thr3ads.net - samba - [Samba] Users appears as SID instead of their own name. [Jun 2024]

If this information is useful, please help other people find it:
Share via:

Josep Maria Gorro

2024-Jun-15 10:52 UTC

[Samba] Users appears as SID instead of their own name.

Helo Rowland.

I think I won't be able to thank you enough for everything you are doing 
for me.

I've tried and seems to run fine. But finally it throws an error and 
performs a rollback for all changes on AD.
This is the transcript for the messages.

    root at montsec:/usr/local/samba/etc# samba-tool domain join DOMAINNAME
    DC -U"administrator"
    INFO 2024-06-15 10:28:20,881 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/join.py #104:
    Finding a writeable DC for domain 'DOMAINNAME'
    INFO 2024-06-15 10:28:20,966 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/join.py #106:
    Found DC tibidabo.domainname.lan
    Password for [DOMAINNAME\administrator]:
    INFO 2024-06-15 10:28:33,460 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1605:
    workgroup is DOMAINNAME
    INFO 2024-06-15 10:28:33,460 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1608:
    realm is domainname.lan
    Adding CN=MONTSEC,OU=Domain Controllers,DC=domainname,DC=lan
    Adding
   
CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
    Adding CN=NTDS
   
Settings,CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
    Adding SPNs to CN=MONTSEC,OU=Domain Controllers,DC=domainname,DC=lan
    Setting account password for MONTSEC$
    Enabling account
    Calling bare provision
    INFO 2024-06-15 10:28:34,333 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2110: Looking up IPv4 addresses
    INFO 2024-06-15 10:28:34,333 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2127: Looking up IPv6 addresses
    WARNING 2024-06-15 10:28:34,334 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2134: No IPv6 address will be assigned
    INFO 2024-06-15 10:28:34,641 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2300: Setting up share.ldb
    INFO 2024-06-15 10:28:34,668 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2304: Setting up secrets.ldb
    INFO 2024-06-15 10:28:34,680 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2309: Setting up the registry
    INFO 2024-06-15 10:28:34,702 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2312: Setting up the privileges database
    INFO 2024-06-15 10:28:34,715 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2315: Setting up idmap db
    INFO 2024-06-15 10:28:34,725 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2322: Setting up SAM db
    INFO 2024-06-15 10:28:34,729 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #882: Setting up sam.ldb partitions and settings
    INFO 2024-06-15 10:28:34,730 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #894: Setting up sam.ldb rootDSE
    INFO 2024-06-15 10:28:34,732 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #1310: Pre-loading the Samba 4 and AD schema
    Unable to determine the DomainSID, can not enforce uniqueness
    constraint on local domainSIDs

    INFO 2024-06-15 10:28:34,767 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2412: A Kerberos configuration suitable for Samba AD has been
    generated at /usr/local/samba/private/krb5.conf
    INFO 2024-06-15 10:28:34,767 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
    #2414: Merge the contents of this file with your system krb5.conf or
    replace it with this one. Do not create a symlink!
    Provision OK for domain DN DC=domainname,DC=lan
    INFO 2024-06-15 10:28:34,769 pid:27560
    /usr/local/samba/lib/python3.10/site-packages/samba/join.py #964:
    Starting replication
    Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
    objects[402/1550] linked_values[0/0]
    Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
    objects[804/1550] linked_values[0/0]
    Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
    objects[1206/1550] linked_values[0/0]
    Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
    objects[1550/1550] linked_values[0/0]
    Analyze and apply schema objects
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[402/1648]
    linked_values[0/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[804/1648]
    linked_values[0/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[1206/1648]
    linked_values[0/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[1608/1648]
    linked_values[0/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[1648/1648]
    linked_values[64/64]
    Failed to commit objects: WERR_DS_DRA_RECYCLED_TARGET
    Missing target object - retrying with DRS_GET_TGT
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[2050/1648]
    linked_values[64/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[2452/1648]
    linked_values[64/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[2854/1648]
    linked_values[64/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[3256/1648]
    linked_values[64/1]
    Partition[CN=Configuration,DC=domainname,DC=lan] objects[3296/1648]
    linked_values[128/64]
    Replicating critical objects from the base DN of the domain
    Partition[DC=domainname,DC=lan] objects[97/97] linked_values[29/29]
    Partition[DC=domainname,DC=lan] objects[402/484] linked_values[0/290]
    Partition[DC=domainname,DC=lan] objects[484/484] linked_values[338/338]
    Done with always replicated NC (base, config, schema)
    Replicating DC=DomainDnsZones,DC=domainname,DC=lan
    Join failed - cleaning up
    Deleted CN=MONTSEC,OU=Domain Controllers,DC=domainname,DC=lan
    Deleted CN=NTDS
   
Settings,CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
    Deleted
   
CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
    ERROR(runtime): uncaught exception - (8442,
    'WERR_DS_DRA_INTERNAL_ERROR')
     ? File
   
