Web lists-archives.com

Re: [Samba] Samba4 machine fails to join in samba3 domain




Hai Julien, 

My advice.. setup a new AD-DC, configure it. 
Make sure you use the same users/passwords in the new AD. 

Then in GPO, make the mapping to the old server. Using OLDOMAIN\%username% 
That works if you keep the loginnames and pass the same. 
Now you can login on AD and use the old server. 

Because joining that samba4 into samba3, well, this will give more problem then you want, really. 
And that is something im not spending(waisting) time on.. and same should you. 

There are really to many changes in windows samba etc to even try to support it. 

I have 0 problem with helping setup a new AD-DOM.. But this is all soo out dated. 
Its asking for more problems. 

If someone else wants to help and try it, fine, but not me. 
Really sorry,.. 


Greetz, 

Louis



> -----Oorspronkelijk bericht-----
> Van: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] Namens 
> Julien TEHERY via samba
> Verzonden: woensdag 22 mei 2019 16:03
> Aan: samba@xxxxxxxxxxxxxxx
> Onderwerp: [Samba] Samba4 machine fails to join in samba3 domain
> 
> Hi
> 
> I actually have troubles to join a samba4 machine into an old 
> samba3 domain.
> I know I know most of you will yell reading this, but i have to deal 
> with a customer's very old environment :)
> They're thinking about migrating fully in samba4, but it will 
> take some 
> times so for now let's focus on the situation we have
> 
> Configuration:
> - Samba3 PDC :3.5.18-28
> - Samba4 client Debian 8.7 (samba 4.2.14)
> 
> Here is the samba4 smb.conf:
> 
> [global]
>           # OPTIONS TO JOIN SAMBA3 NT DOMAIN
>          max protocol = NT1
>          client ipc signing = No
>          client signing = No
>          server signing = No
>          ####
> 
>          panic action = /usr/share/samba/panic-action %d
>          workgroup = MYDOMAIN
>          netbios name = MYSERVER
>          admin users= @"Domain Admins"
>          name resolve order = wins lmhosts hosts bcast
>          wide links = Yes
>          follow symlinks = Yes
> 
>          remote announce = 192.168.255.255/MYDOMAIN
>          remote browse sync = 192.168.255.255
>          interfaces = 192.168.X.X/255.255.254.0
>          bind interfaces only = no
>          unix charset = CP850
>          server string = FileserverMYSERVER
>          security = DOMAIN
>          encrypt passwords = true
> 
>          log level = 1
>          syslog = 0
>          log file = /var/log/samba/%m.log
>          max log size = 100000
>          socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
>          mangling method = hash2
> 
>          domain logons = No
>          os level = 99
>          preferred master = No
>          domain master = No
>          wins server = X.X.X.X
>          idmap backend = nss
>          passdb backend = ldapsam:ldap://ds.domain.com:389/
>          ldap admin dn = cn=Directory Manager,dc=domain,dc=com
>          ldap suffix = dc=domain,dc=com
>          ldap group suffix = ou=Groups
>          ldap user suffix = ou=Users
>          ldap machine suffix = ou=Computers
>          ldap ssl = No
> 
>          winbind cache time = 5
>          winbind use default domain = yes
>          winbind enum users = yes
>          winbind enum groups = yes
> 
> 
> 
> 
> 
> 
> Here is what i get when trying to join the domain
> 
> net rpc join  -Uadministrateur
> No realm has been specified! Do you really want to join an Active 
> Directory server?
> Enter administrateur's password:
> No realm has been specified! Do you really want to join an Active 
> Directory server?
> User root with invalid SID 
> S-1-5-21-2287936477-1870703456-424640392-1001 
> in passdb
> Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR.
> cli_rpc_pipe_open_schannel_with_key: rpc_pipe_bind failed with error 
> NT_STATUS_RPC_PROTOCOL_ERROR
> libnet_join_ok: failed to open schannel session on netlogon pipe to 
> server PDC for domain MYDOMAIN. Error was NT_STATUS_RPC_PROTOCOL_ERROR
> Failed to join domain: failed to verify domain membership 
> after joining: 
> An RPC protocol error occurred.
> 
> The fact is that i succeed in getting domain info:
> 
> 
> net rpc info -Uadministrateur
> Enter administrateur's password:
> Domain Name: MYDOMAIN
> Domain SID: S-1-5-21-2143421583-854681893-XXXXXXXXXX
> Sequence number: 1558533247
> Num users: 2479
> Num domain groups: 276
> Num local groups: 0
> 
> 
> I don't know how to deal with this problem (first time i see that..)
> 
> Thanks for your help
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
> 
> 


-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba