-
Bug
-
Resolution: Done
-
Undefined
-
None
-
rhel-8.10
-
None
-
Yes
-
Low
-
rhel-idm-sssd
-
1
-
False
-
False
-
-
None
-
None
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
A RHEL8.10 host was joined to AD using realm/adcli. When running 'adcli update --add-samba-data' to enable Samba file sharing services, the following error was encountered.
root@myhost:: adcli update -vvv --computer-password-lifetime=0 --add-samba-data -C
...
- Added host/MYHOST
- Trying to set domain SID S-1-5-21-782047463-1231234123-3707497601 for Samba.
- Trying to set Samba secret.
secrets_prepare_password_change: secrets_fetch_or_upgrade_domain_info(ADDOMAIN) failed
Unable to write the machine account password in the secrets database ! net command failed with 1.- Cleared old entries from keytab: FILE:/etc/krb5.keytab
...
Running `adcli update --add-samba-data` is the recommended way to enable Samba file sharing according to the KCS How to configure SAMBA server with SSSD in RHEL when system is already joined to AD domain using 'adcli'
What is the impact of this issue to you?
Samba file sharing cannot be enabled on hosts that are joined to AD with realm/adcli.
Please provide the package NVR for which the bug is seen:
adcli-0.9.2-1.el8.x86_64
samba-4.19.4-9.el8_10.x86_64
samba-winbind-4.19.4-9.el8_10.x86_64
How reproducible is this bug?:
Always on initial update of Samba data (secrets.tdb)
Steps to reproduce
- Join AD domain with realm/adcli
- Run 'adcli update --add-samba-data'
Expected results
Data should be added to `/var/lib/samba/private/secrets.tdb`
Actual results
Update of `secrets.tdb` fails