Hi sssd user's,
I contacted yesterday the Samba discussion list about a malfunction with this software. I was asked to put my question to the sssd list, which I do :) You will find below the email sent to the Samba list:
************************************************************************** I've update a domain member smb server to samba 4.6.5. I don't want to use winbind for this upgrade so i'm trying with sssd. After a long informative reading on this subject, i've finaly success to connect using the hostname.
The domain member is well join to AD-DC : # net ads testjoin Join is OK
Another test : # adcli info -D local.mydomain [domain] domain-name = local.mydomain domain-short = MYDOMAIN domain-forest = local.mydomain domain-controller = hera.local.mydomain domain-controller-site = Laval domain-controller-flags = pdc gc ldap ds kdc timeserv closest writable good-timeserv full-secret domain-controller-usable = yes domain-controllers = hera.local.mydomain [computer] computer-site = Laval
From the Domain member server (RHEA), i can view the main sharing using my account but not when using the administrator account. By the way, i belive i made some limitation on this account because nobody have to use this one
# smbclient -L //RHEA -U myident Enter MYDOMAIN\myident's password:
Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba 4.6.5-Debian) projets Disk Gestion des projets public Disk Public Stuff myident Disk Repertoire Personnel Domain=[MYDOMAIN] OS=[] Server=[]
Server Comment --------- ------- RHEA Samba 4.6.5-Debian
Workgroup Master --------- ------- MYDOMAIN RHEA
From the AD-DC server (HERA), i can see the same thing using my account. Stil on the AD-DC, i've try another method :
# smbclient -L //192.168.1.2 -U myident Enter MYDOMAIN\myident's password: Domain=[MYDOMAIN] OS=[] Server=[]
Sharename Type Comment --------- ---- ------- IPC$ IPC IPC Service (Samba 4.6.5-Debian) projets Disk Gestion des projets public Disk Public Stuff myident Disk Repertoire Personnel Domain=[MYDOMAIN] OS=[] Server=[]
Server Comment --------- ------- RHEA Samba 4.6.5-Debian
Workgroup Master --------- ------- MYDOMAIN RHEA
Well... Everything seems to work. Now i want to test an access from a windows client. I have open the session on the domain using my account. Now i open windows explorer and i type //RHEA in the address bar. I can see the share that i can use. So, why do i post on this mailing list ?
Because when I use address //192.168.1.2, the operating system asks me to identify myself. But i'have already done this when i've open this session. I am surprised because it is usually the opposite error that occurs. Let's go to the log on RHEA Host (192.168.1.2) :
[2017/07/25 02:46:15.286177, 0] ../source3/auth/auth_domain.c:226(domain_client_validate) domain_client_validate: unable to validate password for user myident in domain MYDOMAIN to Domain controller HERA.LOCAL.MYDOMAIN. Error was NT_STATUS_WRONG_PASSWORD. [2017/07/25 02:46:15.288928, 2] ../source3/auth/auth.c:315(auth_check_ntlm_password) check_ntlm_password: Authentication for user [myident] -> [myident] FAILED with error NT_STATUS_WRONG_PASSWORD [2017/07/25 02:46:15.296364, 2] ../auth/gensec/spnego.c:768(gensec_spnego_server_negTokenTarg) SPNEGO login failed: NT_STATUS_WRONG_PASSWORD
Ok, but this error occurred even before I specified an identifier. I removed the Windows-based workstation from the domain and then, i join it again. In this regard, i have noticed that a computer can not join a Windows Active Directory domain if the Netbios over TCP / IP option is not enabled. Too bad !
RSAT is installed on this computer and i still can login and maintain Active Directory and DNS zone from this computer. But now, i cannot see RHEA share anymore. I've got the same error even if i use IP or hostname.
sssd seems to work fine because the command getent passwd give me a result :
# getent passwd myident myident:*:1072:513:Marc-Henri Pamiseux:/home/MYDOMAIN/myident:/bin/bash
Does someone can help me to investigate ? ************************************************************************** Thanks in advance.
sssd-users@lists.fedorahosted.org