Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[Samba] [SAMBA] Net groupmap list strange result
960 views
Skip to first unread message
Elias Pereira
Dec 22, 2014, 9:10:05 AM12/22/14
to
Guys,
In my lab test when I run the command "net groupmap list" the result is as
follows:
*# net groupmap list*
*Domain Admins (S-1-5-21-187220369-3628530160-3539241734-512) -> 512*
*Domain Users (S-1-5-21-187220369-3628530160-3539241734-513) -> 513*
*Domain Guests (S-1-5-21-187220369-3628530160-3539241734-514) -> 514*
*Domain Computers (S-1-5-21-187220369-3628530160-3539241734-515) -> 515*
I believe that would have to be like this:
*# net groupmap list*
*Domain Admins (S-1-5-21-187220369-3628530160-3539241734-512) -> Domain
Admins*
*Domain Users (S-1-5-21-187220369-3628530160-3539241734-513) -> Domain
Users*
*Domain Guests (S-1-5-21-187220369-3628530160-3539241734-514) -> Domain
Guests*
*Domain Computers (S-1-5-21-187220369-3628530160-3539241734-515) -> Domain
Computers*
Any idea what could have happened?
Att.
--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
In my lab test when I run the command "net groupmap list" the result is as
follows:
*# net groupmap list*
*Domain Admins (S-1-5-21-187220369-3628530160-3539241734-512) -> 512*
*Domain Users (S-1-5-21-187220369-3628530160-3539241734-513) -> 513*
*Domain Guests (S-1-5-21-187220369-3628530160-3539241734-514) -> 514*
*Domain Computers (S-1-5-21-187220369-3628530160-3539241734-515) -> 515*
I believe that would have to be like this:
*# net groupmap list*
*Domain Admins (S-1-5-21-187220369-3628530160-3539241734-512) -> Domain
Admins*
*Domain Users (S-1-5-21-187220369-3628530160-3539241734-513) -> Domain
Users*
*Domain Guests (S-1-5-21-187220369-3628530160-3539241734-514) -> Domain
Guests*
*Domain Computers (S-1-5-21-187220369-3628530160-3539241734-515) -> Domain
Computers*
Any idea what could have happened?
Att.
--
Elias Pereira
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
Elias Pereira
Dec 22, 2014, 12:50:03 PM12/22/14
to
And now, I run the command "samba-tool user list" and the result is as
follows:
*# samba-tool user list*
*ldb_wrap open of secrets.ldb*
*Could not find machine account in secrets database: Failed to fetch
machine account password from secrets.ldb: Could not find entry to match
filter: '(&(flatname=POA)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: (null) and failed to fetch
SECRETS/MACHINE_PASSWORD/POA from /var/lib/samba/private/secrets.tdb:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO*
*ERROR(ldb): uncaught exception - ldb_search: invalid basedn '(null)'*
* File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run*
* return self.run(*args, **kwargs)*
* File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line 271,
in run*
* attrs=["samaccountname"])*
follows:
*# samba-tool user list*
*ldb_wrap open of secrets.ldb*
*Could not find machine account in secrets database: Failed to fetch
machine account password from secrets.ldb: Could not find entry to match
filter: '(&(flatname=POA)(objectclass=primaryDomain))' base: 'cn=Primary
Domains': No such object: (null) and failed to fetch
SECRETS/MACHINE_PASSWORD/POA from /var/lib/samba/private/secrets.tdb:
NT_STATUS_CANT_ACCESS_DOMAIN_INFO*
*ERROR(ldb): uncaught exception - ldb_search: invalid basedn '(null)'*
* File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
175, in _run*
* return self.run(*args, **kwargs)*
* File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line 271,
in run*
* attrs=["samaccountname"])*
Rowland Penny
Dec 22, 2014, 1:50:03 PM12/22/14
to
version and what is in your smb.conf.
Rowland
Elias Pereira
Dec 22, 2014, 2:10:04 PM12/22/14
to
Hi, i'm running the samba as "classic primary domain controller" in my lab
test.
In my lab tests, at first everything seems to be working properly.
1. I set the Samba4 as "classic primary domain controller." *smb.conf in
the pastebin link*.
2. I set up an external ldap, with the equal ldif base what we have in
production here on campus.
3. I set up an bind9 as DNS server.
I tried to enter a machine with windows xp in the domain. When was shown
the login and password window, I put the login and password of a user who
is in the ldap base, and there was the error that the "Error while trying
to domain join "poa" Logon failure: unknown user name or bad password".
So, I tried a few things, but without success.
