L.P.H. van Belle
2021-Jul-19 07:24 UTC
[Samba] I can't login into my Linux client with Samba DC users.
What Rowland Said + On "Server" Theres still sss defined in nsswitch.conf netgroup: sss files automount: sss files services: sss files Remove all sss entries. I do think there is still something wrong because. In smb.conf i see. interfaces = lo enp0s17 enp0s17: inet 192.168.56.7/24 /etc/hosts 192.168.56.7 mydc.mydomain.z mydc 10.0.3.15 mydc.mydomain.z << this one isnt doing anyting execpt causing problem. Remove it. Your member its hosts, should look like : /etc/hosts 192.168.56.9 node3.mydomain.z node3 /etc/resolv.conf search mydomain.z nameserver 192.168.56.7 There is also still : 10.0.3.15 same as on the Server. In order to change. 1) you network config ( ip/internface ) 2) /etc/hosts 3) /etc/resolvconf https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-linux-permanently/ Reboot, Verify the hostname with hostname -I All ipadresses hostname -A All hostnames and alias names. And hostname -f = FQDN (hostname -s + hostname -d ) hostname -d = dns domain (search line in resolve.conf) On both servers winbind must be installed and SSSd removed. Did you sync time of the member with the AD-DC? If not, Verify on the member at least and set it to the AD-DC. Edit /etc/systemd/timesyncd.conf Systemctl daemon-reload Then thats all done and looking ok. Kinit Administrator does that work now? Now, last question, whats the idea with the 2 nic's AD-DC, thats not an easy setup. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Jason Long via samba > Verzonden: zondag 18 juli 2021 16:50 > Aan: samba at lists.samba.org; Rowland Penny > Onderwerp: Re: [Samba] I can't login into my Linux client > with Samba DC users. > > Thank you. > I removed "sssd" from my Linux client: > # yum remove sssd > > Then, changed "/etc/krb5.conf" as below: > > [libdefaults] > ? ? default_realm = MYDOMAIN.Z > ? ? dns_lookup_realm = false > ? ? dns_lookup_kdc = true > > Should I install?winbind and winbind-clients on the client? > > I executed the script on the server and client and results are: > > On server: > https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y > tk0KPMkBind5U > > On client: > https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV > wJMZUzFNjtEwa > > > > > > > > > > On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny > via samba <samba at lists.samba.org> wrote: > > > > > > On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote: > > > > > I installed Samba from its manual and in Samba manual, the "sss" > > existed. Why "sss" doesn't need? > > If sssd is installed, remove it, you cannot use sssd with Samba. > > > > > And I changed the content of "/etc/krb5.conf" to: > > > > > > On the Linux client: > > I added below lines to the "/etc/hosts" file: > > > > 127.0.0.1? localhost localhost.localdomain localhost4 > > localhost4.localdomain4 > > ::1? ? ? ? localhost localhost.localdomain localhost6 > > localhost6.localdomain6 > > 192.168.56.7 mydc.mydomain.z mydc > > 10.0.3.15? mydc.mydomain.z > > You cannot multihome a DC, choose an ipaddress and use just that one. > > > > > The content of the "/etc/krb5.conf" file is: > > > > includedir /etc/krb5.conf.d/ > > [libdefaults] > >? ? default_realm = MYDC.MYDOMAIN.Z > > HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' IS NOT YOUR > REALM!!! > > Your realm is 'MYDOMAIN.Z' > > >? ? dns_lookup_realm = false > >? ? dns_lookup_kdc = true > > > > > > You can remove the rest of /etc/krb5.conf , you do not need it. > > > > > > > I rebooted my client and I can't login to my Linux client with my > > Samba DC usernames. > > Have you installed winbind and winbind-clients ? > > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >
Jason Long
2021-Jul-19 09:08 UTC
[Samba] I can't login into my Linux client with Samba DC users.
