Hi,>How are you trying to join the computer ?>What exact command are you using ?I am using the graphical interface of the Windows client station. System->Advanced Settings ->Computer Name ->Change Then I enter the member of: EMPRESA (or EMPRESA.COM.BR), my admin username and password. cat /etc/samba/smb.conf # Global parameters [global] netbios name = SAMBA4-DC1 realm = EMPRESA.COM.BR workgroup = EMPRESA server role = active directory domain controller dns forwarder = 192.168.1.1 192.168.1.2 dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool ldap server require strong auth = no [netlogon] path = /var/lib/samba/sysvol/empresa.com.br/scripts read only = No [sysvol] path = /var/lib/samba/sysvol read only = No It seems that the problem is intermittent. Now it works, now it doesn't work Regards, M?rcio Bacci Em seg, 26 de ago de 2019 ?s 15:49, Rowland penny via samba < samba at lists.samba.org> escreveu:> On 26/08/2019 19:35, Marcio Demetrio Bacci via samba wrote: > > Hi, > > > > I'm having trouble entering stations in the domain, as message below: > > > > " > > > > *error while attempting to join domain "EMPRESA"security id structure is > > invalid*" > > > > In the log I see the following message: > > > > tail -f /var/log/samba/log.samba > > [2019/08/26 15:17:12.206883, 0] > > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user) > > Failed to create user record > > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to get > access > > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br > > > > My user is Administrator and before was working. > > > > The station is Windows 7 Professional and my DCs are Samba 4. > > > > How could you solve this problem? > > > > Regards, > > > > M?rcio Bacci > > How are you trying to join the computer ? > > What exact command are you using ? > > Can you post the smb.conf from the DC > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Hi,
Another strange situation occurs when I use the RSAT GPO tool in Windows 7.
The following message appears:
"RPC Server not available"
Another situation is that I have created a GPO to allow helpdesk group only
to add stations in the domain, but this GPO does not work.
The permissions of the Sysvol folder look like this:
ls -lah /var/lib/samba/sysvol/empresa.com.br/Policies/
total 96K
drwxrwx---+ 12 3000000 3000015 4,0K ago 26 14:50 .
drwxrwxr-x+ 6 root 3000015 4,0K jul 29 12:13 ..
drwxrwx---+ 5 3000000 3000008 4,0K jul 29 11:36
{23A926E4-7EF5-41A7-AEAB-7A8D950B95AA}
drwxrwx---+ 4 3000000 3000015 4,0K jul 29 11:36
{31B2F340-016D-11D2-945F-00C04FB984F9}
drwxrwx---+ 5 3000000 3000015 4,0K jul 29 11:36
{6AC1786C-016F-11D2-945F-00C04fB984F9}
drwxrwx---+ 5 3000000 3000008 4,0K jul 29 11:36
{AA1EDEBC-99BA-4E86-9941-D067EC079D9C}
drwxrwx---+ 4 3000008 3000008 4,0K ago 21 15:55
{AFC65B84-867D-459D-9C0C-CBB3D511F086}
drwxrwx---+ 5 3000000 3000008 4,0K jul 29 11:36
{B495E0CC-C411-4970-B2F0-B761933BEE71}
drwxrwx---+ 5 3000008 3000008 4,0K ago 21 15:24
{D1310DE4-5ECF-4367-9E90-A9CB1E2D18DA}
drwxrwx---+ 4 3000008 3000008 4,0K ago 26 14:50
{DA0EA122-2666-49A8-BD50-2A8E42AB15DC}
drwxrwx---+ 5 3000000 3000008 4,0K jul 29 11:36
{E78B5E20-C964-4548-9086-33398DDC2C9A}
drwxrwx---+ 4 3000000 3000008 4,0K jul 29 11:36
{E977DEE8-F765-4513-BCA3-0B221DD3BB5F}
Regards,
M?rcio Bacci
Em seg, 26 de ago de 2019 ?s 16:05, Marcio Demetrio Bacci <
marciobacci at gmail.com> escreveu:
> Hi,
>
> >How are you trying to join the computer ?
>
> >What exact command are you using ?
>
> I am using the graphical interface of the Windows client station.
> System->Advanced Settings ->Computer Name ->Change
>
> Then I enter the member of: EMPRESA (or EMPRESA.COM.BR), my admin
> username and password.
