Samba+PowerBroker (aka LikeWise-Open) integration not working
Solution 1
Using the
net -U <username> ads join
will break PowerBrokers connection to AD. For example, you may find that your AD accounts may longer be able to SUDO.
The proper way to link SAMBA to AD via PowerBroker is this:
samba-interop-install --install
Solution 2
Found it here: http://wiki.samba.org/index.php/Samba_&_Active_Directory
The Ubuntu instructions: https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html
was missing this final step:
net -U <username> ads join
Once you successfully join the Domain/ADS, it works fine!
Related videos on Youtube
Van
Updated on September 18, 2022Comments
-
Van over 1 year
Ubuntu: 12.04 x64
PBIS: Linux 2.4/2.6 kernel 64-bit DEB (from BeyondTrust website)
Samba: 3.6.3 (from Ubuntu repo)We are having problems getting samba to integrate with PowerBroker (aka PBIS/LikeWise-Open). We followed these instructions:
https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html
PBIS is working. Users are able to SSH and TELNET into the machine and login using AD credentials. However, we cannot get SAMBA to authenticate against the AD. Here is the log output:
[2013/05/31 09:36:38.385857, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common) get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE' [2013/05/31 09:36:38.386170, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE. [2013/05/31 09:36:38.386228, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2013/05/31 09:36:38.388088, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common) get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE' [2013/05/31 09:36:38.388378, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE. [2013/05/31 09:36:38.388435, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2013/05/31 09:36:38.390201, 0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common) get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE' [2013/05/31 09:36:38.390491, 0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel) cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE. [2013/05/31 09:36:38.390549, 0] auth/auth_domain.c:193(connect_to_domain_password_server) connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO. [2013/05/31 09:36:38.390831, 0] auth/auth_domain.c:292(domain_client_validate)
domain_client_validate: Domain password server not available.
Anyone have any ideas where to begin?