Hello, Thank you so much. I removed all sss entries from the server and client, then I removed below line from the "/etc/hosts" file: 10.0.3.15? mydc.mydomain.z After it, I disabled my second NIC (10.0.3.15) from both of server and client, then changed "/etc/resolve.conf" file on the Linux client as below: search mydomain.z nameserver 192.168.56.7 The date and?time are same on both of server and client and "Kinit Administrator" command worked on server. On Linux client, I executed below commands: # hostname -I 192.168.56.9 # hostname -A node3.mydomain.z # hostname -f node3.localhost.localdomain Why "node3.localhost.localdomain"? Should I rejoin my Linux client to my Samba domain? On Monday, July 19, 2021, 11:55:23 AM GMT+4:30, L.P.H. van Belle via samba <samba at lists.samba.org> wrote: What Rowland Said + On "Server"? Theres still sss defined in nsswitch.conf netgroup:? sss files automount:? sss files services:? sss files Remove all sss entries.? I do think there is still something wrong because. In smb.conf i see. interfaces = lo enp0s17 enp0s17:? inet 192.168.56.7/24 /etc/hosts 192.168.56.7 mydc.mydomain.z mydc 10.0.3.15? mydc.mydomain.z??? << this one isnt doing anyting execpt causing problem. Remove it. Your member its hosts, should look like : /etc/hosts 192.168.56.9 node3.mydomain.z node3 /etc/resolv.conf search mydomain.z nameserver 192.168.56.7 There is also still : 10.0.3.15? same as on the Server. In order to change. 1) you network config ( ip/internface ) 2) /etc/hosts 3) /etc/resolvconf https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora-linux-permanently/ Reboot, Verify the hostname with hostname -I??? All ipadresses hostname -A All hostnames and alias names. And hostname -f = FQDN (hostname -s? + hostname -d ) hostname -d = dns domain (search line in resolve.conf) On both servers winbind must be installed and SSSd removed. Did you sync time of the member with the AD-DC? If not, Verify on the member at least and set it to the AD-DC. Edit /etc/systemd/timesyncd.conf Systemctl daemon-reload Then thats all done and looking ok. Kinit Administrator? does that work now? Now, last question, whats the idea with the 2 nic's AD-DC, thats not an easy setup. Greetz, Louis> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Jason Long via samba > Verzonden: zondag 18 juli 2021 16:50 > Aan: samba at lists.samba.org; Rowland Penny > Onderwerp: Re: [Samba] I can't login into my Linux client > with Samba DC users. > > Thank you. > I removed "sssd" from my Linux client: > # yum remove sssd > > Then, changed "/etc/krb5.conf" as below: > > [libdefaults] > ? ? default_realm = MYDOMAIN.Z > ? ? dns_lookup_realm = false > ? ? dns_lookup_kdc = true > > Should I install?winbind and winbind-clients on the client? > > I executed the script on the server and client and results are: > > On server: > https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y > tk0KPMkBind5U > > On client: > https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV > wJMZUzFNjtEwa > > > > > > > > > > On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny > via samba <samba at lists.samba.org> wrote: > > > > > > On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote: > > > > > I installed Samba from its manual and in Samba manual, the "sss" > > existed. Why "sss" doesn't need? > > If sssd is installed, remove it, you cannot use sssd with Samba. > > > > > And I changed the content of "/etc/krb5.conf" to: > > > > > > On the Linux client: > > I added below lines to the "/etc/hosts" file: > > > > 127.0.0.1? localhost localhost.localdomain localhost4 > > localhost4.localdomain4 > > ::1? ? ? ? localhost localhost.localdomain localhost6 > > localhost6.localdomain6 > > 192.168.56.7 mydc.mydomain.z mydc > > 10.0.3.15? mydc.mydomain.z > > You cannot multihome a DC, choose an ipaddress and use just that one. > > > > > The content of the "/etc/krb5.conf" file is: > > > > includedir /etc/krb5.conf.d/ > > [libdefaults] > >? ? default_realm = MYDC.MYDOMAIN.Z > > HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' IS NOT YOUR > REALM!!! > > Your realm is 'MYDOMAIN.Z' > > >? ? dns_lookup_realm = false > >? ? dns_lookup_kdc = true > > > > > > You can remove the rest of /etc/krb5.conf , you do not need it. > > > > > > > I rebooted my client and I can't login to my Linux client with my > > Samba DC usernames. > > Have you installed winbind and winbind-clients ? > > > Rowland > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba > > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba> >-- To unsubscribe from this list go to the following URL and read the instructions:? https://lists.samba.org/mailman/options/samba
L.P.H. van Belle
2021-Jul-19 09:55 UTC
[Samba] I can't login into my Linux client with Samba DC users.
