Ubuntu: Samba+PowerBroker (aka LikeWise-Open) integration not working



Question:

Ubuntu: 12.04 x64
PBIS: Linux 2.4/2.6 kernel 64-bit DEB (from BeyondTrust website)
Samba: 3.6.3 (from Ubuntu repo)

We are having problems getting samba to integrate with PowerBroker (aka PBIS/LikeWise-Open). We followed these instructions:

https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html

PBIS is working. Users are able to SSH and TELNET into the machine and login using AD credentials. However, we cannot get SAMBA to authenticate against the AD. Here is the log output:

[2013/05/31 09:36:38.385857,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)    get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'  [2013/05/31 09:36:38.386170,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)    cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.  [2013/05/31 09:36:38.386228,  0] auth/auth_domain.c:193(connect_to_domain_password_server)    connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.  [2013/05/31 09:36:38.388088,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)    get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'  [2013/05/31 09:36:38.388378,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)    cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.  [2013/05/31 09:36:38.388435,  0] auth/auth_domain.c:193(connect_to_domain_password_server)    connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.  [2013/05/31 09:36:38.390201,  0] rpc_client/cli_pipe_schannel.c:54(get_schannel_session_key_common)    get_schannel_session_key: could not fetch trust account password for domain 'EXAMPLE'  [2013/05/31 09:36:38.390491,  0] rpc_client/cli_pipe_schannel.c:184(cli_rpc_pipe_open_schannel)    cli_rpc_pipe_open_schannel: failed to get schannel session key from server DC2.EXAMPLE.COM for domain EXAMPLE.  [2013/05/31 09:36:38.390549,  0] auth/auth_domain.c:193(connect_to_domain_password_server)    connect_to_domain_password_server: unable to open the domain client session to machine DC2.EXAMPLE.COM. Error was : NT_STATUS_CANT_ACCESS_DOMAIN_INFO.  [2013/05/31 09:36:38.390831,  0] auth/auth_domain.c:292(domain_client_validate)  

domain_client_validate: Domain password server not available.

Anyone have any ideas where to begin?


Solution:1

Found it here: http://wiki.samba.org/index.php/Samba_&_Active_Directory

The Ubuntu instructions: https://help.ubuntu.com/12.04/serverguide/samba-ad-integration.html

was missing this final step:

net -U <username> ads join  

Once you successfully join the Domain/ADS, it works fine!


Solution:2

Using the

net -U <username> ads join  

will break PowerBrokers connection to AD. For example, you may find that your AD accounts may longer be able to SUDO.

The proper way to link SAMBA to AD via PowerBroker is this:

samba-interop-install --install  

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »