[Samba] Problem to join Win20900 ADS realm
JAP
javier.debian.bb.ar at gmail.com
Wed Sep 2 08:20:03 MDT 2009
Dear samba team:
I've some troubles to join a GNU/Linux Debian “squeeze” machine to a
Windows 2000 ADS realm. I've studied everything about samba, but this
problem cause that I cant print in the Windows servers and I've other
problems.
I've joined machines in this domain before ( I made a recipe at
http://wiki.debian.org/SAMBAclienteWindows)
But in the last days, I've a problem with the disk, and was necessary to
set up all the system again.
And it's impossible to me join the domain!
I'd tracked everything in the web about this problem, but I did not find
the solution.
Attaches all the information about the net / samba configuration and the
errors.
Please, if you can help me.
Javier
-------------------------------------------------------------------------
My host: station91
My user: win-user5
My password: win-pass
My domain: company
My realm: local.company
My KDC administrative server: serverpdc1
My KDC secondary server: serverbdc7
-------------------------------------------------------------------------
# /etc/network/interfaces
#
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# LOCAL
allow-hotplug eth0
auto eth0
iface eth0 inet dhcp
post-up route del default gw 10.111.1.254
post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0
post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
post-up net time set -S serverpdc1
-------------------------------------------------------------------------
# /etc/krb5.conf
[libdefaults]
default_realm = LOCAL.COMPANY
# The following krb5.conf variables are only for MIT Kerberos.
krb4_config = /etc/krb.conf
krb4_realms = /etc/krb.realms
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
LOCAL.COMPANY = {
kdc = serverbdc7
kdc = serverpdc1
kdc = serverbdc2
kdc = serverbdc5
admin_server = serverpdc1
}
[domain_realm]
.local.company = LOCAL.COMPANY
local.company = LOCAL.COMPANY
[login]
krb4_convert = true
krb4_get_tickets = false
-------------------------------------------------------------------------
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc-reference' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: files winbind ldap
group: files winbind ldap
shadow: files
hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
-------------------------------------------------------------------------
# /etc/samba/smb.conf
# Samba config file created using SWAT
# from UNKNOWN (��t)
# Date: 2009/09/02 08:30:38
[global]
ldap ssl ads = Yes
idmap gid = 10000-20000
passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
obey pam restrictions = Yes
browse list = No
dns proxy = No
idmap uid = 10000-20000
local master = No
workgroup = COMPANY
os level = 0
winbind refresh tickets = Yes
update encrypted = Yes
printcap name = cups
security = ADS
winbind separator = +
max log size = 1000
lanman auth = Yes
log file = /var/log/samba/log.%m
include = /etc/samba/dhcp.conf
wins server = eth0:10.111.1.201
auth methods = winbind, krb5, ldap, guest, sam
interfaces = eth0
username map = /etc/samba/smbusers
domain master = No
winbind trusted domains only = yes
realm = LOCAL.COMPANY
winbind use default domain = Yes
server string = %h - Jefe Almacenaje (13-6922)
password server = serverbdc7, serverpdc1, *
unix password sync = Yes
template homedir = /home/%U
syslog = 0
panic action = /usr/share/samba/panic-action %d
pam password change = Yes
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
-------------------------------------------------------------------------
station91:~# wbinfo -m --verbose
Domain Name DNS Domain Trust Type Transitive In Out
BUILTIN None Yes Yes Yes
IBPBW91 None Yes Yes Yes
COMPANY LOCAL.COMPANY None Yes Yes Yes
-------------------------------------------------------------------------
station91:~# wbinfo -u –verbose
(do nothing!!)
-------------------------------------------------------------------------
station91:~# wbinfo -g --verbose
BUILTIN+administrators
BUILTIN+users
-------------------------------------------------------------------------
station91:~# wbinfo -u --verbose -K win-user5%win-pass
plaintext kerberos password authentication for [win-user5%win-pass]
failed (requesting cctype: FILE)
error code was NT_STATUS_LOGON_FAILURE (0xc000006d)
error messsage was: Logon failure
Could not authenticate user [win-user5%win-pass] with Kerberos (ccache:
FILE)
-------------------------------------------------------------------------
station91:~# kinit win-user5
Password for win-user5 at LOCAL.COMPANY:
station91:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: win-user5 at LOCAL.COMPANY
Valid starting Expires Service principal
09/02/09 10:07:00 09/02/09 20:07:17 krbtgt/LOCAL.COMPANY at LOCAL.COMPANY
renew until 09/03/09 10:07:00
-------------------------------------------------------------------------
station91:~# net rpc oldjoin -U win-user5%win-pass -S serverpdc1 -d 3
[2009/09/02 10:36:21, 3] param/loadparm.c:lp_load_ex(8818)
lp_load_ex: refreshing parameters
[2009/09/02 10:36:21, 3] param/loadparm.c:init_globals(4653)
Initialising global parameters
[2009/09/02 10:36:21, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2009/09/02 10:36:21, 3] param/loadparm.c:do_section(7481)
Processing section "[global]"
[2009/09/02 10:36:21, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file
"/etc/samba/dhcp.conf"
[2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
netmask=255.255.255.0
[2009/09/02 10:36:21, 3] libsmb/cliconnect.c:cli_start_connection(1649)
Connecting to host=serverpdc1
[2009/09/02 10:36:21, 3] lib/util_sock.c:open_socket_out(1400)
Connecting to 10.1.0.231 at port 445
[2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
request returned ok.
[2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
request returned ok.
[2009/09/02 10:36:21, 3]
rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
rpccli_netlogon_set_trust_password: unable to setup creds
(NT_STATUS_ACCESS_DENIED)!
[2009/09/02 10:36:21, 1] utils/net_rpc.c:run_rpc_command(193)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Failed to join domain
[2009/09/02 10:36:21, 2] utils/net.c:main(770)
return code = -1
-------------------------------------------------------------------------
station91:~# net ads join -U win-user5%win-pass -S serverpdc1 -d 3
[2009/09/02 10:38:12, 3] param/loadparm.c:lp_load_ex(8818)
lp_load_ex: refreshing parameters
[2009/09/02 10:38:12, 3] param/loadparm.c:init_globals(4653)
Initialising global parameters
[2009/09/02 10:38:12, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2009/09/02 10:38:12, 3] param/loadparm.c:do_section(7481)
Processing section "[global]"
[2009/09/02 10:38:12, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file
"/etc/samba/dhcp.conf"
[2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
netmask=255.255.255.0
[2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1871)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : 'serverpdc1'
machine_name : 'IBPBW91'
domain_name : *
domain_name : 'LOCAL.COMPANY'
account_ou : NULL
admin_account : 'win-user5'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_start_connection(1649)
Connecting to host=serverpdc1
[2009/09/02 10:38:12, 3] lib/util_sock.c:open_socket_out(1400)
Connecting to 10.1.0.231 at port 445
[2009/09/02 10:38:12, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(823)
Doing spnego session setup (blob length=108)
[2009/09/02 10:38:12, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 2 840 48018 1 2 2
[2009/09/02 10:38:12, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 2 840 113554 1 2 2
[2009/09/02 10:38:12, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 2 840 113554 1 2 2 3
[2009/09/02 10:38:12, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 3 6 1 4 1 311 2 2 10
[2009/09/02 10:38:12, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(858)
got principal=serverpdc1$@LOCAL.COMPANY
[2009/09/02 10:38:12, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
Got challenge flags:
[2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x62898215
[2009/09/02 10:38:12, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
NTLMSSP: Set final flags:
[2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2009/09/02 10:38:12, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_session_setup(1055)
SPNEGO login failed: Logon failure
[2009/09/02 10:38:12, 1] libsmb/cliconnect.c:cli_full_connection(1754)
failed session setup with NT_STATUS_LOGON_FAILURE
[2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1902)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for
domain 'LOCAL.COMPANY' over rpc: Logon failure'
domain_is_ad : 0x00 (0)
result : WERR_LOGON_FAILURE
Failed to join domain: failed to lookup DC info for domain
'LOCAL.COMPANY' over rpc: Logon failure
[2009/09/02 10:38:12, 2] utils/net.c:main(770)
return code = -1
-------------------------------------------------------------------------
station91:~# net rpc join -U win-user5%win-pass -S serverpdc1 -d 3
[2009/09/02 10:40:30, 3] param/loadparm.c:lp_load_ex(8818)
lp_load_ex: refreshing parameters
[2009/09/02 10:40:30, 3] param/loadparm.c:init_globals(4653)
Initialising global parameters
[2009/09/02 10:40:30, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2009/09/02 10:40:30, 3] param/loadparm.c:do_section(7481)
Processing section "[global]"
[2009/09/02 10:40:30, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file
"/etc/samba/dhcp.conf"
[2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
netmask=255.255.255.0
[2009/09/02 10:40:30, 3] libsmb/cliconnect.c:cli_start_connection(1649)
Connecting to host=serverpdc1
[2009/09/02 10:40:30, 3] lib/util_sock.c:open_socket_out(1400)
Connecting to 10.1.0.231 at port 445
[2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
request returned ok.
[2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
request returned ok.
[2009/09/02 10:40:31, 3]
rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
rpccli_netlogon_set_trust_password: unable to setup creds
(NT_STATUS_ACCESS_DENIED)!
[2009/09/02 10:40:31, 1] utils/net_rpc.c:run_rpc_command(193)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
[2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_start_connection(1649)
Connecting to host=serverpdc1
[2009/09/02 10:40:31, 3] lib/util_sock.c:open_socket_out(1400)
Connecting to 10.1.0.231 at port 445
[2009/09/02 10:40:31, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(823)
Doing spnego session setup (blob length=108)
[2009/09/02 10:40:31, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 2 840 48018 1 2 2
[2009/09/02 10:40:31, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 2 840 113554 1 2 2
[2009/09/02 10:40:31, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 2 840 113554 1 2 2 3
[2009/09/02 10:40:31, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(850)
got OID=1 3 6 1 4 1 311 2 2 10
[2009/09/02 10:40:31, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(858)
got principal=serverpdc1$@LOCAL.COMPANY
[2009/09/02 10:40:31, 3]
libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
Got challenge flags:
[2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x62898215
[2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
NTLMSSP: Set final flags:
[2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2009/09/02 10:40:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_session_setup(1055)
SPNEGO login failed: Logon failure
[2009/09/02 10:40:31, 1] libsmb/cliconnect.c:cli_full_connection(1754)
failed session setup with NT_STATUS_LOGON_FAILURE
Could not connect to server serverpdc1
The username or password was not correct.
Connection failed: NT_STATUS_LOGON_FAILURE
[2009/09/02 10:40:31, 2] utils/net.c:main(770)
return code = 1
More information about the samba
mailing list