Andrzej Gryko
2018-Jul-25 06:55 UTC
[Samba] Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
Avahi is not running. My smb.conf: # Global parameters [global] netbios name = SAMBA realm = GRYKO.LOCAL server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbindd, ntp_signd, kcc, dnsupdate workgroup = GRYKO server role = active directory domain controller [netlogon] path = /var/lib/samba/sysvol/gryko.local/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No I didn't tell that I ran debian on Microsoft Hyper-V machine, I try to connect to DC typing "gryko.local" as a domain in win 10 system properties, and next typing username and password (also I type domainname\username and password). I installed two virtual machines and on both there is the same error in log.samba. I installed samba by: " *apt-get install samba smbclient bind9 krb5-user" and next I installed winbind by apt-get too.* *my sysvol directory:* *drwxrwx---+ 3 root 3000000 4096 lip 22 17:28 sysvolmy scripts dir:drwxrwx---+ 2 root 3000000 4096 lip 22 16:47 scriptsShould I install anything else?RegardsAndrzej* ---------- Forwarded message --------- From: Rowland Penny via samba <samba at lists.samba.org> Date: wt., 24 lip 2018 o 23:05 Subject: Re: [Samba] Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ... To: <samba at lists.samba.org> On Tue, 24 Jul 2018 22:41:41 +0200 Andrzej Gryko via samba <samba at lists.samba.org> wrote:> Hi, > Sorry for my english. > > I've got a problem configuring samba as DC on the newest Debian. While > trying to login from windows 10, there is an error, it ask for name > and password (when user and pass are incorrect, windows tells about > it). In /var/log/samba/log.samba there is an entry: > *Failed to create user record > CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local: acl: unable to get > access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=local* > > gryko.local is my domain.I take it that you didn't get the message that you shouldn't use '.local' as it interferes with avahi, so if avahi is running, stop it. How did you join the win10 machine to the domain ?> > smb.conf is generated by "samba-tool domain provision".can you please post smb.conf> While instaling samba, debian didn't install winbind, so I installed > it manually.Yes that is standard now.> kinit administrator - works properly. > smbclient -L localhost -U ... - properlyIt looks like something isn't configured correctly, double check everything. Rowland -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
Rowland Penny
2018-Jul-25 16:36 UTC
[Samba] Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
On Wed, 25 Jul 2018 08:55:01 +0200 Andrzej Gryko via samba <samba at lists.samba.org> wrote:> Avahi is not running. > My smb.conf: > # Global parameters > [global] > netbios name = SAMBA > realm = GRYKO.LOCAL > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = GRYKO > server role = active directory domain controller > > [netlogon] > path = /var/lib/samba/sysvol/gryko.local/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > I didn't tell that I ran debian on Microsoft Hyper-V machine, I try to > connect to DC typing "gryko.local" as a domain in win 10 system > properties, and next typing username and password (also I type > domainname\username and password). > > I installed two virtual machines and on both there is the same error > in log.samba. > I installed samba by: " *apt-get install samba smbclient bind9 > krb5-user" and next I installed winbind by apt-get too.* >So you are trying to log into the DC as a user, then you need some more packages installed. attr libpam-winbind libpam-krb5 libnss-winbind krb5-config ntp bind9utils Note: some of these may already be installed. By default, you cannot log into a DC Rowland
Andrzej Gryko
2018-Jul-26 19:22 UTC
[Samba] Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
---------- Forwarded message --------- From: Rowland Penny via samba <samba at lists.samba.org> Date: śr., 25 lip 2018 o 18:36 Subject: Re: [Samba] Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ... To: <samba at lists.samba.org> On Wed, 25 Jul 2018 08:55:01 +0200 Andrzej Gryko via samba <samba at lists.samba.org> wrote:> Avahi is not running. > My smb.conf: > # Global parameters > [global] > netbios name = SAMBA > realm = GRYKO.LOCAL > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, > drepl, winbindd, ntp_signd, kcc, dnsupdate > workgroup = GRYKO > server role = active directory domain controller > > [netlogon] > path = /var/lib/samba/sysvol/gryko.local/scripts > read only = No > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > I didn't tell that I ran debian on Microsoft Hyper-V machine, I try to > connect to DC typing "gryko.local" as a domain in win 10 system > properties, and next typing username and password (also I type > domainname\username and password). > > I installed two virtual machines and on both there is the same error > in log.samba. > I installed samba by: " *apt-get install samba smbclient bind9 > krb5-user" and next I installed winbind by apt-get too.* >>So you are trying to log into the DC as a user, then you need some more >packages installed. > >attr libpam-winbind libpam-krb5 libnss-winbind krb5-config ntp bind9utils >Note: some of these may already be installed. > >By default, you cannot log into a DC > >RowlandI installed new debian, configured domain gryko.org. installed every mentioned package and it is exacly the same if username and password are correct: [2018/07/26 21:09:49.736794, 0] ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) Failed to create user record CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=org: acl: unable to get access to CN=ANDRZEJ-DESKTOP,CN=Computers,DC=gryko,DC=org I found in google same examples and I'm follow them. Any more ideas? regards Andrzej
Reasonably Related Threads
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...
- Fwd: Fwd: Problem connecting to DC from windows 10. Failed to create user record ... acl: unable to get access to ...