Jeremy
2019-Sep-10 03:57 UTC
[Samba] Using net ads user to get child domain users on Samba 4.10.7
Hi all, I have an question about getting child domain users on Samba 4.10.7. 1. I have the command net ads search '(objectCategory=trustedDomain)' -P and already get the info below: objectClass: top objectClass: leaf objectClass: trustedDomain cn: hardware.qsan.ad.com distinguishedName: CN=hardware.qsan.ad.com,CN=System,DC=qsan,DC=ad,DC=com instanceType: 4 whenCreated: 20180611041431.0Z whenChanged: 20190824083646.0Z uSNCreated: 13099 uSNChanged: 5427247 showInAdvancedViewOnly: TRUE name: hardware.qsan.ad.com objectGUID: ed241fe5-a87a-401b-b28a-b553f408f6e9 trustDirection: 3 trustPartner: hardware.qsan.ad.com trustPosixOffset: 1073741824 trustType: 2 trustAttributes: 32 flatName: HARDWARE objectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=qsan,DC=ad,DC=com isCriticalSystemObject: TRUE dSCorePropagationData: 16010101000000.0Z 2. But when i use "net ads user -w hardware.qsan.ad.com -P" can't get any users and i'm sure i can ping hardware.qsan.ad.com. Error messages: ads_connect: No logon servers are currently available to service the logon request. 3. Command for "wbinfo -u" can get users from hardware.qsan.ad.com like "HARDWARE/tim". Could any one help me to figure out this and i'm so grateful. Best Regards Jeremy
Rowland penny
2019-Sep-10 07:18 UTC
[Samba] Using net ads user to get child domain users on Samba 4.10.7
On 10/09/2019 04:57, Jeremy via samba wrote:> Hi all, > > I have an question about getting child domain users on Samba 4.10.7. > 1. I have the command net ads search '(objectCategory=trustedDomain)' -P > and already get the info below: > objectClass: top > objectClass: leaf > objectClass: trustedDomain > cn: hardware.qsan.ad.com > distinguishedName: CN=hardware.qsan.ad.com,CN=System,DC=qsan,DC=ad,DC=com > instanceType: 4 > whenCreated: 20180611041431.0Z > whenChanged: 20190824083646.0Z > uSNCreated: 13099 > uSNChanged: 5427247 > showInAdvancedViewOnly: TRUE > name: hardware.qsan.ad.com > objectGUID: ed241fe5-a87a-401b-b28a-b553f408f6e9 > trustDirection: 3 > trustPartner: hardware.qsan.ad.com > trustPosixOffset: 1073741824 > trustType: 2 > trustAttributes: 32 > flatName: HARDWARE > objectCategory: > CN=Trusted-Domain,CN=Schema,CN=Configuration,DC=qsan,DC=ad,DC=com > isCriticalSystemObject: TRUE > dSCorePropagationData: 16010101000000.0Z > > 2. But when i use "net ads user -w hardware.qsan.ad.com -P" can't get any > users and i'm sure i can ping hardware.qsan.ad.com. > > Error messages: ads_connect: No logon servers are currently available to > service the logon request. > > 3. Command for "wbinfo -u" can get users from hardware.qsan.ad.com like > "HARDWARE/tim". > > Could any one help me to figure out this and i'm so grateful. > > > Best Regards > JeremyNever tried this, but '-w' is for the workgroup name and you seem to be passing a dns name, have you tried it like this: net ads user -w HARDWARE -P Rowland
Jeremy
2019-Sep-10 09:24 UTC
[Samba] Using net ads user to get child domain users on Samba 4.10.7
Hi Rowland, Thank you for your reply. Yes, i have tried "net ads user -w HARDWARE -P", but it's still fail. I have add -d10 to llookup the debug mode and got the info below: ads_find_dc: (ldap) looking for realm '' and falling back to domain 'HARDWARE' Opening cache file at /mnt/pool/SYSPOOL/cache/samba/lock/gencache.tdb sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': "Default-First-Site-Name" ads_dc_name: domain=HARDWARE resolve_and_ping_netbios: (cldap) looking for domain 'HARDWARE' get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for "HARDWARE" domain get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, *" internal_resolve_name: looking up HARDWARE#1c (sitename (null)) name HARDWARE#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': "Default-First-Site-Name" internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 (sitename Default-First-Site-Name) name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed from DC list check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry 192.168.133.201 removed from DC list remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 0 ip addresses in an unordered list get_dc_list: ads_find_dc: name resolution for realm '' (domain 'HARDWARE') failed: NT_STATUS_NO_LOGON_SERVERS get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for "HARDWARE" domain get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, *" internal_resolve_name: looking up HARDWARE#1c (sitename (null)) name HARDWARE#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': "Default-First-Site-Name" internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 (sitename