thr3ads.net - samba - [Samba] I can't login into my Linux client with Samba DC users. [Jul 2021]

If this information is useful, please help other people find it:
Share via:

Rowland Penny

2021-Jul-14 11:01 UTC

[Samba] I can't login into my Linux client with Samba DC users.

On Wed, 2021-07-14 at 10:41 +0000, Jason Long wrote:> Thank you.
> 
> As you see:
> # samba-tool domain info 192.168.56.7
> Forest           : mydomain.z
> Domain           : mydomain.z
> Netbios domain   : MYDOMAIN
> DC name          : mydc.mydomain.z
> DC netbios name  : MYDC
> Server site      : Default-First-Site-Name
> Client site      : Default-First-Site-Name
> 
> If my configuration is wrong, then how can I fix it?
> 
> 
> 
> 
> 
> On Monday, July 12, 2021, 11:29:30 PM GMT+4:30, Rowland Penny via
> samba <samba at lists.samba.org> wrote: 
> 
> 
> 
> 
> 
> On Mon, 2021-07-12 at 18:44 +0000, Jason Long via samba wrote:
> > Hello,
> > I had a thread with the name "I can't join my Linux client to
my
> > Samba DC." and I joined my Linux client to my Samba DC, but I
can't
> > login into my Linux client with my Samba DC users.
> > I have a Samba DC as below:
> > 
> > 
> > # samba-tool domain info 192.168.56.7
> > Forest          : mydomain.z
> > Domain          : mydomain.z
> > Netbios domain  : MYDOMAIN
> > DC name          : mydc.mydomain.z
> > DC netbios name  : MYDC
> > Server site      : Default-First-Site-Name
> > Client site      : Default-First-Site-Name
> > 
> > 
> > 
> > 
> > And I want to join my Linux client to my Samba DC. The content of
> > "smb.conf" file on my Linux client is:
> > 
> > 
> > [global]
> >     workgroup = MYDC
> >     security = ADS
> >     realm = MYDC.MYDOMAIN.Z
> 
> Your realm isn't 'MYDC.MYDOMAIN.Z' , from what you have posted,
your
> realm should be 'MYDOMAIN.Z'
> 
> Also, I doubt that your workgroup name is 'MYDC' as this appears to
> be
> your DCs short hostname. If your workgroup (aka NetBios domain name)
> is
> the same as your DC's short hostname, then I suggest you fix this
> 
You have set your workgroup to 'MYDC' and you also posted 'DC
netbios
name  : MYDC', you also posted 'Netbios domain  : MYDOMAIN', another
name for 'Netbios domain' is 'workgroup'.
'DC netbios name' != 'Netbios domain'

You also seem to be using the DC's FQDN for the realm, it should be the
dns domain in uppercase, which in your case seems to be 'MYDOMAIN.Z'

Rowland

Jason Long

2021-Jul-14 11:09 UTC

head link

[Samba] I can't login into my Linux client with Samba DC users.

Thanks.
1- Why Windows client working with it without any problem?
2- How can I fix it?






On Wednesday, July 14, 2021, 03:32:21 PM GMT+4:30, Rowland Penny via samba
<samba at lists.samba.org> wrote:





On Wed, 2021-07-14 at 10:41 +0000, Jason Long wrote:> Thank you.
> 
> As you see:
> # samba-tool domain info 192.168.56.7
> Forest? ? ? ? ? : mydomain.z
> Domain? ? ? ? ? : mydomain.z
> Netbios domain? : MYDOMAIN
> DC name? ? ? ? ? : mydc.mydomain.z
> DC netbios name? : MYDC
> Server site? ? ? : Default-First-Site-Name
> Client site? ? ? : Default-First-Site-Name
> 
> If my configuration is wrong, then how can I fix it?
> 
> 
> 
> 
> 
> On Monday, July 12, 2021, 11:29:30 PM GMT+4:30, Rowland Penny via
> samba <samba at lists.samba.org> wrote: 
> 
> 
> 
> 
> 
> On Mon, 2021-07-12 at 18:44 +0000, Jason Long via samba wrote:
> > Hello,
> > I had a thread with the name "I can't join my Linux client to
my
> > Samba DC." and I joined my Linux client to my Samba DC, but I
can't
> > login into my Linux client with my Samba DC users.
> > I have a Samba DC as below:
> > 
> > 
> > # samba-tool domain info 192.168.56.7
> > Forest? ? ? ? ? : mydomain.z
> > Domain? ? ? ? ? : mydomain.z
> > Netbios domain? : MYDOMAIN
> > DC name? ? ? ? ? : mydc.mydomain.z
> > DC netbios name? : MYDC
> > Server site? ? ? : Default-First-Site-Name
> > Client site? ? ? : Default-First-Site-Name
> > 
> > 
> > 
> > 
> > And I want to join my Linux client to my Samba DC. The content of
> > "smb.conf" file on my Linux client is:
> > 
> > 
> > [global]
> >? ? workgroup = MYDC
> >? ? security = ADS
> >? ? realm = MYDC.MYDOMAIN.Z
> 
> Your realm isn't 'MYDC.MYDOMAIN.Z' , from what you have posted,
your
> realm should be 'MYDOMAIN.Z'
> 
> Also, I doubt that your workgroup name is 'MYDC' as this appears to
> be
> your DCs short hostname. If your workgroup (aka NetBios domain name)
> is
> the same as your DC's short hostname, then I suggest you fix this
> 
You have set your workgroup to 'MYDC' and you also posted 'DC
netbios
name? : MYDC', you also posted 'Netbios domain? : MYDOMAIN', another
name for 'Netbios domain' is 'workgroup'.
'DC netbios name' != 'Netbios domain'

You also seem to be using the DC's FQDN for the realm, it should be the
dns domain in uppercase, which in your case seems to be 'MYDOMAIN.Z'


Rowland



-- 
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba

L.P.H. van Belle

2021-Jul-14 11:22 UTC

head link

[Samba] I can't login into my Linux client with Samba DC users.