"/usr/local/samba/lib/python3.10/site-packages/samba/netcmd/__init__.py",
    line 285, in _run
     ??? return self.run(*args, **kwargs)
     ? File
   
"/usr/local/samba/lib/python3.10/site-packages/samba/netcmd/domain/join.py",
    line 128, in run
     ??? join_DC(logger=logger, server=server, creds=creds, lp=lp,
    domain=domain,
     ? File
    "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
    1621, in join_DC
     ??? ctx.do_join()
     ? File
    "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
    1511, in do_join
     ??? ctx.join_replicate()
     ? File
    "/usr/local/samba/lib/python3.10/site-packages/samba/join.py",
line
    1055, in join_replicate
     ??? repl.replicate(nc, source_dsa_invocation_id,
     ? File
   
"/usr/local/samba/lib/python3.10/site-packages/samba/drs_utils.py",
    line 358, in replicate
     ??? (level, ctr) = self.drs.DsGetNCChanges(self.drs_handle,
    req_level, req)

The /usr/local/samba/etc/smb.conf file contents is like this:

    # Global parameters
    [global]
     ??????? netbios name = MONTSEC
     ??????? realm = DOMAINNAME.LAN
     ??????? workgroup = DOMAINNAME
     ??????? dns forwarder = 80.58.61.250 80.58.61.250
     ??????? server role = active directory domain controller
     ??????? idmap_ldb:use rfc2307 = yes
    #?????? ldap server require strong auth = no

    [netlogon]
     ??????? path = /usr/local/samba/var/locks/sysvol/domainname.lan/scripts
     ??????? read only = No

    [sysvol]
     ??????? path = /usr/local/samba/var/locks/sysvol
     ??????? read only = No

Only I can see a possible issue. The new server is running at UTC, while 
current AD server runs at CEST. For this I changed TZ properly and 
launched again the samba-tool joining. Same result.

Also I can see some krb5 messages. For your info, the current AD server 
is using this krb5.conf file

    [libdefaults]
     ??????? default_realm = DOMAINNAME.LAN
     ??????? dns_lookup_realm = false
     ??????? dns_lookup_kdc = true


And the new one, that has been created automatically, is this one:

    [libdefaults]
     ??????? default_realm = DOMAINNAME.LAN
     ??????? dns_lookup_realm = false
     ??????? dns_lookup_kdc = true

    [realms]
    DOMAINNAME.LAN = {
     ??????? default_domain = domainname.lan
    }

    [domain_realm]
     ??????? MONTSEC = DOMAINNAME.LAN



Regarding European support you're right. I'm waiting for a Sernet 
response. I sent them a mail requesting support.

Thanks a lot.



El 15/06/2024 a las 11:53, Rowland Penny via samba
escribi?:> On Sat, 15 Jun 2024 11:11:09 +0200
> Josep Maria Gorro via samba<samba at lists.samba.org>  wrote:
>
>> Helo Rowland
>>
>> Thanks for your response.
>>
>> I'm using Centos7 as AD server.
>> At this time I'm trying to compile another server with Ubuntu 22.04
>> and Samba 4.20.1.
> Can I suggest Debian bookworm with Samba from backports instead, this
> will get you a very recent version of Samba.
>
>> I'm thinking to merge it as an AD on current
>> domain. If this runs I'll try to move FSMO from old to new.
>> Finally I'll demote old one.
>> Hope this will run and solve the issue.
> Worth trying, but if it does fail, then we need any and all error
> messages to try and help you.
>
>> Regarding support, I checked samba.org page for companies in Spain.
>> As anyone gives me reply, I started to locate other companies
>> worldwide. At this time I sent a request to another one (waiting for
>> reply). It will be useful if you can give me some choices. Better to
>> be on a similar time zone to be available at same time.
>>
> All I can suggest is that you try some of the local countries, perhaps
> Sernet in Germany.
>
> Rowland
>
-- 
------------------------------------------------------------------------
Josep M. Gorro <mailto:jmgorro at gmail.com>
*Systems engineer*

-- 
Este correo electr?nico ha sido analizado en busca de virus por el software
antivirus de Avast.
www.avast.com

Rowland Penny

2024-Jun-15 11:12 UTC

head link

[Samba] Users appears as SID instead of their own name.