>
> cat /etc/samba/smb.conf
>
> # Global parameters
> [global]
> netbios name = SAMBA4-DC1
> realm = EMPRESA.COM.BR
> workgroup = EMPRESA
> server role = active directory domain controller
> dns forwarder = 192.168.1.1 192.168.1.2
> dns update command = /usr/sbin/samba_dnsupdate --use-samba-tool
> ldap server require strong auth = no
>
> [netlogon]
> path = /var/lib/samba/sysvol/empresa.com.br/scripts
> read only = No
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> It seems that the problem is intermittent. Now it works, now it doesn't
> work
>
> Regards,
>
> M?rcio Bacci
>
> Em seg, 26 de ago de 2019 ?s 15:49, Rowland penny via samba <
> samba at lists.samba.org> escreveu:
>
>> On 26/08/2019 19:35, Marcio Demetrio Bacci via samba wrote:
>> > Hi,
>> >
>> > I'm having trouble entering stations in the domain, as message
below:
>> >
>> > "
>> >
>> > *error while attempting to join domain "EMPRESA"security
id structure is
>> > invalid*"
>> >
>> > In the log I see the following message:
>> >
>> > tail -f /var/log/samba/log.samba
>> > [2019/08/26 15:17:12.206883, 0]
>> > ../source4/dsdb/common/util_samr.c:192(dsdb_add_user)
>> > Failed to create user record
>> > CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br: acl: unable to
get
>> access
>> > to CN=COMP0084,CN=Computers,DC=empresa,DC=com,DC=br
>> >
>> > My user is Administrator and before was working.
>> >
>> > The station is Windows 7 Professional and my DCs are Samba 4.
>> >
>> > How could you solve this problem?
>> >
>> > Regards,
>> >
>> > M?rcio Bacci
>>
>> How are you trying to join the computer ?
>>
>> What exact command are you using ?
>>
>> Can you post the smb.conf from the DC
>>
>> Rowland
>>
>>
>>
>> --
>> To unsubscribe from this list go to the following URL and read the
>> instructions: https://lists.samba.org/mailman/options/samba
>>
>
On 26/08/2019 20:43, Marcio Demetrio Bacci wrote:> Hi, > > Another strange situation occurs when I use the RSAT GPO tool in > Windows 7. The following message appears: > "RPC Server not available" > > Another situation is that I have created a GPO to allow helpdesk group > only to add stations in the domain, but this GPO does not work. > > The permissions of the Sysvol folder look like this: > > ls -lah /var/lib/samba/sysvol/empresa.com.br/Policies/ > <http://empresa.com.br/Policies/> > total 96K > drwxrwx---+ 12 3000000 3000015 4,0K ago 26 14:50 . > drwxrwxr-x+ ?6 root ? ?3000015 4,0K jul 29 12:13 .. > drwxrwx---+ ?5 3000000 3000008 4,0K jul 29 11:36 > {23A926E4-7EF5-41A7-AEAB-7A8D950B95AA} > drwxrwx---+ ?4 3000000 3000015 4,0K jul 29 11:36 > {31B2F340-016D-11D2-945F-00C04FB984F9} > drwxrwx---+ ?5 3000000 3000015 4,0K jul 29 11:36 > {6AC1786C-016F-11D2-945F-00C04fB984F9} > drwxrwx---+ ?5 3000000 3000008 4,0K jul 29 11:36 > {AA1EDEBC-99BA-4E86-9941-D067EC079D9C} > drwxrwx---+ ?4 3000008 3000008 4,0K ago 21 15:55 > {AFC65B84-867D-459D-9C0C-CBB3D511F086} > drwxrwx---+ ?5 3000000 3000008 4,0K jul 29 11:36 > {B495E0CC-C411-4970-B2F0-B761933BEE71} > drwxrwx---+ ?5 3000008 3000008 4,0K ago 21 15:24 > {D1310DE4-5ECF-4367-9E90-A9CB1E2D18DA} > drwxrwx---+ ?4 3000008 3000008 4,0K ago 26 14:50 > {DA0EA122-2666-49A8-BD50-2A8E42AB15DC} > drwxrwx---+ ?5 3000000 3000008 4,0K jul 29 11:36 > {E78B5E20-C964-4548-9086-33398DDC2C9A} > drwxrwx---+ ?4 3000000 3000008 4,0K jul 29 11:36 > {E977DEE8-F765-4513-BCA3-0B221DD3BB5F} >No, they are the Unix permissions, you either need to use 'getfacl' to see the extended ACLs or better still, check them from Windows. Is there a firewall running on the DC ? Or is Apparmor running ? Rowland