11 April,19 at 11:50 AM
Centrify abindproxy.pl script cannot complete successfully after disabled SMBv1. Because disabling SMBv1 breaks all the 'net npc getsid' that Centrify use in adbindproxy.pl
You will get the following error message after trying to execute adbindproxy.pl.
Updating smb.conf with Centrify recommended settings... Connection failed: NT_STATUS_CONNECTION_RESET Get Domain SID failed. Please try again with authentication and a valid DC.
Here are the instructions for how to manually get the domain SID when the adbindproxy.pl script does not prompt for the password of the administrator user if it is unable to resolve without a password.
adinfo -y domain (to get domain map info) net setdomainsid net getdomainsid (to verify if the domainsid was set correctly)
Make sure tdb-tools is enabled if not please run yam install tdb-tools to have it enabled. After it’s being enabled, please run the following command.
tdbdump /var/lib/samba/private/secrets.tdb
It will generate the file and shows as the following output: (Should be able to see a pair SID one from Domain and one from Host)
{ key(17) = "SECRETS/SID/OCEAN" data(68) = "\01\04\00\00\00\00\00\05\15\00\00\00{\E2-C\18!\F3\BEP\E8\84\A8\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00" } { key(17) = "SECRETS/SID/RHELH" data(68) = "\01\04\00\00\00\00\00\05\15\00\00\00\DE\11\BD\BE\99V\E6\B9\E7\FD\03\A5\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00\00" } { key(38) = "SECRETS/MACHINE_SEC_CHANNEL_TYPE/OCEAN" data(4) = "\02\00\00\00" } { key(38) = "SECRETS/MACHINE_LAST_CHANGE_TIME/OCEAN" data(8) = "\B5\A2VY\EB\7F\00\00" } { key(30) = "SECRETS/MACHINE_PASSWORD/OCEAN" data(20) = "*c|>6v@_&&5)Lu8m;#F\00"