On Sat, 15 Jun 2024 12:52:10 +0200
Josep Maria Gorro via samba <samba at lists.samba.org> wrote:
> Helo Rowland.
> 
> I think I won't be able to thank you enough for everything you are
> doing for me.
> 
> I've tried and seems to run fine. But finally it throws an error and 
> performs a rollback for all changes on AD.
> This is the transcript for the messages.
> 
>     root at montsec:/usr/local/samba/etc# samba-tool domain join
> DOMAINNAME DC -U"administrator"
>     INFO 2024-06-15 10:28:20,881 pid:27560
>     /usr/local/samba/lib/python3.10/site-packages/samba/join.py #104:
>     Finding a writeable DC for domain 'DOMAINNAME'
>     INFO 2024-06-15 10:28:20,966 pid:27560
>     /usr/local/samba/lib/python3.10/site-packages/samba/join.py #106:
>     Found DC tibidabo.domainname.lan
>     Password for [DOMAINNAME\administrator]:
>     INFO 2024-06-15 10:28:33,460 pid:27560
>     /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1605:
>     workgroup is DOMAINNAME
>     INFO 2024-06-15 10:28:33,460 pid:27560
>     /usr/local/samba/lib/python3.10/site-packages/samba/join.py #1608:
>     realm is domainname.lan
>     Adding CN=MONTSEC,OU=Domain Controllers,DC=domainname,DC=lan
>     Adding
>    
CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
>     Adding CN=NTDS
>    
Settings,CN=MONTSEC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domainname,DC=lan
>     Adding SPNs to CN=MONTSEC,OU=Domain
> Controllers,DC=domainname,DC=lan Setting account password for MONTSEC$
>     Enabling account
>     Calling bare provision
>     INFO 2024-06-15 10:28:34,333 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2110: Looking up IPv4 addresses
>     INFO 2024-06-15 10:28:34,333 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2127: Looking up IPv6 addresses
>     WARNING 2024-06-15 10:28:34,334 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2134: No IPv6 address will be assigned
>     INFO 2024-06-15 10:28:34,641 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2300: Setting up share.ldb
>     INFO 2024-06-15 10:28:34,668 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2304: Setting up secrets.ldb
>     INFO 2024-06-15 10:28:34,680 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2309: Setting up the registry
>     INFO 2024-06-15 10:28:34,702 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2312: Setting up the privileges database
>     INFO 2024-06-15 10:28:34,715 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2315: Setting up idmap db
>     INFO 2024-06-15 10:28:34,725 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2322: Setting up SAM db
>     INFO 2024-06-15 10:28:34,729 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #882: Setting up sam.ldb partitions and settings
>     INFO 2024-06-15 10:28:34,730 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #894: Setting up sam.ldb rootDSE
>     INFO 2024-06-15 10:28:34,732 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #1310: Pre-loading the Samba 4 and AD schema
>     Unable to determine the DomainSID, can not enforce uniqueness
>     constraint on local domainSIDs
> 
>     INFO 2024-06-15 10:28:34,767 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2412: A Kerberos configuration suitable for Samba AD has been
>     generated at /usr/local/samba/private/krb5.conf
>     INFO 2024-06-15 10:28:34,767 pid:27560
>    
/usr/local/samba/lib/python3.10/site-packages/samba/provision/__init__.py
>     #2414: Merge the contents of this file with your system krb5.conf
> or replace it with this one. Do not create a symlink!
>     Provision OK for domain DN DC=domainname,DC=lan
>     INFO 2024-06-15 10:28:34,769 pid:27560
>     /usr/local/samba/lib/python3.10/site-packages/samba/join.py #964:
>     Starting replication
>     Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>     objects[402/1550] linked_values[0/0]
>     Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>     objects[804/1550] linked_values[0/0]
>     Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>     objects[1206/1550] linked_values[0/0]
>     Schema-DN[CN=Schema,CN=Configuration,DC=domainname,DC=lan]
>     objects[1550/1550] linked_values[0/0]
>     Analyze and apply schema objects
>     Partition[CN=Configuration,DC=domainname,DC=lan] objects[402/1648]
>     linked_values[0/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan] objects[804/1648]
>     linked_values[0/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[1206/1648] linked_values[0/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[1608/1648] linked_values[0/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[1648/1648] linked_values[64/64]
>     Failed to commit objects: WERR_DS_DRA_RECYCLED_TARGET
>     Missing target object - retrying with DRS_GET_TGT
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[2050/1648] linked_values[64/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[2452/1648] linked_values[64/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[2854/1648] linked_values[64/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[3256/1648] linked_values[64/1]
>     Partition[CN=Configuration,DC=domainname,DC=lan]
> objects[3296/1648] linked_values[128/64]
>     Replicating critical objects from the base DN of the domain
>     Partition[DC=domainname,DC=lan] objects[97/97]
> linked_values[29/29] Partition[DC=domainname,DC=lan] objects[402/484]
> linked_values[0/290] Partition[DC=domainname,DC=lan] objects[484/484]
> linked_values[338/338] Done with always replicated NC (base, config,
> schema) Replicating DC=DomainDnsZones,DC=domainname,DC=lan
Where did your domain come from ?
Did it start as a Samba domain that you provisioned, or was it upgraded
from an early Microsoft domain ?

 >     Join failed - cleaning up
Anything after the above line is an artefact of the failure and can be
ignored.
>
> Regarding European support you're right. I'm waiting for a Sernet 
> response. I sent them a mail requesting support.
> 
You should be in good hands with Sernet, quite a few of the Samba team
are employed there.

Rowland

Possibly Parallel Threads

Search for more maybe matching threads

samba - Jun 2024 - Users appears as SID instead of their own name.

[Samba] Users appears as SID instead of their own name.

[Samba] Users appears as SID instead of their own name.

Possibly Parallel Threads