Default-First-Site-Name) name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed from DC list check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry 192.168.133.201 removed from DC list remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 0 ip addresses in an unordered list get_dc_list: Could not look up dc's for domain HARDWARE ads_connect: No logon servers are currently available to service the logon request. ads_find_dc: (ldap) looking for realm '' and falling back to domain 'HARDWARE' sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': "Default-First-Site-Name" ads_dc_name: domain=HARDWARE resolve_and_ping_netbios: (cldap) looking for domain 'HARDWARE' get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for "HARDWARE" domain get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, *" internal_resolve_name: looking up HARDWARE#1c (sitename (null)) name HARDWARE#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': "Default-First-Site-Name" internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 (sitename Default-First-Site-Name) name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed from DC list check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry 192.168.133.201 removed from DC list remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 0 ip addresses in an unordered list get_dc_list: ads_find_dc: name resolution for realm '' (domain 'HARDWARE') failed: NT_STATUS_NO_LOGON_SERVERS get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for "HARDWARE" domain get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, *" internal_resolve_name: looking up HARDWARE#1c (sitename (null)) name HARDWARE#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 1 DC's from auto lookup sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': "Default-First-Site-Name" internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 (sitename Default-First-Site-Name) name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed from DC list check_negative_conn_cache returning result -1073741823 for domain HARDWARE server 192.168.133.201 get_dc_list: negative entry 192.168.133.201 removed from DC list remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 0 ip addresses in an unordered list get_dc_list: Could not look up dc's for domain HARDWARE ads_connect: No logon servers are currently available to service the logon request. return code = -1 it says " Could not look up dc's for domain HARDWARE ". Did i have the wrong configs or others else? Thank you so much Jeremy
Rowland penny
2019-Sep-10 09:49 UTC
[Samba] Using net ads user to get child domain users on Samba 4.10.7
> On 10/09/2019 04:57, Jeremy via samba wrote: > Hi Rowland, > > Thank you for your reply. Yes, i have tried "net ads user -w HARDWARE > -P", but it's still fail. > I have add -d10 to llookup the debug mode and got the info below: > > ads_find_dc: (ldap) looking for realm '' and falling back to domain > 'HARDWARE' > Opening cache file at /mnt/pool/SYSPOOL/cache/samba/lock/gencache.tdb > sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': > Could not look up dc's for domain HARDWARE > ads_connect: No logon servers are currently available to service the logon > request. > return code = -1 > > it says " Could not look up dc's for domain HARDWARE ". Did i have the > wrong configs or others else?No idea, you haven't posted your smb.conf (yet) ;-) Rowland
Jeremy
2019-Sep-11 02:10 UTC
[Samba] Using net ads user to get child domain users on Samba 4.10.7
Hi Rowland, My smb.conf is showing below: server string = "Samba Server" security = ADS realm = QSAN.AD.COM workgroup = QSAN encrypt passwords = Yes winbind enum users = Yes winbind enum groups = Yes winbind cache time = 1800 idmap config * : backend = tdb idmap config * : range = 1000000-5000000 idmap config QSAN : backend = rid idmap config QSAN : range = 6000000-8000000 idmap config QSAN : base_rid = 0 template shell = /bin/sh template homedir = /share/UserHome/%D+%U Did i miss something? Could i ask how to get child domains users using "net" correctly? By the way, both of my AD servers are Windows server 2012 Best regards Jeremy On Tue, Sep 10, 2019 at 5:24 PM Jeremy <jeremy55662004 at gmail.com> wrote:> Hi Rowland, > > Thank you for your reply. Yes, i have tried "net ads user -w HARDWARE -P", > but it's still fail. > I have add -d10 to llookup the debug mode and got the info below: > > ads_find_dc: (ldap) looking for realm '' and falling back to domain > 'HARDWARE' > Opening cache file at /mnt/pool/SYSPOOL/cache/samba/lock/gencache.tdb > sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': > "Default-First-Site-Name" > ads_dc_name: domain=HARDWARE > resolve_and_ping_netbios: (cldap) looking for domain 