samba - Jul 2021 - I can't login into my Linux client with Samba DC users.

On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba
wrote:
> 
> I installed Samba from its manual and in Samba manual, the "sss"
> existed. Why "sss" doesn't need? 
If sssd is installed, remove it, you cannot use sssd with Samba.
> 
> And I changed the content of "/etc/krb5.conf" to:
> 
> 
> On the Linux client:
> I added below lines to the "/etc/hosts" file:
> 
> 127.0.0.1   localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1         localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 192.168.56.7 mydc.mydomain.z mydc
> 10.0.3.15  mydc.mydomain.z
You cannot multihome a DC, choose an ipaddress and use just that one.
> 
> The content of the "/etc/krb5.conf" file is:
> 
> includedir /etc/krb5.conf.d/
> [libdefaults]
>     default_realm = MYDC.MYDOMAIN.Z
HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' IS NOT YOUR
REALM!!!

Your realm is 'MYDOMAIN.Z'
>     dns_lookup_realm = false
>     dns_lookup_kdc = true
> 
> 
You can remove the rest of /etc/krb5.conf , you do not need it.
> 
> 
> I rebooted my client and I can't login to my Linux client with my
> Samba DC usernames.
Have you installed winbind and winbind-clients ?

Rowland

Thank you.
I removed "sssd" from my Linux client:
# yum remove sssd

Then, changed "/etc/krb5.conf" as below:

[libdefaults]
? ? default_realm = MYDOMAIN.Z
? ? dns_lookup_realm = false
? ? dns_lookup_kdc = true

Should I install?winbind and winbind-clients on the client?

I executed the script on the server and client and results are:

On server:
https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8ytk0KPMkBind5U

On client:
https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzVwJMZUzFNjtEwa









On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny via samba
<samba at lists.samba.org> wrote:





On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba
wrote:
> 
> I installed Samba from its manual and in Samba manual, the "sss"
> existed. Why "sss" doesn't need? 
If sssd is installed, remove it, you cannot use sssd with Samba.
> 
> And I changed the content of "/etc/krb5.conf" to:
> 
> 
> On the Linux client:
> I added below lines to the "/etc/hosts" file:
> 
> 127.0.0.1? localhost localhost.localdomain localhost4
> localhost4.localdomain4
> ::1? ? ? ? localhost localhost.localdomain localhost6
> localhost6.localdomain6
> 192.168.56.7 mydc.mydomain.z mydc
> 10.0.3.15? mydc.mydomain.z
You cannot multihome a DC, choose an ipaddress and use just that one.
> 
> The content of the "/etc/krb5.conf" file is:
> 
> includedir /etc/krb5.conf.d/
> [libdefaults]
>? ? default_realm = MYDC.MYDOMAIN.Z
HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' IS NOT YOUR
REALM!!!

Your realm is 'MYDOMAIN.Z'
>? ? dns_lookup_realm = false
>? ? dns_lookup_kdc = true
> 
> 
You can remove the rest of /etc/krb5.conf , you do not need it.
> 
> 
> I rebooted my client and I can't login to my Linux client with my
> Samba DC usernames.
Have you installed winbind and winbind-clients ?


Rowland




-- 
To unsubscribe from this list go to the following URL and read the
instructions:? https://lists.samba.org/mailman/options/samba

What Rowland Said + 

On "Server"  
Theres still sss defined in nsswitch.conf 
netgroup:   sss files
automount:  sss files
services:   sss files
Remove all sss entries.  

I do think there is still something wrong because.
In smb.conf i see. 
interfaces = lo enp0s17 

enp0s17:   inet 192.168.56.7/24 

/etc/hosts 
192.168.56.7 mydc.mydomain.z mydc 
10.0.3.15  mydc.mydomain.z	<< this one isnt doing anyting execpt causing
problem.

Remove it. 

Your member its hosts, should look like : 
/etc/hosts 
192.168.56.9 node3.mydomain.z node3

/etc/resolv.conf 
search mydomain.z
nameserver 192.168.56.7


There is also still : 10.0.3.15  same as on the Server. 
In order to change. 
1) you network config ( ip/internface ) 
2) /etc/hosts
3) /etc/resolvconf 

https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-linux-permanently/

Reboot, 

Verify the hostname with 
hostname -I	All ipadresses 
hostname -A All hostnames and alias names. 

And hostname -f = FQDN (hostname -s  + hostname -d ) 
hostname -d = dns domain (search line in resolve.conf) 

On both servers winbind must be installed and SSSd removed. 

Did you sync time of the member with the AD-DC? If not, 
Verify on the member at least and set it to the AD-DC.
Edit /etc/systemd/timesyncd.conf
Systemctl daemon-reload

Then thats all done and looking ok. 

Kinit Administrator  does that work now? 


Now, last question, whats the idea with the 2 nic's AD-DC, thats not an easy
setup.


Greetz, 

Louis

> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces at lists.samba.org] Namens 
> Jason Long via samba
> Verzonden: zondag 18 juli 2021 16:50
> Aan: samba at lists.samba.org; Rowland Penny
> Onderwerp: Re: [Samba] I can't login into my Linux client 
> with Samba DC users.
> 
> Thank you.
> I removed "sssd" from my Linux client:
> # yum remove sssd
> 
> Then, changed "/etc/krb5.conf" as below:
> 
> [libdefaults]
> ? ? default_realm = MYDOMAIN.Z
> ? ? dns_lookup_realm = false
> ? ? dns_lookup_kdc = true
> 
> Should I install?winbind and winbind-clients on the client?
> 
> I executed the script on the server and client and results are:
> 
> On server:
> https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y
> tk0KPMkBind5U
> 
> On client:
> https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV
> wJMZUzFNjtEwa
> 
> 
> 
> 
> 
> 
> 
> 
> 
> On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny 
> via samba <samba at lists.samba.org> wrote: 
> 
> 
> 
> 
> 
> On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote:
> > 
> 
> > I installed Samba from its manual and in Samba manual, the
"sss"
> > existed. Why "sss" doesn't need? 
> 
> If sssd is installed, remove it, you cannot use sssd with Samba.
> 
> > 
> > And I changed the content of "/etc/krb5.conf" to:
> > 
> > 
> > On the Linux client:
> > I added below lines to the "/etc/hosts" file:
> > 
> > 127.0.0.1? localhost localhost.localdomain localhost4
> > localhost4.localdomain4
> > ::1? ? ? ? localhost localhost.localdomain localhost6
> > localhost6.localdomain6
> > 192.168.56.7 mydc.mydomain.z mydc
> > 10.0.3.15? mydc.mydomain.z
> 
> You cannot multihome a DC, choose an ipaddress and use just that one.
> 
> > 
> > The content of the "/etc/krb5.conf" file is:
> > 
> > includedir /etc/krb5.conf.d/
> > [libdefaults]
> >? ? default_realm = MYDC.MYDOMAIN.Z
> 
> HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' IS NOT
YOUR
> REALM!!!
> 
> Your realm is 'MYDOMAIN.Z'
> 
> >? ? dns_lookup_realm = false
> >? ? dns_lookup_kdc = true
> > 
> > 
> 
> You can remove the rest of /etc/krb5.conf , you do not need it.
> 
> > 
> > 
> > I rebooted my client and I can't login to my Linux client with my
> > Samba DC usernames.
> 
> Have you installed winbind and winbind-clients ?
> 
> 
> Rowland
> 
> 
> 
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:? https://lists.samba.org/mailman/options/samba
> 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
>