Friday, May 3, 2024
Homepage · 12.04
 Popular · Latest · Hot · Upcoming
1
rated 0 times [  1] [ 0]  / answers: 1 / hits: 6868  / 1 Year ago, mon, may 8, 2023, 7:02:42

Ubuntu: 12.04 x64

PBIS: Linux 2.4/2.6 kernel 64-bit DEB (from BeyondTrust website)

Samba: 3.6.3 (from Ubuntu repo)



We are having problems getting samba to integrate with PowerBroker (aka PBIS/LikeWise-Open). We followed these instructions:



https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html



PBIS is working. Users are able to SSH and TELNET into the machine and login using AD credentials. However, we cannot get SAMBA to authenticate against the AD. Here is the log output:



[2013/05/31 09:36:38.385857,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)

  get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'

[2013/05/31 09:36:38.386170,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)

  cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.

[2013/05/31 09:36:38.386228,  0] auth/auth_domain.c:193(connect_to_domain_password_server)

  connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.

[2013/05/31 09:36:38.388088,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)

  get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'

[2013/05/31 09:36:38.388378,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)

  cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.

[2013/05/31 09:36:38.388435,  0] auth/auth_domain.c:193(connect_to_domain_password_server)

  connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.

[2013/05/31 09:36:38.390201,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)

  get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'

[2013/05/31 09:36:38.390491,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)

  cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.

[2013/05/31 09:36:38.390549,  0] auth/auth_domain.c:193(connect_to_domain_password_server)

  connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.

[2013/05/31 09:36:38.390831,  0] auth/auth_domain.c:292(domain_client_validate)


domain_client_validate: Domain password server not available.



Anyone have any ideas where to begin?


More From » 12.04
 Answers
5

Using the



net -U <username> ads join


will break PowerBrokers connection to AD. For example, you may find that your AD accounts may longer be able to SUDO.



The proper way to link SAMBA to AD via PowerBroker is this:



samba-interop-install --install

[#30946] Monday, May 8, 2023, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
ipentainer
Add To Favorites
Follow
Total Points: 112
Total Questions: 113
Total Answers: 113
Location: Guernsey
Member since Tue, Jul 6, 2021
3 Years ago
;