Hi Rowland, The command given by you produced a long output of which few lines are below. ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b 'dc=emea,dc=media,dc=global,dc=loc' '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02))' WARNING: [printers] service MUST be printable! # record 1 dn: CN=Konrad Ochal (62056228),OU=Managed Users,OU=Standard Users,OU=User Accounts,DC=emea,DC=media,DC=global,DC=loc objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: Konrad Ochal (62056228) sn: Ochal But when I run the id command again , it still shows no such user. How to fix that ? Regards Sachin Kumar On Tue, Nov 2, 2021 at 2:05 PM Rowland Penny via samba < samba at lists.samba.org> wrote:> On Tue, 2021-11-02 at 13:39 +0530, Sac Isilia wrote: > > Hi Rowland, > > > > Sorry for the late reply. Below are the requested details. > > > > What OS are you using on the DC ? - Windows Server 2016 > > What version of Samba ? - 4.9.5 > > OS Samba packages or self-compiled ? - Samba packages > > What is the DC's short hostname ? - AZEUW1DCEM01 > > What is the DC's ipaddress - 10.19.26.136 > > > > The same for your Unix domain member. > > > > What is your dns domain ? - emea.media.global.loc > > What is your Netbios domain name (also known as the workgroup) ? > > - EMEA-MEDIA > > > > A reminder on this issue - I was able to join the server to > > domain EMEA-MEDIA but i am unable to id the domain users > > > > wbinfo -t > > checking the trust secret for domain EMEA-MEDIA via RPC calls > > succeeded > > > > id EMEA-MEDIA\\kochal02 > > id: ?EMEA-MEDIA\\kochal02?: no such user > > > > Please install ldb-tools (if not already installed), then run this > command: > > sudo ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b > 'dc=emea,dc=media,dc=global,dc=loc' > '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02))' > > That should produce the AD object for 'kochal02' > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland Penny
2021-Nov-02 08:51 UTC
[Samba] Not able to join Debian 10 to AD using winbind
On Tue, 2021-11-02 at 14:11 +0530, Sac Isilia wrote:> Hi Rowland, > > The command given by you produced a long output of which few lines > are below. > > ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b > 'dc=emea,dc=media,dc=global,dc=loc' > '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02) > )' > WARNING: [printers] service MUST be printable! > # record 1 > dn: CN=Konrad Ochal (62056228),OU=Managed Users,OU=Standard > Users,OU=User Accounts,DC=emea,DC=media,DC=global,DC=loc > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: Konrad Ochal (62056228) > sn: Ochal > > But when I run the id command again , it still shows no such user. > How to fix that ? >That proves the user exists, so download this script: https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh Run it on your Unix domain member then post the output. Rowland
Patrick Goetz
2021-Nov-02 08:55 UTC
[Samba] Not able to join Debian 10 to AD using winbind
Your output seems to be missing the "name" and "userPrincipalName" fields, in addition to quite a bit of other information. This is what I get when I run the same command in my test domain (I omitted the referrals at the end): root at samba-dc:~# sudo ldbsearch -H ldap://samba-dc.ea.linuxcs.com -P -b 'dc=ea,dc=linuxcs,dc=com' '(&(objectCategory=person)(objectClass=user)(sAMAccountName=mduffie))' # record 1 dn: CN=mduffy,OU=Users,OU=Episcopal Archives,DC=ea,DC=linuxcs,DC=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: user cn: mduffie instanceType: 4 whenCreated: 20211030134807.0Z uSNCreated: 4079 name: mduffy objectGUID: d0ba107f-0be3-4208-93a1-002f6f5d8209 badPwdCount: 0 codePage: 0 countryCode: 0 badPasswordTime: 0 lastLogoff: 0 lastLogon: 0 primaryGroupID: 513 objectSid: S-1-5-21-2398640129-655337111-1434392923-1103 logonCount: 0 sAMAccountName: mduffie sAMAccountType: 805306368 userPrincipalName: mduffie at ea.linuxcs.com objectCategory: