I configured the server from scratch and joined the domain with
"--membership-software=samba".
But the problem is not solved. Now if I try to access shares with a Windows
10 client I get these errors on syslog:
May 16 15:33:16 fileserv nmbd[2245]: [2018/05/16 15:33:16.904335, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:16 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276297, 0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:18 fileserv smbd[2324]: smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276337, 2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:18 fileserv smbd[2324]: smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276365, 0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:18 fileserv smbd[2324]: smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276882, 1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:18 fileserv smbd[2324]: PAM account restrictions prevent
user [john.doe] login
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.475507, 0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:18 fileserv smbd[2325]: smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.476968, 2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:18 fileserv smbd[2325]: smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.478308, 0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:18 fileserv smbd[2325]: smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.479999, 1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:18 fileserv smbd[2325]: PAM account restrictions prevent
user [john.doe] login
May 16 15:33:18 fileserv nmbd[2245]: [2018/05/16 15:33:18.918867, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:18 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:21 fileserv nmbd[2245]: [2018/05/16 15:33:21.921971, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:21 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:23 fileserv nmbd[2245]: [2018/05/16 15:33:23.923595, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:23 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.109960, 0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:24 fileserv smbd[2328]: smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.110013, 2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:24 fileserv smbd[2328]: smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.110045, 0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:24 fileserv smbd[2328]: smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.110624, 1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:24 fileserv smbd[2328]: PAM account restrictions prevent
user [john.doe] login
May 16 15:33:25 fileserv nmbd[2245]: [2018/05/16 15:33:25.521817, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:25 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:25 fileserv nmbd[2245]: [2018/05/16 15:33:25.521944, 2]
../source3/nmbd/nmbd_elections.c:201(run_elections)
May 16 15:33:25 fileserv nmbd[2245]: run_elections: >>> Won election for
workgroup MAV on subnet 192.168.2.60 <<<
May 16 15:33:25 fileserv nmbd[2245]: [2018/05/16 15:33:25.521995, 2]
../source3/nmbd/nmbd_become_lmb.c:538(become_local_master_browser)
May 16 15:33:25 fileserv nmbd[2245]: become_local_master_browser:
Starting to become a master browser for workgroup MAV on subnet 192.168.2.60
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.648206, 0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:27 fileserv smbd[2330]: smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.649913, 2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:27 fileserv smbd[2330]: smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.651264, 0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:27 fileserv smbd[2330]: smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.653103, 1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:27 fileserv smbd[2330]: PAM account restrictions prevent
user [john.doe] login
May 16 15:33:33 fileserv nmbd[2245]: [2018/05/16 15:33:33.551576, 0]
../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
May 16 15:33:33 fileserv nmbd[2245]: *****
May 16 15:33:33 fileserv nmbd[2245]:
May 16 15:33:33 fileserv nmbd[2245]: Samba name server FILESERV is now a
local master browser for workgroup MAV on subnet 192.168.2.60
May 16 15:33:33 fileserv nmbd[2245]:
May 16 15:33:33 fileserv nmbd[2245]: *****
May 16 15:33:34 fileserv nmbd[2245]: [2018/05/16 15:33:34.301419, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:34 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:36 fileserv nmbd[2245]: [2018/05/16 15:33:36.626202, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:36 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:39 fileserv nmbd[2245]: [2018/05/16 15:33:39.379370, 2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:39 fileserv nmbd[2245]: send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
Can you help me please?
Thanks!
2018-05-16 9:14 GMT+02:00 Sumit Bose <sbose(a)redhat.com>:
On Tue, May 15, 2018 at 09:02:38PM +0200, shacky wrote:
> Hi Sumit, thanks for your answer!
>
>
> 2018-05-15 17:53 GMT+02:00 Sumit Bose <sbose(a)redhat.com>:
>
> > Did you use 'realm join' to join the domain?
> >
>
> Yes, I am using Openmediavault and I followed this guide:
>
https://forum.openmediavault.org/index.php/Thread/18886-
Guide-how-to-join-OpenMediaVault-3-x-in-an-Active-Directory-domain/
>
> This guide tells to execute the following commands to join the domain:
>
> realm discover -v
domain.com
> realm -v join
domain.com -U administrator --membership-software=adcli
>
>
> realm can either use 'adcli' or 'net ads join' to join the AD
domain. If
> > you want to run Samba you should make sure the latter is used. I do not
> > know what it the default for Debian/Ubuntu but you can tell 'realm
join'
> > to use 'net ads join' with the option --membership-software=samba.
> >
>
> Would I just need to re-execute "realm join" even if I already executed
it
> with adcli instead of samba?
Yes, this should work.
bye,
Sumit
>
>
> > One of the main differences is that 'net ads join' will write the
clear
> > teat machine password into an internal database of Samba. Current
> > versions of adcli will not do this but my plan is to add this
> > functionality to adcli as well.
>
>
> Thanks! I will try and let you know.
>
> Bye!
> _______________________________________________
> sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users(a)lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave(a)lists.fedorahosted.org