When I tried to run the commands mentioned above, as seen, more mistakes
happen. :(
http://pastebin.com/raw.php?i=3mUJB9fA
On Mon, Dec 22, 2014 at 4:41 PM, Rowland Penny <rowlan...@googlemail.com>
wrote:
--
Elias Pereira
test.
In my lab tests, at first everything seems to be working properly.
1. I set the Samba4 as "classic primary domain controller." *smb.conf in
the pastebin link*.
2. I set up an external ldap, with the equal ldif base what we have in
production here on campus.
3. I set up an bind9 as DNS server.
I tried to enter a machine with windows xp in the domain. When was shown
the login and password window, I put the login and password of a user who
is in the ldap base, and there was the error that the "Error while trying
to domain join "poa" Logon failure: unknown user name or bad password".
So, I tried a few things, but without success.
When I tried to run the commands mentioned above, as seen, more mistakes
happen. :(
http://pastebin.com/raw.php?i=3mUJB9fA
On Mon, Dec 22, 2014 at 4:41 PM, Rowland Penny <rowlan...@googlemail.com>
wrote:
Elias Pereira
Rowland Penny
Dec 22, 2014, 2:20:03 PM12/22/14
to
On 22/12/14 19:02, Elias Pereira wrote:
> Hi, i'm running the samba as "classic primary domain controller" in my
> lab test.
>
> In my lab tests, at first everything seems to be working properly.
>
> 1. I set the Samba4 as "classic primary domain controller." */smb.conf
> Hi, i'm running the samba as "classic primary domain controller" in my
> lab test.
>
> In my lab tests, at first everything seems to be working properly.
>
> in the pastebin link/*.
> 2. I set up an external ldap, with the equal ldif base what we have in
> production here on campus.
> 3. I set up an bind9 as DNS server.
>
> I tried to enter a machine with windows xp in the domain. When was
> shown the login and password window, I put the login and password of a
> user who is in the ldap base, and there was the error that the "Error
> while trying to domain join "poa" Logon failure: unknown user name or
> bad password".
>
> So, I tried a few things, but without success.
>
> When I tried to run the commands mentioned above, as seen, more
> mistakes happen. :(
>
OK, stupid question first, have you run 'smbpasswd -w' and supplied the
> production here on campus.
> 3. I set up an bind9 as DNS server.
>
> I tried to enter a machine with windows xp in the domain. When was
> shown the login and password window, I put the login and password of a
> user who is in the ldap base, and there was the error that the "Error
> while trying to domain join "poa" Logon failure: unknown user name or
> bad password".
>
> So, I tried a few things, but without success.
>
> When I tried to run the commands mentioned above, as seen, more
> mistakes happen. :(
>
ldap admin passwd ?
Also, you cannot use samba-tool with a classic domain control, it is for
the Active Directory domain controller.
Rowland
Elias Pereira
Dec 22, 2014, 4:00:03 PM12/22/14
to
No stupid question. For me there is not. Better to ask than to stay with
the doubt.
I believe that had not used this command, but now I have.
But I am still with the error:
"Error while trying to join domain" poa "Logon failure: unknown user name
or bad password."
About the results of the command "net groupmap list", you would have any
tips on how I can solve this problem?
And one more question. :D
You took one look at my smb.conf?
On Mon, Dec 22, 2014 at 6:11 PM, Elias Pereira <empb...@gmail.com> wrote:
> No stupid question. For me there is not. Better to ask than to stay with
> the doubt.
>
> I believe that had not used this command, but now I have.
>
> But I am still with the error:
> "Error while trying to join domain" poa "Logon failure: unknown user name
> or bad password."
>
> You took one look at my smb.conf? Would have a problem?
> Elias Pereira
the doubt.
I believe that had not used this command, but now I have.
But I am still with the error:
"Error while trying to join domain" poa "Logon failure: unknown user name
or bad password."
About the results of the command "net groupmap list", you would have any
tips on how I can solve this problem?
And one more question. :D
You took one look at my smb.conf?
On Mon, Dec 22, 2014 at 6:11 PM, Elias Pereira <empb...@gmail.com> wrote:
> No stupid question. For me there is not. Better to ask than to stay with
> the doubt.
>
> I believe that had not used this command, but now I have.
>
> But I am still with the error:
> "Error while trying to join domain" poa "Logon failure: unknown user name
> or bad password."
>
> You took one look at my smb.conf? Would have a problem?
>
> On Mon, Dec 22, 2014 at 5:12 PM, Rowland Penny <
> rowlan...@googlemail.com> wrote:
>
>> On 22/12/14 19:02, Elias Pereira wrote:
>>
>> Hi, i'm running the samba as "classic primary domain controller" in my
>> lab test.
