Hi,
We are trying to test samba with AD join, But, it is giving below error in samb.log file. ...
Let me know how to fix the issue.
[2022/07/07 18:39:24.927453, 2] ../../source3/lib/tallocmsg.c:84(register_msg_pool_usage)
Registered MSG_REQ_POOL_USAGE
[2022/07/07 18:39:24.927890, 3] ../../lib/util/access.c:372(allow_access)
Allowed connection from 10.242.145.213 (10.242.145.213)
[2022/07/07 18:39:24.928408, 3] ../../source3/smbd/oplock.c:1427(init_oplocks)
init_oplocks: initializing messages.
[2022/07/07 18:39:24.928510, 3] ../../source3/smbd/process.c:1957(process_smb)
Transaction 0 of length 240 (0 toread)
[2022/07/07 18:39:24.928927, 3] ../../source3/smbd/smb2_negprot.c:293(smbd_smb2_request_process_negprot)
Selected protocol SMB3_11
[2022/07/07 18:39:24.930217, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'gssapi_spnego' registered
[2022/07/07 18:39:24.930247, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'gssapi_krb5' registered
[2022/07/07 18:39:24.930273, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'gssapi_krb5_sasl' registered
[2022/07/07 18:39:24.930299, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'spnego' registered
[2022/07/07 18:39:24.930325, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'schannel' registered
[2022/07/07 18:39:24.930351, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'naclrpc_as_system' registered
[2022/07/07 18:39:24.930377, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'sasl-EXTERNAL' registered
[2022/07/07 18:39:24.930404, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'ntlmssp' registered
[2022/07/07 18:39:24.930437, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'ntlmssp_resume_ccache' registered
[2022/07/07 18:39:24.930463, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'http_basic' registered
[2022/07/07 18:39:24.930490, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'http_ntlm' registered
[2022/07/07 18:39:24.930515, 3] ../../auth/gensec/gensec_start.c:1089(gensec_register)
GENSEC backend 'http_negotiate' registered
[2022/07/07 18:39:24.978304, 3] ../../source3/winbindd/winbindd_misc.c:433(winbindd_interface_version)
winbindd_interface_version: [<unknown> (6619598)]: request interface version (version = 31)
[2022/07/07 18:39:24.978466, 3] ../../source3/winbindd/winbindd_misc.c:471(winbindd_priv_pipe_dir)
winbindd_priv_pipe_dir: [<unknown> (6619598)]: request location of privileged pipe
[2022/07/07 18:39:24.978527, 3] ../../source3/winbindd/winbindd_misc.c:484(winbindd_priv_pipe_dir)
winbindd_priv_pipe_dir: [<unknown> (6619598)]: response location of privileged pipe: (NULL)
[2022/07/07 18:39:24.979099, 3] ../../auth/kerberos/kerberos_pac.c:415(kerberos_decode_pac)
Found account name from PAC: rahmanm [Rahman, Mizanur]
[2022/07/07 18:39:24.981737, 3] ../../source3/winbindd/winbindd_getpwnam.c:62(winbindd_getpwnam_send)
winbindd_getpwnam_send: [<unknown> (6619598)] getpwnam hdmc\rahmanm
[2022/07/07 18:39:24.986534, 3] ../../source3/winbindd/winbindd_getpwnam.c:62(winbindd_getpwnam_send)
winbindd_getpwnam_send: [<unknown> (6619598)] getpwnam HDMC\rahmanm
[2022/07/07 18:39:24.987227, 3] ../../source3/winbindd/winbindd_getpwnam.c:62(winbindd_getpwnam_send)
winbindd_getpwnam_send: [<unknown> (6619598)] getpwnam HDMC\RAHMANM
[2022/07/07 18:39:24.987751, 0] ../../source3/auth/auth_util.c:1914(check_account)
check_account: Failed to convert SID S-1-5-21-117609710-1482476501-1801674531-1899368 to a UID (dom_user[HDMC\rahmanm])
[2022/07/07 18:39:24.987896, 3] ../../source3/smbd/smb2_server.c:3861(smbd_smb2_request_error_ex)
smbd_smb2_request_error_ex: smbd_smb2_request_error_ex: idx[1] status[NT_STATUS_LOGON_FAILURE] || at ../../source3/smbd/smb2_sesssetup.c:146
[2022/07/07 18:39:25.030099, 3] ../../source3/smbd/server_exit.c:240(exit_server_common)
Server exit (NT_STATUS_CONNECTION_RESET)
[2022/07/07 18:39:26.418186, 3] ../../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 10.240.96.191 on subnet 10.240.96.252 for name HDLPFILE01V1<20>
[2022/07/07 18:39:26.418353, 3] ../../source3/nmbd/nmbd_incomingrequests.c:459(process_name_query_request)
process_name_query_request: Name query from 10.240.96.191 on subnet 10.240.96.252 for name HDLPFILE01V1<20>
/ #
# oslevel -s
7200-05-04-2220
/ # rpm -qs |grep samba
rpm: no arguments given for query
testlpm2:/ #
testlpm2:/ #
testlpm2:/ # oslevel -s
7200-05-04-2220
testlpm2:/ #
testlpm2:/ #
testlpm2:/ # rpm -qa |grep samba
samba-client-4.14.12-1.ppc
samba-devel-4.14.12-1.ppc
samba-winbind-4.14.12-1.ppc
samba-4.14.12-1.ppc
samba-test-4.14.12-1.ppc
samba-winbind-krb5-locator-4.14.12-1.ppc
samba-common-4.14.12-1.ppc
samba-libs-4.14.12-1.ppc
samba-winbind-clients-4.14.12-1.ppc
samba-test-libs-4.14.12-1.ppc
samba-python3-4.14.12-1.ppc
samba-winbind-devel-4.14.12-1.ppc
samba-pidl-4.14.12-1.ppc
/ #
Here is our smb.conf file...