'HARDWARE' > get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) > saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for > "HARDWARE" domain > get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, > *" > internal_resolve_name: looking up HARDWARE#1c (sitename (null)) > name HARDWARE#1C found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Adding 1 DC's from auto lookup > sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': > "Default-First-Site-Name" > internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 > (sitename Default-First-Site-Name) > name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed > from DC list > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry 192.168.133.201 removed from DC list > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 0 ip addresses in an unordered list > get_dc_list: > ads_find_dc: name resolution for realm '' (domain 'HARDWARE') failed: > NT_STATUS_NO_LOGON_SERVERS > get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) > saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for > "HARDWARE" domain > get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, > *" > internal_resolve_name: looking up HARDWARE#1c (sitename (null)) > name HARDWARE#1C found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Adding 1 DC's from auto lookup > sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': > "Default-First-Site-Name" > internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 > (sitename Default-First-Site-Name) > name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed > from DC list > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry 192.168.133.201 removed from DC list > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 0 ip addresses in an unordered list > get_dc_list: > Could not look up dc's for domain HARDWARE > ads_connect: No logon servers are currently available to service the logon > request. > ads_find_dc: (ldap) looking for realm '' and falling back to domain > 'HARDWARE' > sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': > "Default-First-Site-Name" > ads_dc_name: domain=HARDWARE > resolve_and_ping_netbios: (cldap) looking for domain 'HARDWARE' > get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) > saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for > "HARDWARE" domain > get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, > *" > internal_resolve_name: looking up HARDWARE#1c (sitename (null)) > name HARDWARE#1C found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Adding 1 DC's from auto lookup > sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': > "Default-First-Site-Name" > internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 > (sitename Default-First-Site-Name) > name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed > from DC list > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry 192.168.133.201 removed from DC list > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 0 ip addresses in an unordered list > get_dc_list: > ads_find_dc: name resolution for realm '' (domain 'HARDWARE') failed: > NT_STATUS_NO_LOGON_SERVERS > get_sorted_dc_list: attempting lookup for name HARDWARE (sitename NULL) > saf_fetch: Returning "WIN-CLGRS20I3FM.hardware.qsan.ad.com" for > "HARDWARE" domain > get_dc_list: preferred server list: "WIN-CLGRS20I3FM.hardware.qsan.ad.com, > *" > internal_resolve_name: looking up HARDWARE#1c (sitename (null)) > name HARDWARE#1C found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Adding 1 DC's from auto lookup > sitename_fetch: Returning sitename for realm 'QSAN.AD.COM': > "Default-First-Site-Name" > internal_resolve_name: looking up WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 > (sitename Default-First-Site-Name) > name WIN-CLGRS20I3FM.hardware.qsan.ad.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry WIN-CLGRS20I3FM.hardware.qsan.ad.com removed > from DC list > check_negative_conn_cache returning result -1073741823 for domain HARDWARE > server 192.168.133.201 > get_dc_list: negative entry 192.168.133.201 removed from DC list > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 0 ip addresses in an unordered list > get_dc_list: > Could not look up dc's for domain HARDWARE > ads_connect: No logon servers are currently available to service the logon > request. > return code = -1 > > it says " Could not look up dc's for domain HARDWARE ". Did i have the > wrong configs or others else? > > Thank you so much > > > Jeremy >
Maybe Matching Threads
- Using net ads user to get child domain users on Samba 4.10.7
- Using net ads user to get child domain users on Samba 4.10.7
- Joining Samba RODC, NT_STATUS_NOT_SUPPORTED
- Winbind logins failing after upgrade from Samba 3 to Samba 4
- Windows 2008 + FreeBSD 7.0 & Samba