>>
>> In my lab tests, at first everything seems to be working properly.
>>
> On Mon, Dec 22, 2014 at 5:12 PM, Rowland Penny <
> rowlan...@googlemail.com> wrote:
>
>> On 22/12/14 19:02, Elias Pereira wrote:
>>
>> Hi, i'm running the samba as "classic primary domain controller" in my
>> lab test.
>>
>> In my lab tests, at first everything seems to be working properly.
>>
>> 1. I set the Samba4 as "classic primary domain controller." *smb.conf
>> in the pastebin link*.
>> in the pastebin link*.
>> 2. I set up an external ldap, with the equal ldif base what we have in
>> production here on campus.
>> 3. I set up an bind9 as DNS server.
>>
>> I tried to enter a machine with windows xp in the domain. When was
>> shown the login and password window, I put the login and password of a user
>> who is in the ldap base, and there was the error that the "Error while
>> trying to domain join "poa" Logon failure: unknown user name or bad
>> password".
>>
>> So, I tried a few things, but without success.
>>
>> When I tried to run the commands mentioned above, as seen, more
>> mistakes happen. :(
>>
>>
>> OK, stupid question first, have you run 'smbpasswd -w' and supplied the
>> ldap admin passwd ?
>>
>> Also, you cannot use samba-tool with a classic domain control, it is for
>> the Active Directory domain controller.
>>
>> Rowland
>>
>>
>> http://pastebin.com/raw.php?i=3mUJB9fA
>>
>> On Mon, Dec 22, 2014 at 4:41 PM, Rowland Penny <
>> production here on campus.
>> 3. I set up an bind9 as DNS server.
>>
>> I tried to enter a machine with windows xp in the domain. When was
>> shown the login and password window, I put the login and password of a user
>> who is in the ldap base, and there was the error that the "Error while
>> trying to domain join "poa" Logon failure: unknown user name or bad
>> password".
>>
>> So, I tried a few things, but without success.
>>
>> When I tried to run the commands mentioned above, as seen, more
>> mistakes happen. :(
>>
>>
>> OK, stupid question first, have you run 'smbpasswd -w' and supplied the
>> ldap admin passwd ?
>>
>> Also, you cannot use samba-tool with a classic domain control, it is for
>> the Active Directory domain controller.
>>
>> Rowland
>>
>>
>> http://pastebin.com/raw.php?i=3mUJB9fA
>>
>> On Mon, Dec 22, 2014 at 4:41 PM, Rowland Penny <
>> rowlan...@googlemail.com> wrote:
>>
>>> On 22/12/14 17:47, Elias Pereira wrote:
>>>
>>>> And now, I run the command "samba-tool user list" and the result is as
>>>> follows:
>>>>
>>>> *# samba-tool user list*
>>>> *ldb_wrap open of secrets.ldb*
>>>> *Could not find machine account in secrets database: Failed to fetch
>>>> machine account password from secrets.ldb: Could not find entry to match
>>>> filter: '(&(flatname=POA)(objectclass=primaryDomain))' base: 'cn=Primary
>>>> Domains': No such object: (null) and failed to fetch
>>>> SECRETS/MACHINE_PASSWORD/POA from /var/lib/samba/private/secrets.tdb:
>>>> NT_STATUS_CANT_ACCESS_DOMAIN_INFO*
>>>> *ERROR(ldb): uncaught exception - ldb_search: invalid basedn '(null)'*
>>>> * File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>>> line
>>>> 175, in _run*
>>>> * return self.run(*args, **kwargs)*
>>>> * File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line
>>>> 271,
>>>> in run*
>>>> * attrs=["samaccountname"])*
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Dec 22, 2014 at 12:05 PM, Elias Pereira <empb...@gmail.com>
>>
>>> On 22/12/14 17:47, Elias Pereira wrote:
>>>
>>>> And now, I run the command "samba-tool user list" and the result is as
>>>> follows:
>>>>
>>>> *# samba-tool user list*
>>>> *ldb_wrap open of secrets.ldb*
>>>> *Could not find machine account in secrets database: Failed to fetch
>>>> machine account password from secrets.ldb: Could not find entry to match
>>>> filter: '(&(flatname=POA)(objectclass=primaryDomain))' base: 'cn=Primary
>>>> Domains': No such object: (null) and failed to fetch
>>>> SECRETS/MACHINE_PASSWORD/POA from /var/lib/samba/private/secrets.tdb:
>>>> NT_STATUS_CANT_ACCESS_DOMAIN_INFO*
>>>> *ERROR(ldb): uncaught exception - ldb_search: invalid basedn '(null)'*
>>>> * File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py",
>>>> line
>>>> 175, in _run*
>>>> * return self.run(*args, **kwargs)*
>>>> * File "/usr/lib/python2.7/dist-packages/samba/netcmd/user.py", line
>>>> 271,
>>>> in run*
>>>> * attrs=["samaccountname"])*
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, Dec 22, 2014 at 12:05 PM, Elias Pereira <empb...@gmail.com>
Rowland Penny
Dec 22, 2014, 4:40:03 PM12/22/14
to
On 22/12/14 21:24, Elias Pereira wrote:
>
> 1. No you haven't, you have set up a 'backup domain controller'.