# cat /etc/samba/smb.conf
[global]
security = ADS
workgroup = HDMC
realm = HDMC.HARLEY-DAVIDSON.COM
log file = /var/log/samba/samba.log
log level = 3
dos filemode = yes
template shell = /bin/bash
template homedir = /home/%U
socket options = TCP_NODELAY SO_KEEPALIVE TCP_KEEPIDLE=240 TCP_KEEPCNT=4 TCP_KEEPINTVL=15
idmap config * : backend = tdb
idmap config * : range = 3000-7999
idmap config HDMC : backend = rid
idmap config HDMC : range = 10000-99999999
[tmp]
path = /tmp
valid users = @staff
read only = no
vfs objects = aixacl2
/ #
/#cat /etc/methods.cfg
WINBIND:
program = /usr/lib/security/WINBIND
program_64 = /usr/lib/security/WINBIND_64
options = authonly
NIS:
program = /usr/lib/security/NIS
program_64 = /usr/lib/security/NIS_64
DCE:
program = /usr/lib/security/DCE
KRB5:
program = /usr/lib/security/KRB5
program_64 = /usr/lib/security/KRB5_64
options = authonly,is_kadmind_compat=no
KRB5files:
options = db=BUILTIN,auth=KRB5
#
# ps -ef |grep samba
root 5046710 1 0 Jun 20 - 1:17 /opt/freeware/sbin/nmbd -D -s /etc/samba/smb.conf
root 6160854 1 0 Jun 20 - 0:00 /opt/freeware/sbin/smbd -D -s /etc/samba/smb.conf
root 7078222 7340516 0 Jun 20 - 0:02 /opt/freeware/sbin/winbindd -s /etc/samba/smb.conf
root 7143916 6160854 0 Jun 20 - 0:00 /opt/freeware/sbin/smbd -D -s /etc/samba/smb.conf
root 7209446 6160854 0 Jun 20 - 0:00 /opt/freeware/sbin/smbd -D -s /etc/samba/smb.conf
root 7340516 1 0 Jun 20 - 0:03 /opt/freeware/sbin/winbindd -s /etc/samba/smb.conf
root 7471596 6160854 0 Jun 20 - 0:00 /opt/freeware/sbin/smbd -D -s /etc/samba/smb.conf
root 7602674 7340516 0 Jun 20 - 0:04 /opt/freeware/sbin/winbindd -s /etc/samba/smb.conf
#:/opt/freeware/sbin # smbstatus
Samba version 4.14.12
PID Username Group Machine Protocol Version Encryption Signing
----------------------------------------------------------------------------------------------------------------------------------------
Service pid Machine Connected at Encryption Signing
---------------------------------------------------------------------------------------------
No locked files
:/opt/freeware/sbin # smbclient -L //testlpm2/tmp
Enter HDMC\root's password:
Anonymous login successful
Sharename Type Comment
--------- ---- -------
tmp Disk
IPC$ IPC IPC Service (Samba 4.14.12)
SMB1 disabled -- no workgroup available
:/opt/freeware/sbin #
# cat /etc/krb5/krb5.conf
[libdefaults]
default_realm = HDMC.HARLEY-DAVIDSON.COM
default_keytab_name = FILE:/etc/krb5/krb5.keytab
default_tkt_enctypes = des3-cbc-sha1 aes256-cts aes128-cts arcfour-hmac des-cbc-md5 des-cbc-crc aes128-cts
default_tgs_enctypes = des3-cbc-sha1 aes256-cts aes128-cts arcfour-hmac des-cbc-md5 des-cbc-crc aes128-cts
[realms]
HDMC.HARLEY-DAVIDSON.COM = {
kdc = HDWPADDS01.hdmc.harley-davidson.com:88
admin_server = HDWPADDS01.hdmc.harley-davidson.com:749
default_domain = HDMC.HARLEY-DAVIDSON.COM
}
[domain_realm]
.HDMC.HARLEY-DAVIDSON.COM = HDMC.HARLEY-DAVIDSON.COM
HDWPADDS01.hdmc.harley-davidson.com = HDMC.HARLEY-DAVIDSON.COM
[logging]
kdc = FILE:/var/krb5/log/krb5kdc.log
admin_server = FILE:/var/krb5/log/kadmin.log
default = FILE:/var/krb5/log/krb5lib.log
/ #
# wbinfo --name-to-sid rahmanm
S-1-5-21-117609710-1482476501-1801674531-1899368 SID_USER (1)
# ls -la /usr/lib/security/WINBIND
lrwxrwxrwx 1 root system 28 Jul 6 15:35 /usr/lib/security/WINBIND -> /opt/freeware/lib/WINBIND.so
testlpm2:/opt/freeware/lib #
/etc/security/user (in particular SYSTEM and registry option)
default:
admin = false
login = true
su = true
daemon = true
rlogin = true
sugroups =
admgroups =
ttys = ALL
auth1 = SYSTEM
auth2 = NONE
tpath = nosak
umask = 022
expires = 0
SYSTEM = "WINBIND or compat"
registry = WINBIND
Thanks,
HD Team
------------------------------
Harley AIX
------------------------------