[SSSD-users] Re: failed to fetch machine password

shacky Wed, 16 May 2018 06:35:43 -0700

I configured the server from scratch and joined the domain with
"--membership-software=samba".


But the problem is not solved. Now if I try to access shares with a Windows
10 client I get these errors on syslog:

May 16 15:33:16 fileserv nmbd[2245]: [2018/05/16 15:33:16.904335,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:16 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276297,  0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:18 fileserv smbd[2324]:   smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276337,  2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:18 fileserv smbd[2324]:   smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276365,  0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:18 fileserv smbd[2324]:   smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:18 fileserv smbd[2324]: [2018/05/16 15:33:18.276882,  1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:18 fileserv smbd[2324]:   PAM account restrictions prevent
user [john.doe] login
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.475507,  0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:18 fileserv smbd[2325]:   smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.476968,  2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:18 fileserv smbd[2325]:   smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.478308,  0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:18 fileserv smbd[2325]:   smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:18 fileserv smbd[2325]: [2018/05/16 15:33:18.479999,  1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:18 fileserv smbd[2325]:   PAM account restrictions prevent
user [john.doe] login
May 16 15:33:18 fileserv nmbd[2245]: [2018/05/16 15:33:18.918867,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:18 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:21 fileserv nmbd[2245]: [2018/05/16 15:33:21.921971,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:21 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:23 fileserv nmbd[2245]: [2018/05/16 15:33:23.923595,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:23 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.109960,  0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:24 fileserv smbd[2328]:   smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.110013,  2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:24 fileserv smbd[2328]:   smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.110045,  0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:24 fileserv smbd[2328]:   smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:24 fileserv smbd[2328]: [2018/05/16 15:33:24.110624,  1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:24 fileserv smbd[2328]:   PAM account restrictions prevent
user [john.doe] login
May 16 15:33:25 fileserv nmbd[2245]: [2018/05/16 15:33:25.521817,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:25 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:25 fileserv nmbd[2245]: [2018/05/16 15:33:25.521944,  2]
../source3/nmbd/nmbd_elections.c:201(run_elections)
May 16 15:33:25 fileserv nmbd[2245]:   run_elections: >>> Won election for
workgroup MAV on subnet 192.168.2.60 <<<
May 16 15:33:25 fileserv nmbd[2245]: [2018/05/16 15:33:25.521995,  2]
../source3/nmbd/nmbd_become_lmb.c:538(become_local_master_browser)
May 16 15:33:25 fileserv nmbd[2245]:   become_local_master_browser:
Starting to become a master browser for workgroup MAV on subnet 192.168.2.60
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.648206,  0]
../source3/auth/pampass.c:589(smb_pam_account)
May 16 15:33:27 fileserv smbd[2330]:   smb_pam_account: PAM: UNKNOWN PAM
ERROR (4) during Account Management for User: john.doe
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.649913,  2]
../source3/auth/pampass.c:89(smb_pam_error_handler)
May 16 15:33:27 fileserv smbd[2330]:   smb_pam_error_handler: PAM: Account
Check Failed : System error
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.651264,  0]
../source3/auth/pampass.c:797(smb_pam_accountcheck)
May 16 15:33:27 fileserv smbd[2330]:   smb_pam_accountcheck: PAM: Account
Validation Failed - Rejecting User john.doe!
May 16 15:33:27 fileserv smbd[2330]: [2018/05/16 15:33:27.653103,  1]
../source3/auth/user_krb5.c:142(get_user_from_kerberos_info)
May 16 15:33:27 fileserv smbd[2330]:   PAM account restrictions prevent
user [john.doe] login
May 16 15:33:33 fileserv nmbd[2245]: [2018/05/16 15:33:33.551576,  0]
../source3/nmbd/nmbd_become_lmb.c:397(become_local_master_stage2)
May 16 15:33:33 fileserv nmbd[2245]:   *****
May 16 15:33:33 fileserv nmbd[2245]:
May 16 15:33:33 fileserv nmbd[2245]:   Samba name server FILESERV is now a
local master browser for workgroup MAV on subnet 192.168.2.60
May 16 15:33:33 fileserv nmbd[2245]:
May 16 15:33:33 fileserv nmbd[2245]:   *****
May 16 15:33:34 fileserv nmbd[2245]: [2018/05/16 15:33:34.301419,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:34 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:36 fileserv nmbd[2245]: [2018/05/16 15:33:36.626202,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:36 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60
May 16 15:33:39 fileserv nmbd[2245]: [2018/05/16 15:33:39.379370,  2]
../source3/nmbd/nmbd_elections.c:41(send_election_dgram)
May 16 15:33:39 fileserv nmbd[2245]:   send_election_dgram: Sending
election packet for workgroup MAV on subnet 192.168.2.60

Can you help me please?
Thanks!

2018-05-16 9:14 GMT+02:00 Sumit Bose <sb...@redhat.com>:

> On Tue, May 15, 2018 at 09:02:38PM +0200, shacky wrote:
> > Hi Sumit, thanks for your answer!
> >
> >
> > 2018-05-15 17:53 GMT+02:00 Sumit Bose <sb...@redhat.com>:
> >
> > > Did you use 'realm join' to join the domain?
> > >
> >
> > Yes, I am using Openmediavault and I followed this guide:
> > https://forum.openmediavault.org/index.php/Thread/18886-
> Guide-how-to-join-OpenMediaVault-3-x-in-an-Active-Directory-domain/
> >
> > This guide tells to execute the following commands to join the domain:
> >
> > realm discover -v domain.com
> > realm -v join domain.com -U administrator --membership-software=adcli
> >
> >
> > realm can either use 'adcli' or 'net ads join' to join the AD domain. If
> > > you want to run Samba you should make sure the latter is used. I do not
> > > know what it the default for Debian/Ubuntu but you can tell 'realm
> join'
> > > to use 'net ads join' with the option --membership-software=samba.
> > >
> >
> > Would I just need to re-execute "realm join" even if I already executed
> it
> > with adcli instead of samba?
>
> Yes, this should work.
>
> bye,
> Sumit
>
> >
> >
> > > One of the main differences is that 'net ads join' will write the clear
> > > teat machine password into an internal database of Samba. Current
> > > versions of adcli will not do this but my plan is to add this
> > > functionality to adcli as well.
> >
> >
> > Thanks! I will try and let you know.
> >
> > Bye!
>
> > _______________________________________________
> > sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org
>

_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org

[SSSD-users] Re: failed to fetch machine password

Reply via email to