>
>
> Ok. Now I'm totally lost. Where I've set this as "backup domain
> controller"?
>
> 2. This is why you haven't got a PDC
>
>
> I set up an "external ldap" because we have one in operation and that
> is why I am making tests with Samba4 because after testing, and if it
> works, we will opt for Samba4 - PDC (debian) + "external ldap" (debian).
>
> 3. Why? you do not need a dns server with a PDC/BDC setup
>
>
> I asked here in the list, if with the Samba4 pdc I need a dns server,
> and the answer was yes.
>
> Can you please explain just what you are hoping to achieve?
>
>
> Here on campus where I am working we have the following scenario:
>
>
> ​
>
> ​In my lab tests I setup I mentioned in steps 1, 2 and 3.
> I have three virtual machines with an internal network for these tests.
>
> Machine 1: 192.168.77.200 > Samba4 pdc
> Machine 2: 192.168.77.220 > openldap
> Machine 3: 192.168.77.150 > bind9 the dns server
>
> I want the end of everything, I can leave running what is in the
> "scenario after migration" in the picture above.
>
> I'm sorry if my explanations are not helping. :(
>
> Elias Pereira
>
> 1. No you haven't, you have set up a 'backup domain controller'.
>
>
> Ok. Now I'm totally lost. Where I've set this as "backup domain
> controller"?
>
> 2. This is why you haven't got a PDC
>
>
> I set up an "external ldap" because we have one in operation and that
> is why I am making tests with Samba4 because after testing, and if it
> works, we will opt for Samba4 - PDC (debian) + "external ldap" (debian).
>
> 3. Why? you do not need a dns server with a PDC/BDC setup
>
>
> I asked here in the list, if with the Samba4 pdc I need a dns server,
> and the answer was yes.
>
> Can you please explain just what you are hoping to achieve?
>
>
> Here on campus where I am working we have the following scenario:
>
>
> ​
>
> ​In my lab tests I setup I mentioned in steps 1, 2 and 3.
> I have three virtual machines with an internal network for these tests.
>
> Machine 1: 192.168.77.200 > Samba4 pdc
> Machine 2: 192.168.77.220 > openldap
> Machine 3: 192.168.77.150 > bind9 the dns server
>
> I want the end of everything, I can leave running what is in the
> "scenario after migration" in the picture above.
>
> I'm sorry if my explanations are not helping. :(
>
> Elias Pereira
What you need to do is setup your samba4 machine as the PDC, in my
opinion this entails storing the primary domain records on the PDC, you
would then join the other machine (the one you call external OpenLDAP)
to it, not the other way round.
Get the domain working first, then add the other parts to it, you may
then find that it is better to transfer the 'external OpenLDAP' role to
your PDC.
Rowland Penny
Dec 23, 2014, 9:40:03 AM12/23/14
to
On 23/12/14 13:59, Elias Pereira wrote:
>
> What you need to do is setup your samba4 machine as the PDC
>
>
> I thought I had done it, but from what you said, I did not. :(>
> What you need to do is setup your samba4 machine as the PDC
>
>
>
> in my opinion this entails storing the primary domain records on
> the PDC, you would then join the other machine (the one you call
> external OpenLDAP) to it, not the other way round.
>
>
> some tips on how to do this, because I think I'm a little lost right now.
OK, here is a few howto's:
http://www.unixmen.com/setup-samba-domain-controller-with-openldap-backend-in-ubuntu-13-04/
http://www.howtoforge.com/centos-5.x-samba-domain-controller-with-ldap-backend
http://www.fatofthelan.com/technical/using-ldap-for-single-authentication/
http://www.ibm.com/developerworks/linux/tutorials/l-ldapsamba/
After reading them I think you might realise what you are missing PDC wise.
I suppose that you could upgrade the external OpenLDAP server to be the
PDC and then auth to that, but I think that you would be better going
the other way, but this is just my opinion.
0 new messages