× Welcome to the Centrify Community! We are rolling out product name changes — click here to learn more.

adbindproxy.pl Get Domain SID failed. Please try again with authentication and a valid DC

Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Contributor I
Posts: 11
Registered: ‎02-19-2016
#1 of 6 2,800
Accepted Solution

adbindproxy.pl Get Domain SID failed. Please try again with authentication and a valid DC

[ Edited ]

I have Centrify Express installed and authentication via ssh and the console is working for Domain Users.  I am trying to get AD Samba auth working and have installed adbindproxy-5.3.0. When I run  adbindproxy.pl but I get an error  Get Domain SID failed. Please try again with authentication and a valid DC.

 

OS: centos 7

 

adinfo (CentrifyDC 5.3.1-398)

 

adbindproxy.pl (CentrifyDC-adbindproxy 5.3.0-504)

 

adinfo -T
Domain Diagnostics:
Domain: ou.ad3.ucdavis.edu
DNS query for: _ldap._tcp.ou.ad3.ucdavis.edu
DNS query for: _gc._tcp.ou.ad3.ucdavis.edu
Testing Active Directory connectivity:
Domain Controller: xxxxx.ou.ad3.ucdavis.edu
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good
Domain Controller: xxxxx.ou.ad3.ucdavis.edu
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good
Domain Controller: xxxxxx.ou.ad3.ucdavis.edu
ldap: 389/tcp - good
ldap: 389/udp - timeout
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good

 

Full output of proccess

Please specify Samba's path if it is not in [/usr/] :
Using (/usr/)
The Samba base path is : /usr/
Joined to Domain: ou.ad3.ucdavis.edu
Zone: Auto Zone
Do you want to leave and join to another domain? [N] :
Using (N)
Remove Winbind settings (if any) from /etc/nsswitch.conf.
No Winbind settings found.
Removing old state files...
Please specify the stock samba winbindd listen path(dir) if it is not in [/run/samba/winbindd] :
Using (/run/samba/winbindd)
Updating smb.conf with Centrify recommended settings...
Connection failed: NT_STATUS_NOT_SUPPORTED

Get Domain SID failed. Please try again with authentication and a valid DC.

Enter the Active Directory authorized user [Administrator] : xxxxxxxx
Using (admin-cns)
Enter a valid domain controller [xxxxx.ou.ad3.ucdavis.edu] :
Using (xxxxxx.ou.ad3.ucdavis.edu)

Get Domain SID failed. Please try again with authentication and a valid DC.

Enter the Active Directory authorized user [admin-cns] :

Centrify Contributor II
Posts: 15
Registered: ‎07-21-2015
#2 of 6 2,771

Re: adbindproxy.pl Get Domain SID failed. Please try again with authentication and a valid DC

Hi Norton,

 

which version of samba are you running? Is it the package in the CentOS 7 repository?

 

Do you have read-only domain controllers in the environment? What's the forest/domain functional level of ou.ad3.ucdavis.edu?

 

Centrify Advisor I
Posts: 42
Registered: ‎10-22-2012
#3 of 6 2,762

Re: adbindproxy.pl Get Domain SID failed. Please try again with authentication and a valid DC

Hello Norton,

 

Thank you for posting to our forum!

 

In addition to the additional details on your setup previously asked ( which would still be helpful)  You may be running into the following issue:

 

Cause:

When the command `/opt/centrify/samba/bin/net rpc getsid -S domaincontroller -U administrator` is run in the adbindproxy.pl script, it does not prompt for the password of the administrator user if it is unable to resolve the command without a password.

 

Workaround:

 

Download the patched adbindproxy.pl script attached to this post.

Replace the current adbindproxy.pl script with the patched version. (The location of the adbindproxy.pl script is in /usr/share/centrifydc/bin/)
Rerun the adbindproxy.pl script.

 

Resolution:

This issue will be fixed in the next release of adbindproxy (CentrifyDC-adbindproxy-5.3.0-509 and newer)

 

Thank you,

Jeff-W

Contributor I
Posts: 11
Registered: ‎02-19-2016
#4 of 6 2,731

Re: adbindproxy.pl Get Domain SID failed. Please try again with authentication and a valid DC

The updated adbindproxy.pl completed succesfully so I'll try finish off the rest of the samba share settings today. Thanks

Contributor I
Posts: 11
Registered: ‎02-19-2016
#5 of 6 2,647

Re: c Get Domain SID failed. Please try again with authentication and a valid DC

Is there a patched version of adbindproxy.pl for Ubuntu 16?

Participant II
Posts: 2
Registered: ‎10-13-2016
#6 of 6 1,817

Re: c Get Domain SID failed. Please try again with authentication and a valid DC

Glad I found this but unfortunatily the file as given doesn't work on Debian.

I was able to patch the deb version of adbindproxy.pl with the additional line to ask for a password.

It worked and I got Samba set up.

I include the file here to cover the deb side of the issue.