> -----Oorspronkelijk bericht----- > Van: Jason Long [mailto:hack3rcon at yahoo.com] > Verzonden: maandag 19 juli 2021 11:09 > Aan: samba at lists. samba. org; L.P.H. van Belle > Onderwerp: Re: [Samba] I can't login into my Linux client > with Samba DC users. > > Hello, > Thank you so much. > I removed all sss entries from the server and client, then I > removed below line from the "/etc/hosts" file: > 10.0.3.15? mydc.mydomain.z > > After it, I disabled my second NIC (10.0.3.15) from both of > server and client, then changed "/etc/resolve.conf" file on > the Linux client as below: > > search mydomain.z > nameserver 192.168.56.7 > > The date and?time are same on both of server and client and > "Kinit Administrator" command worked on server. > > On Linux client, I executed below commands: > > # hostname -I > 192.168.56.9 > # hostname -A > node3.mydomain.z > # hostname -f > node3.localhost.localdomainVerify this.. /etc/hostname Should only contain : node3 And yes, you might want to rejoin after all hostname/domainnames are correct on the client. At least thats is what i recommend. Adjust as shown, reboot, check again with : hostname -d hostname -s hostname -f That thats all good, then join again. Greetz, Louis> > Why "node3.localhost.localdomain"? Should I rejoin my Linux > client to my Samba domain? > > > > > > On Monday, July 19, 2021, 11:55:23 AM GMT+4:30, L.P.H. van > Belle via samba <samba at lists.samba.org> wrote: > > > > > > What Rowland Said + > > On "Server"? > Theres still sss defined in nsswitch.conf > netgroup:? sss files > automount:? sss files > services:? sss files > Remove all sss entries.? > > I do think there is still something wrong because. > In smb.conf i see. > interfaces = lo enp0s17 > > enp0s17:? inet 192.168.56.7/24 > > /etc/hosts > 192.168.56.7 mydc.mydomain.z mydc > 10.0.3.15? mydc.mydomain.z??? << this one isnt doing anyting > execpt causing problem. > > Remove it. > > Your member its hosts, should look like : > /etc/hosts > 192.168.56.9 node3.mydomain.z node3 > > /etc/resolv.conf > search mydomain.z > nameserver 192.168.56.7 > > > There is also still : 10.0.3.15? same as on the Server. > In order to change. > 1) you network config ( ip/internface ) > 2) /etc/hosts > 3) /etc/resolvconf > > https://www.cyberciti.biz/faq/howto-change-hostname-in-fedora- > linux-permanently/ > > Reboot, > > Verify the hostname with > hostname -I??? All ipadresses > hostname -A All hostnames and alias names. > > And hostname -f = FQDN (hostname -s? + hostname -d ) > hostname -d = dns domain (search line in resolve.conf) > > On both servers winbind must be installed and SSSd removed. > > Did you sync time of the member with the AD-DC? If not, > Verify on the member at least and set it to the AD-DC. > Edit /etc/systemd/timesyncd.conf > Systemctl daemon-reload > > Then thats all done and looking ok. > > Kinit Administrator? does that work now? > > > Now, last question, whats the idea with the 2 nic's AD-DC, > thats not an easy setup. > > > Greetz, > > Louis > > > > -----Oorspronkelijk bericht----- > > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > > Jason Long via samba > > Verzonden: zondag 18 juli 2021 16:50 > > Aan: samba at lists.samba.org; Rowland Penny > > Onderwerp: Re: [Samba] I can't login into my Linux client > > with Samba DC users. > > > > Thank you. > > I removed "sssd" from my Linux client: > > # yum remove sssd > > > > Then, changed "/etc/krb5.conf" as below: > > > > [libdefaults] > > ? ? default_realm = MYDOMAIN.Z > > ? ? dns_lookup_realm = false > > ? ? dns_lookup_kdc = true > > > > Should I install?winbind and winbind-clients on the client? > > > > I executed the script on the server and client and results are: > > > > On server: > > https://0bin.net/paste/i6JpJ9fp#j3yydvkUw9tXWO2P2oXIuBZVg-7c8y > > tk0KPMkBind5U > > > > On client: > > https://0bin.net/paste/ewb5i6Va#FEoBJ7QHCyxUTJOFHNo4tELG6sDAzV > > wJMZUzFNjtEwa > > > > > > > > > > > > > > > > > > > > On Sunday, July 18, 2021, 01:12:16 PM GMT+4:30, Rowland Penny > > via samba <samba at lists.samba.org> wrote: > > > > > > > > > > > > On Sun, 2021-07-18 at 08:15 +0000, Jason Long via samba wrote: > > > > > > > > I installed Samba from its manual and in Samba manual, the "sss" > > > existed. Why "sss" doesn't need? > > > > If sssd is installed, remove it, you cannot use sssd with Samba. > > > > > > > > And I changed the content of "/etc/krb5.conf" to: > > > > > > > > > On the Linux client: > > > I added below lines to the "/etc/hosts" file: > > > > > > 127.0.0.1? localhost localhost.localdomain localhost4 > > > localhost4.localdomain4 > > > ::1? ? ? ? localhost localhost.localdomain localhost6 > > > localhost6.localdomain6 > > > 192.168.56.7 mydc.mydomain.z mydc > > > 10.0.3.15? mydc.mydomain.z > > > > You cannot multihome a DC, choose an ipaddress and use just > that one. > > > > > > > > The content of the "/etc/krb5.conf" file is: > > > > > > includedir /etc/krb5.conf.d/ > > > [libdefaults] > > >? ? default_realm = MYDC.MYDOMAIN.Z > > > > HOW MANY TIMES DO I HAVE TO TO TELL YOU, 'MYDC.MYDOMAIN.Z' > IS NOT YOUR > > REALM!!! > > > > Your realm is 'MYDOMAIN.Z' > > > > >? ? dns_lookup_realm = false > > >? ? dns_lookup_kdc = true > > > > > > > > > > You can remove the rest of /etc/krb5.conf , you do not need it. > > > > > > > > > > > I rebooted my client and I can't login to my Linux client with my > > > Samba DC usernames. > > > > Have you installed winbind and winbind-clients ? > > > > > > Rowland > > > > > > > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions:? https://lists.samba.org/mailman/options/samba > > > > -- > > To unsubscribe from this list go to the following URL and read the > > instructions:? https://lists.samba.org/mailman/options/samba > > > > > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions:? https://lists.samba.org/mailman/options/samba > >