{"id":226,"date":"2015-05-19T23:41:43","date_gmt":"2015-05-19T22:41:43","guid":{"rendered":"http:\/\/www.troliver.com\/?p=226"},"modified":"2015-05-20T10:26:55","modified_gmt":"2015-05-20T09:26:55","slug":"trouble-in-sambadise-pbis-with-active-directory-issues","status":"publish","type":"post","link":"https:\/\/www.troliver.com\/?p=226","title":{"rendered":"Trouble in Sambadise; Issues with PBIS Active Directory and Samba"},"content":{"rendered":"

Continuing from the last post<\/a>, with the original default configuration you could\u00a0browse shares on the server, but with the updated configuration you can’t.<\/p>\n

\"share5\"<\/a><\/p>\n

We have joined the server to Active Directory and there are likely no issues reported with running pbis status<\/em>,\u00a0so what could\u00a0be wrong?<\/p>\n

I had a look through some logs in\u00a0\/var\/log\/samba\/, <\/em>where\u00a0there are logs for each machine that has tried to access a samba share. Open one of them and you’ll possibly see\u00a0four errors occur (with the timestamp lines removed)<\/p>\n

  get_schannel_session_key: could not fetch trust account password for domain 'Troliver'\r\n\r\n  cli_rpc_pipe_open_schannel: failed to get schannel session key from server domaincontroller.troliver.com for domain Troliver.\r\n\r\n  connect_to_domain_password_server: unable to open the domain client session to machine domaincontroller.troliver.com. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.\r\n\r\n  domain_client_validate: Domain password server not available.\r\n<\/pre>\n
This is crazy; it seems like there is something wrong with joining the domain – but we are already on the domain and can change users! Ah ha, but I haven’t yet\u00a0run the Samba-Interop installer, which\u00a0allows you to integrate PBIS authentication with Samba.<\/p>\n
Following this guide<\/a>,\u00a0for version 8.x,\u00a0I ran\u00a0\/opt\/pbis\/bin\/samba-interop-install\u00a0<\/em> – but this failed!<\/p>\n
Found smbd version 4.1.6-Ubuntu\r\nUnsupported smbd version 4.1.6-Ubuntu\r\nError: ERROR_PRODUCT_VERSION<\/pre>\n
If anyone\u00a0asks what the difference\u00a0is when using Ubuntu over CentOS, one answer you might commonly find on Google is\u00a0to do with how “up-to-date” Ubtuntu is, with new and updated packages all the time, compared to CentOS which may be lagging behind with older, more stable<\/em>, releases. So at the time of writing, Ubuntu’s implementation of Samba – as installed by default – is at version 4.16 and PBIS is at 8.2.1.something. Both are the latest; yet they don’t work together when using the samba-interop-install\u00a0<\/em>to link PBIS with Samba, which only supports versions up to 3.5 it seems.<\/p>\n
In fact, this seems to be a problem<\/a> that has been around<\/a> for a while<\/a>. Its for\u00a0PowerBroker to figure out and fix; but actually, they even only discuss version 3 in their installation guide. So we probably can’t use Samba 4 at all and there is no indication that that will change. In the meantime, you have to use an older version of Samba. But how?<\/p>\n
[The hard way that I didn’t end up using] – Make Samba yourself<\/h2>\n