[Samba] Re: join fails samba 3.2 & ADS 2003R2 SP2
Guenther Deschner
gd at samba.org
Tue Nov 4 01:00:07 GMT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Roland Hebertinger wrote:
> Marc-Andre Vallee <Marc-Andre.Vallee <at> complys.com> writes:
>
>> Hi,
>>
>> SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1)
>> When I try to join (net ads join -U Administrator), I get :
>> Failed to join domain: failed to set machine spn: Can't contact LDAP server
>
> Any news on this one? I have the same problem with a slightly different setup.
> I'm using a Samba 3.2.4 running on SLES 10 SP2 and try to join an AD running on
> a Windows 2008.
>
> Here's my output:
>
> # net ads join -U Administrator -d 3
> [2008/11/03 19:35:42, 3] param/loadparm.c:lp_load_ex(8754)
> lp_load_ex: refreshing parameters
> [2008/11/03 19:35:42, 3] param/loadparm.c:init_globals(4597)
> Initialising global parameters
> [2008/11/03 19:35:42, 3] param/params.c:pm_process(569)
> params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
> [2008/11/03 19:35:42, 3] param/loadparm.c:do_section(7417)
> Processing section "[global]"
> [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
> added interface eth0 ip=fe80::214:5eff:fed8:9816%eth0
> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
> [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
> added interface eth1 ip=fe80::214:5eff:fed8:9818%eth1
> bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
> [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
> added interface eth0 ip=192.168.1.28 bcast=192.168.1.255 netmask=255.255.255.0
> [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
> added interface eth0 ip=192.168.1.144 bcast=192.168.1.255 netmask=255.255.255.0
> [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
> added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0
> [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
> added interface eth0 ip=192.168.1.195 bcast=192.168.1.255 netmask=255.255.255.0
> [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
> added interface eth1 ip=10.168.1.195 bcast=10.168.1.255 netmask=255.255.255.0
> Enter Administrator's password:
> [2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1770)
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> in: struct libnet_JoinCtx
> dc_name : NULL
> machine_name : 'SR-HOME-1'
> domain_name : *
> domain_name : 'VERLAG.VN.IDOWA.DE'
> account_ou : NULL
> admin_account : 'Administrator'
> admin_password : *
> machine_password : NULL
> join_flags : 0x00000023 (35)
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> os_version : NULL
> os_name : NULL
> create_upn : 0x00 (0)
> upn : NULL
> modify_config : 0x00 (0)
> ads : NULL
> debug : 0x01 (1)
> secure_channel_type : SEC_CHAN_WKSTA (2)
> [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_start_connection(1632)
> Connecting to host=sr-dc-1.verlag.vn.idowa.de
> [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_lmhosts(1162)
> resolve_lmhosts: Attempting lmhosts lookup for name
> sr-dc-1.verlag.vn.idowa.de<0x20>
> [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1026)
> resolve_wins: Attempting wins lookup for name sr-dc-1.verlag.vn.idowa.de<0x20>
> [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1030)
> resolve_wins: WINS server resolution selected and no WINS servers listed.
> [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_hosts(1244)
> resolve_hosts: Attempting host lookup for name sr-dc-1.verlag.vn.idowa.de<0x20>
> [2008/11/03 19:35:46, 3] lib/util_sock.c:open_socket_out(1331)
> Connecting to 192.168.1.82 at port 445
> [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804)
> Doing spnego session setup (blob length=124)
> [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
> got OID=1 2 840 48018 1 2 2
> [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
> got OID=1 2 840 113554 1 2 2
> [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
> got OID=1 2 840 113554 1 2 2 3
> [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
> got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839)
> got principal=not_defined_in_RFC4178 at please_ignore
> [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
> Got challenge flags:
> [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x62898215
> [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
> NTLMSSP: Set final flags:
> [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x60088215
> [2008/11/03 19:35:46, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
> NTLMSSP Sign/Seal - Initialising with flags:
> [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x60088215
> [2008/11/03 19:35:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
> rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum
> 0x4000 bind request returned ok.
> [2008/11/03 19:35:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
> rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum
> 0x4001 bind request returned ok.
> [2008/11/03 19:35:46, 3] libads/ldap.c:ads_connect(430)
> Successfully contacted LDAP server 192.168.1.82
> [2008/11/03 19:35:46, 3] libads/ldap.c:ads_connect(480)
> Connected to LDAP server sr-dc-1.verlag.vn.idowa.de
> [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
> ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
> [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
> [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
> ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
> [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
> ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
> [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(789)
> ads_sasl_spnego_bind: got server principal name =
> not_defined_in_RFC4178 at please_ignore
> [2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_krb5_mk_req(671)
> ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
> [2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 04
> Nov 2008 05:35:33 CET
> [2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_krb5_mk_req(713)
> ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
> [2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1801)
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : 'VERLAG'
> dns_domain_name : 'verlag.vn.idowa.de'
> dn : NULL
> domain_sid : *
> domain_sid :
> S-1-5-21-1576172290-2542936531-3051237126
> modified_config : 0x00 (0)
> error_string : 'failed to set machine spn: Can't
> contact LDAP server'
> domain_is_ad : 0x01 (1)
> result : WERR_GENERAL_FAILURE
> Failed to join domain: failed to set machine spn: Can't contact LDAP server
> [2008/11/03 19:35:46, 2] utils/net.c:main(1172)
> return code = -1
Can you please open a bug on this and upload a log level 10 "net ads
join" output file ?
Thanks,
Guenther
- --
Günther Deschner GPG-ID: 8EE11688
Red Hat gdeschner at redhat.com
Samba Team gd at samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkkPnpcACgkQSOk3aI7hFogGSwCfa6UAai49lB43Xy1R3/IAD0sw
8m8Ani3AWKs1WiZTrob4TGrKmakIK//7
=DkE6
-----END PGP SIGNATURE-----
More information about the samba
mailing list