samba - Nov 2024 - First Linux Machine Domain Join

On 11/16/24 11:59, Rowland Penny via samba wrote:
> Samba doesn't start any daemons on a Unix domain member, you have to do
> it yourself.
I did. My Gentoo samba service scripts starts smbd and nmbd. Oh. Ugh. 
Sorry. Found an untweaked option in the samba service script 
configuration file--that I had apparently known about while setting up 
the AD DC--which was necessary to start winbindd. It's now running, and 
the wbinfo and getent utilities are now behaving better:

 ??? terra ~ # wbinfo --ping-dc
 ??? checking the NETLOGON for domain[HOME] dc connection to 
"ceres.home.graham-family.org" succeeded
terra ~ # getent passwd SAMDOM\\jgraham 
HOME\jgraham:*:10000:11001::/home/jgraham:/bin/bash
>> Sorry but that is incorrect, it should be 'security = ADS'
Thanks; fixed.

I've been following the Samba Member Server Troubleshooting wiki page 
and have resolved almost everything. The only thing I've got at the 
moment that's undiagnosed is getting the domain join to be completely 
clean:

terra ~ # net ads leave -U Administrator Deleted account for 'TERRA' in 
realm 'SAMDOM.EXAMPLE.COM terra ~ # net ads join -U Administrator Using 
short domain name -- SAMDOM Joined 'TERRA' to dns domain 
'samdom.example.com' DNS Update for terra.samdom.example.com failed: 
ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL

/var/log/samba/log.winbindd shows:

[2024/11/16 15:18:03.248389, 1] 
../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) 
Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER [2024/11/16 
15:18:03.248560, 1] 
../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done) 
Failed with NT_STATUS_NO_SUCH_USER.
> That is usually caused by a mis-configuration of /etc/hosts.
My /etc/hosts is, I think, exactly correct:

127.0.0.1 localhost ::1 localhost

(Note that this machine uses dhcpcd to get its IP address and the 
contents of /etc/resolv.conf.)

- John

Typo corrected below.

On 11/16/24 15:44, John R. Graham via samba wrote:
> On 11/16/24 11:59, Rowland Penny via samba wrote:
>> Samba doesn't start any daemons on a Unix domain member, you have
to do
>> it yourself.
>
> I did. My Gentoo samba service scripts starts smbd and nmbd. Oh. Ugh. 
> Sorry. Found an untweaked option in the samba service script 
> configuration file--that I had apparently known about while setting up 
> the AD DC--which was necessary to start winbindd. It's now running, 
> and the wbinfo and getent utilities are now behaving better:
>
> ??? terra ~ # wbinfo --ping-dc
> ??? checking the NETLOGON for domain[HOME] dc connection to 
> "ceres.home.graham-family.org" succeeded
> terra ~ # getent passwd SAMDOM\\jgraham 
> HOME\jgraham:*:10000:11001::/home/jgraham:/bin/bash
>
>>> Sorry but that is incorrect, it should be 'security = ADS'
>
> Thanks; fixed.
>
> I've been following the Samba Member Server Troubleshooting wiki page 
> and have resolved almost everything. The only thing I've got at the 
> moment that's undiagnosed is getting the domain join to be completely 
> clean:
>
> terra ~ # net ads leave -U Administrator Deleted account for
'TERRA'
> in realm 'SAMDOM.EXAMPLE.COM terra ~ # net ads join -U Administrator 
> Using short domain name -- SAMDOM Joined 'TERRA' to dns domain 
> 'samdom.example.com' DNS Update for terra.samdom.example.com
failed:
> ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL
>
> /var/log/samba/log.winbindd shows:
>
> [2024/11/16 15:18:03.248389, 1] 
> ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) 
> Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER [2024/11/16 
> 15:18:03.248560, 1] 
>
../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done)
> Failed with NT_STATUS_NO_SUCH_USER.
>
>> That is usually caused by a mis-configuration of /etc/hosts.
> My /etc/hosts is, I think, exactly correct:
>
> 127.0.0.1 localhost
> ::1 localhost
>
> (Note that this machine uses dhcpcd to get its IP address and the 
> contents of /etc/resolv.conf.)
>
> - John

On Sat, 16 Nov 2024 15:44:12 -0500
"John R. Graham via samba" <samba at lists.samba.org> wrote:
> On 11/16/24 11:59, Rowland Penny via samba wrote:
> > Samba doesn't start any daemons on a Unix domain member, you have
> > to do it yourself.
> 
> I did. My Gentoo samba service scripts starts smbd and nmbd. Oh. Ugh. 
It isn't really required to run nmbd now, it is the NetBIOS deamon and
isn't really used. You just need to start the smbd and winbindd deamons.
> Sorry. Found an untweaked option in the samba service script 
> configuration file--that I had apparently known about while setting
> up the AD DC--which was necessary to start winbindd. It's now
> running, and the wbinfo and getent utilities are now behaving better:
> 
>  ??? terra ~ # wbinfo --ping-dc
>  ??? checking the NETLOGON for domain[HOME] dc connection to 
> "ceres.home.graham-family.org" succeeded
> terra ~ # getent passwd SAMDOM\\jgraham 
> HOME\jgraham:*:10000:11001::/home/jgraham:/bin/bash
> 
> >> Sorry but that is incorrect, it should be 'security = ADS'
> 
> Thanks; fixed.
> 
> I've been following the Samba Member Server Troubleshooting wiki page 
> and have resolved almost everything. The only thing I've got at the 
> moment that's undiagnosed is getting the domain join to be completely 
> clean:
> 
> terra ~ # net ads leave -U Administrator Deleted account for
'TERRA'
> in realm 'SAMDOM.EXAMPLE.COM terra ~ # net ads join -U Administrator
> Using short domain name -- SAMDOM Joined 'TERRA' to dns domain 
> 'samdom.example.com' DNS Update for terra.samdom.example.com
failed:
> ERROR_DNS_UPDATE_FAILED DNS update failed: NT_STATUS_UNSUCCESSFUL
> 
> /var/log/samba/log.winbindd shows:
> 
> [2024/11/16 15:18:03.248389, 1] 
> ../../source3/winbindd/winbindd_getpwuid.c:118(winbindd_getpwuid_recv) 
> Could not convert sid S-0-0: NT_STATUS_NO_SUCH_USER [2024/11/16 
> 15:18:03.248560, 1] 
>
../../source3/winbindd/winbindd_getpwuid.c:83(winbindd_getpwuid_uid2sid_done)
> Failed with NT_STATUS_NO_SUCH_USER.
> 
> > That is usually caused by a mis-configuration of /etc/hosts.
> My /etc/hosts is, I think, exactly correct:
> 
> 127.0.0.1 localhost ::1 localhost
> 
> (Note that this machine uses dhcpcd to get its IP address and the 
> contents of /etc/resolv.conf.)
If by 'dhcpcd' you mean dhcpdc5, then I could never get that to work, I
always removed it, but you might.

What should work (well it does on Debian), 'hostname -s' should produce
the computers short hostname, 'hostname -d' should produce the dns
domain name, 'hostname -i' should produce the computers ipaddress (but
could possibly give 127.0.0.1), 'hostname -I' should also produce the
ipaddress (but could give more)

Rowland