> 1- Why Windows client working with it without any problem?Because when the join the primary DNS domain is always correct
And you most probely did set the ip's of the DC's as resolvers for them.

You asked this before and we asked info before.. 
Im still waiting.. (thats why i also didnt reply before).. 

Most probley your error is in the resolving order. 
Run this on 1 DC and 1 member. 
https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh

DONT change the structures of the setup when you anonymize it. 

Now this :  samba-tool domain info 192.168.56.7
Why are you not using : samba-tool domain info hostname.fqdn
Im just wondering.
So my advice is, try to avoid testing with ipnumbers and start testing with
FQDN's.
This will help in finding/and later avoiding resolving problems. 


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Jason Long via samba
> Verzonden: woensdag 14 juli 2021 13:09
> Aan: sambalist; Rowland Penny
> Onderwerp: Re: [Samba] I can't login into my Linux client 
> with Samba DC users.
> 
> Thanks.
> 1- Why Windows client working with it without any problem?
> 2- How can I fix it?
> 
> 
> 
> 
> 
> 
> On Wednesday, July 14, 2021, 03:32:21 PM GMT+4:30, Rowland 
> Penny via samba <samba at lists.samba.org> wrote: 
> 
> 
> 
> 
> 
> On Wed, 2021-07-14 at 10:41 +0000, Jason Long wrote:
> > Thank you.
> > 
> > As you see:
> > # samba-tool domain info 192.168.56.7
> > Forest? ? ? ? ? : mydomain.z
> > Domain? ? ? ? ? : mydomain.z
> > Netbios domain? : MYDOMAIN
> > DC name? ? ? ? ? : mydc.mydomain.z
> > DC netbios name? : MYDC
> > Server site? ? ? : Default-First-Site-Name
> > Client site? ? ? : Default-First-Site-Name
> > 
> > If my configuration is wrong, then how can I fix it?
> > 
> > 
> > 
> > 
> > 
> > On Monday, July 12, 2021, 11:29:30 PM GMT+4:30, Rowland Penny via
> > samba <samba at lists.samba.org> wrote: 
> > 
> > 
> > 
> > 
> > 
> > On Mon, 2021-07-12 at 18:44 +0000, Jason Long via samba wrote:
> > > Hello,
> > > I had a thread with the name "I can't join my Linux
client to my
> > > Samba DC." and I joined my Linux client to my Samba DC, 
> but I can't
> > > login into my Linux client with my Samba DC users.
> > > I have a Samba DC as below:
> > > 
> > > 
> > > # samba-tool domain info 192.168.56.7
> > > Forest? ? ? ? ? : mydomain.z
> > > Domain? ? ? ? ? : mydomain.z
> > > Netbios domain? : MYDOMAIN
> > > DC name? ? ? ? ? : mydc.mydomain.z
> > > DC netbios name? : MYDC
> > > Server site? ? ? : Default-First-Site-Name
> > > Client site? ? ? : Default-First-Site-Name
> > > 
> > > 
> > > 
> > > 
> > > And I want to join my Linux client to my Samba DC. The content of
> > > "smb.conf" file on my Linux client is:
> > > 
> > > 
> > > [global]
> > >? ? workgroup = MYDC
> > >? ? security = ADS
> > >? ? realm = MYDC.MYDOMAIN.Z
> > 
> > Your realm isn't 'MYDC.MYDOMAIN.Z' , from what you have
posted, your
> > realm should be 'MYDOMAIN.Z'
> > 
> > Also, I doubt that your workgroup name is 'MYDC' as this
appears to
> > be
> > your DCs short hostname. If your workgroup (aka NetBios domain name)
> > is
> > the same as your DC's short hostname, then I suggest you fix this
> > 
> 
> You have set your workgroup to 'MYDC' and you also posted 'DC
netbios
> name? : MYDC', you also posted 'Netbios domain? : MYDOMAIN',
another
> name for 'Netbios domain' is 'workgroup'.
> 'DC netbios name' != 'Netbios domain'
> 
> You also seem to be using the DC's FQDN for the realm, it 
> should be the
> dns domain in uppercase, which in your case seems to be
'MYDOMAIN.Z'
> 
> 
> Rowland
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:? https://lists.samba.org/mailman/options/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>

samba - Jul 2021 - I can't login into my Linux client with Samba DC users.

[Samba] I can't login into my Linux client with Samba DC users.

[Samba] I can't login into my Linux client with Samba DC users.

[Samba] I can't login into my Linux client with Samba DC users.