未能将计算机连接到samba域(Zentyal) -无法加入域:没有足够的权限加入域
未能将计算机连接到samba域(Zentyal) -无法加入域:没有足够的权限加入域
提问于 2023-04-01 18:19:48
我是一个相对较新的Zentyal用户(几个月),我喜欢它!但我遇到了一个问题我希望有人能帮我。
在我的部署中,我有两个Zentyal服务器(zentyal-1.mydomain.com和zentyal-2.mydomain.com),它们都在运行“域控制器和文件共享”服务。其思想是要有主、二级直流控制器。我成功地使用了这个设置几个月,这意味着我已经成功地加入了几台Ubuntu / Windows 11机器,创建了几个用户等等。
今天,当我试图加入另一台Ubuntu机器时,问题就发生了,方法是遵循与前面相同的步骤。这一次我犯了个错误。下面是命令和完整的输出(仅编辑域名):
$ sudo realm join -v mydomain.com
* Resolving: _ldap._tcp.mydomain.com
* Performing LDAP DSE lookup on: 172.16.0.101
* Performing LDAP DSE lookup on: 172.16.0.102
* Successfully discovered: mydomain.com
Password for Administrator:
* Unconditionally checking packages
* Resolving required packages
* LANG=C /usr/sbin/adcli join --verbose --domain mydomain.com --domain-realm MYDOMAIN.COM --domain-controller 172.16.0.101 --login-type user --login-user Administrator --stdin-password
* Using domain name: mydomain.com
* Calculated computer account name from fqdn: GITLAB
* Using domain realm: mydomain.com
* Sending NetLogon ping to domain controller: 172.16.0.101
* Received NetLogon info from: zentyal-1.mydomain.com
* Wrote out krb5.conf snippet to /var/cache/realmd/adcli-krb5-gKcH27/krb5.d/adcli-krb5-conf-JlLa8m
* Authenticated as user: Administrator@MYDOMAIN.COM
* Using GSS-SPNEGO for SASL bind
* Looked up short domain name: MYDOMAIN
* Looked up domain SID: S-1-5-21-2787685195-3023692109-2783229274
* Using fully qualified name: gitlab.mydomain.com
* Using domain name: mydomain.com
* Using computer account name: GITLAB
* Using domain realm: mydomain.com
* Calculated computer account name from fqdn: GITLAB
* Generated 120 character computer password
* Using keytab: FILE:/etc/krb5.keytab
* A computer account for GITLAB$ does not exist
* Found well known computer container at: CN=Computers,DC=mydomain,DC=com
* Calculated computer account: CN=GITLAB,CN=Computers,DC=mydomain,DC=com
* Encryption type [3] not permitted.
* Encryption type [1] not permitted.
! Insufficient permissions to modify computer account: CN=GITLAB,CN=Computers,DC=mydomain,DC=com: 0000202F: ../../ldb_key_value/ldb_kv_index.c:3048: Failed to re-index objectSid in CN=GITLAB,CN=Computers,DC=mydomain,DC=com - ../../ldb_key_value/ldb_kv_index.c:2893: unique index violation on objectSid in CN=GITLAB,CN=Computers,DC=mydomain,DC=com
adcli: joining domain mydomain.com failed: Insufficient permissions to modify computer account: CN=GITLAB,CN=Computers,DC=mydomain,DC=com: 0000202F: ../../ldb_key_value/ldb_kv_index.c:3048: Failed to re-index objectSid in CN=GITLAB,CN=Computers,DC=mydomain,DC=com - ../../ldb_key_value/ldb_kv_index.c:2893: unique index violation on objectSid in CN=GITLAB,CN=Computers,DC=mydomain,DC=com
! Insufficient permissions to join the domain
realm: Couldn't join realm: Insufficient permissions to join the domain如您所见,我使用了内置的Administrator帐户,并根据输出成功地对其进行了身份验证。然而,我得到的是“没有足够的权限加入域”。
任何帮助都将不胜感激!
谢谢!
回答 1
Server Fault用户
回答已采纳
发布于 2023-04-02 06:45:21
结果发现数据库不一致。以下是我的问题:
$ sudo samba-tool dbcheck --fix我希望它能对其他人有所帮助。
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/1127679
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号