Hi, I followed the guide here below to add my Samba client to an AD PDC (rid backend): https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member The end result is that commands such as: # wbinfo -g # wbinfo -u work fine in that I get a domain group and user listing. Also, computers in the domain network can transparently authenticate (Windows) to the newly-added (joined) Linux domain member, and they can view all the configured shares (with access control). However, there are things that are failing: # wbinfo --ping-dc checking the NETLOGON for domain[DOMAIN] dc connection to "" failed failed to call wbcPingDc: WBC_ERR_DOMAIN_NOT_FOUND # wbinfo -t checking the trust secret for domain DOMAIN via RPC calls failed wbcCheckTrustCredentials(DOMAIN): error code was NT_STATUS_ACCESS_DENIED (0xc0000022) failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR Could not check secret # nslookup> set type=SRV > _ldap._tcp.mydomain.orgServer: 10.2.1.3 Address: 10.2.1.3#53 _ldap._tcp.mydomain.org service = 0 100 389 dc1.mydomain.org. _ldap._tcp.mydomain.org service = 0 100 389 dc2.mydomain.org. _ldap._tcp.mydomain.org service = 0 100 389 dc3.mydomain.org. # /usr/bin/ntlm_auth --request-nt-key --username=myuser --domain=DOMAIN WARNING: The "encrypt passwords" option is deprecated Password: NT_STATUS_ACCESS_DENIED: {Access Denied} A process has requested access to an object but has not been granted those access rights. (0xc0000022) What can I try? In the --ping-dc test, why is the "connection to" string value empty? Regards, Vieri
On 15/06/2020 07:56, Vieri Di Paola via samba wrote:> Hi, > > I followed the guide here below to add my Samba client to an AD PDC > (rid backend):No such thing, there is an NT4-style PDC and an AD DC, but not a combination of the two ;-)> Also, computers in the domain network can transparently authenticate > (Windows) to the newly-added (joined) Linux domain member, and they > can view all the configured shares (with access control). > > However, there are things that are failing: > > > > # /usr/bin/ntlm_auth --request-nt-key --username=myuser > --domain=DOMAIN > WARNING: The "encrypt passwords" option is deprecatedWhere on the wikipage you linked to, does it say to add the 'encrypt passwords' parameter ? Everything should work, it sounds like a mis-configuration somewhere. What OS is this ? Can you post your smb.conf Rowland