Windows 8 can not list new Domain users

samba-ad
s4-connector

#1

Hello,
This is my first time here.
I am using UCS as Active directory to windows users, I mad domain and users, everything working fine until days ago:
I added new users, but can not login to windows using this user!!!
I can join new computers to domain
I can login using old users but new users show bad password, I changed new user password many time but same error
Home folders working fine for old users, print server fine, DNS can resolve
UCS system updated
using windows I tried to query domain users, it show all old users except new user?
what should I do?


#2

This could be a problem with the connector. What’s the output of this?

univention-s4connector-list-rejected

#3

Thank you for your reply.
It show a lot, here is an example of output

UCS rejected

1:   UCS DN: cn=USER111,cn=computers,dc=ten,dc=local
      S4 DN: <not found>
     Filename: /var/lib/univention-connector/s4/1491679375.725131

2:   UCS DN: cn=USER111,cn=computers,dc=ten,dc=local
      S4 DN: <not found>
     Filename: /var/lib/univention-connector/s4/1491679375.735827

3:   UCS DN: cn=USER111,cn=computers,dc=ten,dc=local
      S4 DN: <not found>
     Filename: /var/lib/univention-connector/s4/1491679375.738908

41031: UCS DN: cn=USER17,cn=Computers,dc=ten,dc=local
S4 DN:
Filename: /var/lib/univention-connector/s4/1491679375.626736

S4 rejected

1:    S4 DN: CN=TENTV,CN=Computers,DC=ten,DC=local
     UCS DN: <not found>
2:    S4 DN: CN=USER17,CN=Computers,DC=ten,DC=local
     UCS DN: <not found>
3:    S4 DN: CN=TAHRIR26-15,CN=Computers,DC=ten,DC=local
     UCS DN: <not found>
4:    S4 DN: CN=USER111,CN=Computers,DC=ten,DC=local
     UCS DN: <not found>
5:    S4 DN: CN=HANY,CN=Computers,DC=ten,DC=local
     UCS DN: <not found>

last synced USN: 171475

#4

You should read this SDB article


#5

I followed step on this article, in step univention-s4search -b :

root@server:~# univention-s4search -b cn=administrator,cn=users,dc=ten,dc=local
TLS …/source4/lib/tls/tls_tstream.c:1593 - check failed for verify_peer[ca_and_name] and peer_name[server.ten.local] status 0x42 (invalid signer_not_found )
Failed to connect to ldap URL ‘ldaps://server.ten.local’ - LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to ‘ldaps://server.ten.local’ with backend ‘ldaps’: LDAP client internal error: NT_STATUS_INVALID_PARAMETER
Failed to connect to ldaps://server.ten.local - LDAP client internal error: NT_STATUS_INVALID_PARAMETER

what should I do to fix this?


#6

This sounds like the UCS CA certificate isn’t trusted, or the Samba4 server is using a certificate not signed by that CA. Both shouldn’t be the case in a normal installation.

Please post the output of the following commands for further debugging:

  1. ls -l /etc/ssl/certs/ucsCA.pem /usr/local/share/ca-certificates/ucsCA.crt /etc/univention/ssl/ucsCA/CAcert.pem
  2. openssl x509 -in /etc/ssl/certs/ucsCA.pem -noout -text
  3. grep tls /etc/samba/smb.conf

Thanks.


#7

Thank you for your reply.
I formatted this server and created new Domain :frowning:

B R
George


#8

That would solve the issue, of course :slight_smile: Sorry you had to resort to such a drastic method.