CN=Person,CN=Schema,CN=Configuration,DC=ea,DC=linuxcs,DC=com pwdLastSet: 132800752872761420 userAccountControl: 66048 accountExpires: 0 memberOf: CN=ea-admins,OU=Groups,OU=Episcopal Archives,DC=ea,DC=linuxcs,DC=com whenChanged: 20211101142039.0Z uSNChanged: 4225 distinguishedName: CN=mduffie,OU=Users,OU=Episcopal Archives,DC=ea,DC=linuxcs,DC=com On 11/2/21 03:41, Sac Isilia via samba wrote:> Hi Rowland, > > The command given by you produced a long output of which few lines are > below. > > ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b > 'dc=emea,dc=media,dc=global,dc=loc' > '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02))' > WARNING: [printers] service MUST be printable! > # record 1 > dn: CN=Konrad Ochal (62056228),OU=Managed Users,OU=Standard Users,OU=User > Accounts,DC=emea,DC=media,DC=global,DC=loc > objectClass: top > objectClass: person > objectClass: organizationalPerson > objectClass: user > cn: Konrad Ochal (62056228) > sn: Ochal > > But when I run the id command again , it still shows no such user. How to > fix that ? > > Regards > Sachin Kumar > > On Tue, Nov 2, 2021 at 2:05 PM Rowland Penny via samba < > samba at lists.samba.org> wrote: > >> On Tue, 2021-11-02 at 13:39 +0530, Sac Isilia wrote: >>> Hi Rowland, >>> >>> Sorry for the late reply. Below are the requested details. >>> >>> What OS are you using on the DC ? - Windows Server 2016 >>> What version of Samba ? - 4.9.5 >>> OS Samba packages or self-compiled ? - Samba packages >>> What is the DC's short hostname ? - AZEUW1DCEM01 >>> What is the DC's ipaddress - 10.19.26.136 >>> >>> The same for your Unix domain member. >>> >>> What is your dns domain ? - emea.media.global.loc >>> What is your Netbios domain name (also known as the workgroup) ? >>> - EMEA-MEDIA >>> >>> A reminder on this issue - I was able to join the server to >>> domain EMEA-MEDIA but i am unable to id the domain users >>> >>> wbinfo -t >>> checking the trust secret for domain EMEA-MEDIA via RPC calls >>> succeeded >>> >>> id EMEA-MEDIA\\kochal02 >>> id: ?EMEA-MEDIA\\kochal02?: no such user >>> >> >> Please install ldb-tools (if not already installed), then run this >> command: >> >> sudo ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b >> 'dc=emea,dc=media,dc=global,dc=loc' >> '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02))' >> >> That should produce the AD object for 'kochal02' >> >> Rowland >> >> >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/samba >>
L.P.H. van Belle
2021-Nov-02 09:18 UTC
[Samba] Not able to join Debian 10 to AD using winbind
You need the raw link ;-) https://raw.githubusercontent.com/thctlo/samba4/master/samba-collect-debug-info.sh> -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens > Rowland Penny via samba > Verzonden: dinsdag 2 november 2021 9:52 > Aan: sambalist > Onderwerp: Re: [Samba] Not able to join Debian 10 to AD using winbind > > On Tue, 2021-11-02 at 14:11 +0530, Sac Isilia wrote: > > Hi Rowland, > > > > The command given by you produced a long output of which few lines > > are below. > > > > ldbsearch -H ldap://azeuw1dcem01.emea.media.global.loc -P -b > > 'dc=emea,dc=media,dc=global,dc=loc' > > > '(&(objectCategory=person)(objectClass=user)(sAMAccountName=kochal02) > > )' > > WARNING: [printers] service MUST be printable! > > # record 1 > > dn: CN=Konrad Ochal (62056228),OU=Managed Users,OU=Standard > > Users,OU=User Accounts,DC=emea,DC=media,DC=global,DC=loc > > objectClass: top > > objectClass: person > > objectClass: organizationalPerson > > objectClass: user > > cn: Konrad Ochal (62056228) > > sn: Ochal > > > > But when I run the id command again , it still shows no such user. > > How to fix that ? > > > > That proves the user exists, so download this script: > > https://github.com/thctlo/samba4/blob/master/samba-collect-debug-info.sh> > Run it on your Unix domain member then post the output. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba > >