrect, windows tells about > it). In /var/log/samba/log.samba there is an entry: > *Failed to create user record > CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local: acl: unable to get > access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local* > > gryko.local is my domain.I take it that you didn't get the message that you shouldn't use '.local' as it interferes with avahi, so if avahi is running, stop it. How did you join the win10 machine to the domain ?> > smb.conf is generated by "samba-tool domain provision".can you please post smb.conf> While instaling samba, debian didn't install winbind, so I installed > it manually.Yes that is standard now.> kinit administrator - works properly. > smbclient -L localhost -U ... - properlyIt looks like something isn't configured correctly, double check everything. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Apparently Analagous Threads
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...