Web lists-archives.com

Re: [Samba] Failed to find domain 'NT AUTHORITY'




Il 06/11/2017 17:50, Rowland Penny via samba ha scritto:
Yes, do not use the DC as a fileserver;-)
If you must, don't run a backup system that relies on IDs

A DC has no concept of 'NT AUTHORITY':

root@dc1:~# wbinfo --sid-to-name S-1-5-18
failed to call wbcLookupSid: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup sid S-1-5-18
root@dc1:~# wbinfo --name-to-sid='NT Authority\SYSTEM'
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority\SYSTEM

my DC works different

[root@apamfs2 ~]# wbinfo --sid-to-name S-1-5-18
NT AUTHORITY\SYSTEM 5
[root@apamfs2 ~]# wbinfo --name-to-sid='NT Authority\SYSTEM'
failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND
Could not lookup name NT Authority\SYSTEM
[root@apamfs2 ~]#

???

Do you have libnss_winbind & PAM set up correctly ?
Hello,
I review the samba wiki about libnss_winbind & PAM
and libnss_winbind looks ok
[root@apamfs2 ~]# ll /usr/local/samba/lib/*winbind*
lrwxrwxrwx. 1 root root 19 Apr 16 2014 /usr/local/samba/lib/libnss_winbind.so -> libnss_winbind.so.2 -rwxr-xr-x 1 root root 18288 Oct 29 19:35 /usr/local/samba/lib/libnss_winbind.so.2 -rwxr-xr-x 1 root root 12717 Oct 29 19:35 /usr/local/samba/lib/winbind_krb5_locator.so
[root@apamfs2 ~]# ll /lib64/*winb*
lrwxrwxrwx 1 root root 26 Feb 23 2017 /lib64/libnss_winbind.so -> /lib64/libnss_winbind.so.2 lrwxrwxrwx 1 root root 40 Feb 23 2017 /lib64/libnss_winbind.so.2 -> /usr/local/samba/lib/libnss_winbind.so.2

but /etc/pam.d/password-auth-ac isn't
compliant to https://wiki.samba.org/index.php/Authenticating_Domain_Users_Using_PAM

I understand that's time to upgrade my system
and split AD from fileserver. In another post
Rowland suggest me to upgrade bind. So the time
is come.

I'll return to ask for a better way to
split my AD&FS in AD+FS.

thank you all
giuseppe

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba