Hi, I'm having trouble entering stations in the domain, as message below: " *error while attempting to join domain "EMPRESA"security id structure is invalid*" In the log I see the following message: tail -f /var/log/samba/log.samba [2019/08/26 15:17:12.206883, 0] ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) Failed to create user record CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get access to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br My user is Administrator and before was working. The station is Windows 7 Professional and my DCs are Samba 4. How could you solve this problem? Regards, M?rcio Bacci
On 26/08/2019 19:35, Marcio Demetrio Bacci via samba wrote:> Hi, > > I'm having trouble entering stations in the domain, as message below: > > " > > *error while attempting to join domain "EMPRESA"security id structure is > invalid*" > > In the log I see the following message: > > tail -f /var/log/samba/log.samba > [2019/08/26 15:17:12.206883, 0] > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) > Failed to create user record > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get access > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br > > My user is Administrator and before was working. > > The station is Windows 7 Professional and my DCs are Samba 4. > > How could you solve this problem? > > Regards, > > M?rcio BacciHow are you trying to join the computer ? What exact command are you using ? Can you post the smb.conf from the DC Rowland
Hi,>How are you trying to join the computer ?>What exact command are you using ?I am using the graphical interface of the Windows client station. System->Advanced Settings ->Computer Name ->Change Then I enter the member of: EMPRESA (or EMPRESA.COM.BR), my admin username and password. cat /etc/samba/smb.conf # Global parameters [global] netbios name = SAMBA4-DC1 realm = EMPRESA.COM.BR workgroup = EMPRESA server role = active directory domain controller dns forwarder = 192.168.1.1 192.168.1.2 dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool ldap server require strong auth = no [netlogon] path = /var/lib/samba/sysvol/empresa.com.br/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No It seems that the problem is intermittent. Now it works, now it doesn't work Regards, M?rcio Bacci Em seg, 26 de ago de 2019 ?s 15:49, Rowland penny via samba < samba at lists.samba.org> escreveu:> On 26/08/2019 19:35, Marcio Demetrio Bacci via samba wrote: > > Hi, > > > > I'm having trouble entering stations in the domain, as message below: > > > > " > > > > *error while attempting to join domain "EMPRESA"security id structure is > > invalid*" > > > > In the log I see the following message: > > > > tail -f /var/log/samba/log.samba > > [2019/08/26 15:17:12.206883, 0] > > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) > > Failed to create user record > > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get > access > > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br > > > > My user is Administrator and before was working. > > > > The station is Windows 7 Professional and my DCs are Samba 4. > > > > How could you solve this problem? > > > > Regards, > > > > M?rcio Bacci > > How are you trying to join the computer ? > > What exact command are you using ? > > Can you post the smb.conf from the DC > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
On Mon, 2019-08-26 at 15:35 -0300, Marcio Demetrio Bacci via samba wrote:> Hi, > > I'm having trouble entering stations in the domain, as message below: > > " > > *error while attempting to join domain "EMPRESA"security id structure is > invalid*" > > In the log I see the following message: > > tail -f /var/log/samba/log.samba > [2019/08/26 15:17:12.206883, 0] > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) > Failed to create user record > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get access > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br > > My user is Administrator and before was working. > > The station is Windows 7 Professional and my DCs are Samba 4. > > How could you solve this problem?Very strange. This is a pretty normal operation on a pretty normal codepath. To chase it down further however can you please mention the full Samba version you are using? Thanks, Andrew Bartlett -- Andrew Bartlett https://samba.org/~abartlet/ Authentication Developer, Samba Team https://samba.org Samba Development and Support, Catalyst IT https://catalyst.net.nz/services/samba
Hi, I'm using Samba 4.5-16 on Debian 9.9. I intend upgrade to Samba 4.10.6, but I want to solve all the issues first. Regards, M?rcio Bacci Em Seg, 26 de ago de 2019 18:50, Andrew Bartlett <abartlet at samba.org> escreveu:> On Mon, 2019-08-26 at 15:35 -0300, Marcio Demetrio Bacci via samba > wrote: > > Hi, > > > > I'm having trouble entering stations in the domain, as message below: > > > > " > > > > *error while attempting to join domain "EMPRESA"security id structure is > > invalid*" > > > > In the log I see the following message: > > > > tail -f /var/log/samba/log.samba > > [2019/08/26 15:17:12.206883, 0] > > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) > > Failed to create user record > > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get > access > > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br > > > > My user is Administrator and before was working. > > > > The station is Windows 7 Professional and my DCs are Samba 4. > > > > How could you solve this problem? > > Very strange. This is a pretty normal operation on a pretty normal > codepath. To chase it down further however can you please mention the > full Samba version you are using? > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett > https://samba.org/~abartlet/ > Authentication Developer, Samba Team https://samba.org > Samba Development and Support, Catalyst IT > https://catalyst.net.nz/services/samba > > > > >
Marcio, Upgrade you samba and i think all your problem get fixed with it. Your configs are ok, system setup is also ok. I dont seen anyother reason then samba bug or samba/windows are out of sync. Why this isnt working. If you follow this upgrade path i know its correct in the end. Create this file repo file for apt. echo "deb http://apt.van-belle.nl/debian stretch-samba48 main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list echo "#deb http://apt.van-belle.nl/debian stretch-samba49 main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list echo "#deb http://apt.van-belle.nl/debian stretch-samba410 main contrib non-free" | sudo tee -a /etc/apt/sources.list.d/van-belle.list Import my key. wget -O - http://apt.van-belle.nl/louis-van-belle.gpg-key.asc | apt-key add - apt update -y && apt upgrade -y Remove the 4.8 line from the repo, enable 4.9 repeat apt update && apt upgrade systemctl stop samba-ad-dc && systemctl start samba-ad-dc And repeat for the upgrade to 4.10.7 Sure yes, you can try 4.5 upgrade to 4.10.7, but i have not tested that. There are/where known AD upgrade problems, so i still suggest upgrade in steps. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Andrew Bartlett via samba > Verzonden: maandag 26 augustus 2019 23:51 > Aan: Marcio Demetrio Bacci; sambalist > Onderwerp: Re: [Samba] Problems joining station in domain > > On Mon, 2019-08-26 at 15:35 -0300, Marcio Demetrio Bacci via samba > wrote: > > Hi, > > > > I'm having trouble entering stations in the domain, as > message below: > > > > " > > > > *error while attempting to join domain "EMPRESA"security id > structure is > > invalid*" > > > > In the log I see the following message: > > > > tail -f /var/log/samba/log.samba > > [2019/08/26 15:17:12.206883, 0] > > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) > > Failed to create user record > > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: > unable to get access > > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br > > > > My user is Administrator and before was working. > > > > The station is Windows 7 Professional and my DCs are Samba 4. > > > > How could you solve this problem? > > Very strange. This is a pretty normal operation on a pretty normal > codepath. To chase it down further however can you please mention the > full Samba version you are using? > > Thanks, > > Andrew Bartlett > > -- > Andrew Bartlett > https://samba.org/~abartlet/ > Authentication Developer, Samba Team https://samba.org > Samba Development and Support, Catalyst IT > https://catalyst.net.nz/services/samba > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >