[Samba] Problem to join Win20900 ADS realm
JAP
javier.debian.bb.ar at gmail.com
Mon Sep 7 12:14:49 MDT 2009
Javier Argentina escribió:
Please, I need some help.
Don't ignore me.
> 2009/9/2, JAP <javier.debian.bb.ar at gmail.com>:
>> Dear samba team:
>>
>> I've some troubles to join a GNU/Linux Debian “squeeze” machine to a
>> Windows 2000 ADS realm. I've studied everything about samba, but this
>> problem cause that I cant print in the Windows servers and I've other
>> problems.
>> I've joined machines in this domain before ( I made a recipe at
>> http://wiki.debian.org/SAMBAclienteWindows)
>> But in the last days, I've a problem with the disk, and was necessary to
>> set up all the system again.
>> And it's impossible to me join the domain!
>> I'd tracked everything in the web about this problem, but I did not find
>> the solution.
>> Attaches all the information about the net / samba configuration and the
>> errors.
>>
>> Please, if you can help me.
>>
>> Javier
>>
>> -------------------------------------------------------------------------
>>
>> My host: station91
>> My user: win-user5
>> My password: win-pass
>> My domain: company
>> My realm: local.company
>> My KDC administrative server: serverpdc1
>> My KDC secondary server: serverbdc7
>>
>> -------------------------------------------------------------------------
>>
>>
>> # /etc/network/interfaces
>> #
>> # This file describes the network interfaces available on your system
>> # and how to activate them. For more information, see interfaces(5).
>>
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>>
>> # LOCAL
>> allow-hotplug eth0
>> auto eth0
>> iface eth0 inet dhcp
>> post-up route del default gw 10.111.1.254
>> post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0
>> post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
>> post-up net time set -S serverpdc1
>>
>> -------------------------------------------------------------------------
>>
>> # /etc/krb5.conf
>>
>> [libdefaults]
>> default_realm = LOCAL.COMPANY
>>
>> # The following krb5.conf variables are only for MIT Kerberos.
>> krb4_config = /etc/krb.conf
>> krb4_realms = /etc/krb.realms
>> kdc_timesync = 1
>> ccache_type = 4
>> forwardable = true
>> proxiable = true
>>
>> [realms]
>> LOCAL.COMPANY = {
>> kdc = serverbdc7
>> kdc = serverpdc1
>> kdc = serverbdc2
>> kdc = serverbdc5
>> admin_server = serverpdc1
>> }
>>
>> [domain_realm]
>> .local.company = LOCAL.COMPANY
>> local.company = LOCAL.COMPANY
>>
>> [login]
>> krb4_convert = true
>> krb4_get_tickets = false
>>
>> -------------------------------------------------------------------------
>>
>>
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages installed, try:
>> # `info libc "Name Service Switch"' for information about this file.
>>
>> passwd: files winbind ldap
>> group: files winbind ldap
>> shadow: files
>>
>> hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4
>> networks: files
>>
>> protocols: db files
>> services: db files
>> ethers: db files
>> rpc: db files
>>
>> netgroup: nis
>>
>> -------------------------------------------------------------------------
>>
>>
>> # /etc/samba/smb.conf
>> # Samba config file created using SWAT
>> # from UNKNOWN (��t)
>> # Date: 2009/09/02 08:30:38
>>
>> [global]
>> ldap ssl ads = Yes
>> idmap gid = 10000-20000
>> passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> obey pam restrictions = Yes
>> browse list = No
>> dns proxy = No
>> idmap uid = 10000-20000
>> local master = No
>> workgroup = COMPANY
>> os level = 0
>> winbind refresh tickets = Yes
>> update encrypted = Yes
>> printcap name = cups
>> security = ADS
>> winbind separator = +
>> max log size = 1000
>> lanman auth = Yes
>> log file = /var/log/samba/log.%m
>> include = /etc/samba/dhcp.conf
>> wins server = eth0:10.111.1.201
>> auth methods = winbind, krb5, ldap, guest, sam
>> interfaces = eth0
>> username map = /etc/samba/smbusers
>> domain master = No
>> winbind trusted domains only = yes
>> realm = LOCAL.COMPANY
>> winbind use default domain = Yes
>> server string = %h - Jefe Almacenaje (13-6922)
>> password server = serverbdc7, serverpdc1, *
>> unix password sync = Yes
>> template homedir = /home/%U
>> syslog = 0
>> panic action = /usr/share/samba/panic-action %d
>> pam password change = Yes
>>
>> [homes]
>> comment = Home Directories
>> valid users = %S
>> create mask = 0700
>> directory mask = 0700
>> browseable = No
>>
>> [printers]
>> comment = All Printers
>> path = /var/spool/samba
>> create mask = 0700
>> printable = Yes
>> browseable = No
>>
>> [print$]
>> comment = Printer Drivers
>> path = /var/lib/samba/printers
>> [homes]
>> comment = Home Directories
>> valid users = %S
>> create mask = 0700
>> directory mask = 0700
>> browseable = No
>>
>> -------------------------------------------------------------------------
>>
>>
>>
>> station91:~# wbinfo -m --verbose
>> Domain Name DNS Domain Trust Type Transitive In Out
>> BUILTIN None Yes Yes Yes
>> IBPBW91 None Yes Yes Yes
>> COMPANY LOCAL.COMPANY None Yes Yes Yes
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# wbinfo -u –verbose
>> (do nothing!!)
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# wbinfo -g --verbose
>> BUILTIN+administrators
>> BUILTIN+users
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# wbinfo -u --verbose -K win-user5%win-pass
>> plaintext kerberos password authentication for [win-user5%win-pass]
>> failed (requesting cctype: FILE)
>> error code was NT_STATUS_LOGON_FAILURE (0xc000006d)
>> error messsage was: Logon failure
>> Could not authenticate user [win-user5%win-pass] with Kerberos (ccache:
>> FILE)
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# kinit win-user5
>> Password for win-user5 at LOCAL.COMPANY:
>>
>> station91:~# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: win-user5 at LOCAL.COMPANY
>> Valid starting Expires Service principal
>> 09/02/09 10:07:00 09/02/09 20:07:17 krbtgt/LOCAL.COMPANY at LOCAL.COMPANY
>> renew until 09/03/09 10:07:00
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# net rpc oldjoin -U win-user5%win-pass -S serverpdc1 -d 3
>>
>> [2009/09/02 10:36:21, 3] param/loadparm.c:lp_load_ex(8818)
>>
>> lp_load_ex: refreshing parameters
>>
>> [2009/09/02 10:36:21, 3] param/loadparm.c:init_globals(4653)
>>
>> Initialising global parameters
>>
>> [2009/09/02 10:36:21, 3] param/params.c:pm_process(569)
>>
>> params.c:pm_process() - Processing configuration file
>> "/etc/samba/smb.conf"
>> [2009/09/02 10:36:21, 3] param/loadparm.c:do_section(7481)
>>
>> Processing section "[global]"
>>
>> [2009/09/02 10:36:21, 3] param/params.c:pm_process(569)
>>
>> params.c:pm_process() - Processing configuration file
>> "/etc/samba/dhcp.conf"
>> [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340)
>>
>> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>
>>
>> [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340)
>> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
>> netmask=255.255.255.0
>> [2009/09/02 10:36:21, 3] libsmb/cliconnect.c:cli_start_connection(1649)
>> Connecting to host=serverpdc1
>> [2009/09/02 10:36:21, 3] lib/util_sock.c:open_socket_out(1400)
>> Connecting to 10.1.0.231 at port 445
>> [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>> rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
>> request returned ok.
>> [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>> rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
>> request returned ok.
>> [2009/09/02 10:36:21, 3]
>> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
>> rpccli_netlogon_set_trust_password: unable to setup creds
>> (NT_STATUS_ACCESS_DENIED)!
>> [2009/09/02 10:36:21, 1] utils/net_rpc.c:run_rpc_command(193)
>> rpc command function failed! (NT_STATUS_ACCESS_DENIED)
>> Failed to join domain
>> [2009/09/02 10:36:21, 2] utils/net.c:main(770)
>> return code = -1
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# net ads join -U win-user5%win-pass -S serverpdc1 -d 3
>>
>> [2009/09/02 10:38:12, 3] param/loadparm.c:lp_load_ex(8818)
>>
>> lp_load_ex: refreshing parameters
>>
>> [2009/09/02 10:38:12, 3] param/loadparm.c:init_globals(4653)
>>
>> Initialising global parameters
>>
>> [2009/09/02 10:38:12, 3] param/params.c:pm_process(569)
>>
>> params.c:pm_process() - Processing configuration file
>> "/etc/samba/smb.conf"
>> [2009/09/02 10:38:12, 3] param/loadparm.c:do_section(7481)
>>
>> Processing section "[global]"
>>
>> [2009/09/02 10:38:12, 3] param/params.c:pm_process(569)
>>
>> params.c:pm_process() - Processing configuration file
>> "/etc/samba/dhcp.conf"
>> [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340)
>>
>> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>
>>
>> [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340)
>>
>> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
>> netmask=255.255.255.0
>> [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1871)
>>
>> libnet_Join:
>>
>> libnet_JoinCtx: struct libnet_JoinCtx
>>
>> in: struct libnet_JoinCtx
>>
>> dc_name : 'serverpdc1'
>>
>> machine_name : 'IBPBW91'
>>
>> domain_name : *
>>
>> domain_name : 'LOCAL.COMPANY'
>>
>> account_ou : NULL
>>
>> admin_account : 'win-user5'
>>
>> admin_password : *
>>
>> machine_password : NULL
>>
>> join_flags : 0x00000023 (35)
>>
>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>>
>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>>
>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>>
>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>>
>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>>
>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>>
>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>>
>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>>
>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>>
>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>>
>> os_version : NULL
>>
>> os_name : NULL
>>
>> create_upn : 0x00 (0)
>>
>> upn : NULL
>>
>> modify_config : 0x00 (0)
>>
>> ads : NULL
>>
>> debug : 0x01 (1)
>>
>> use_kerberos : 0x00 (0)
>>
>> secure_channel_type : SEC_CHAN_WKSTA (2)
>>
>> [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_start_connection(1649)
>>
>> Connecting to host=serverpdc1
>>
>> [2009/09/02 10:38:12, 3] lib/util_sock.c:open_socket_out(1400)
>>
>> Connecting to 10.1.0.231 at port 445
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(823)
>>
>> Doing spnego session setup (blob length=108)
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 2 840 48018 1 2 2
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 2 840 113554 1 2 2
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 2 840 113554 1 2 2 3
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 3 6 1 4 1 311 2 2 10
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(858)
>>
>> got principal=serverpdc1$@LOCAL.COMPANY
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
>>
>> Got challenge flags:
>>
>> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>> Got NTLMSSP neg_flags=0x62898215
>>
>> [2009/09/02 10:38:12, 3]
>> libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
>>
>> NTLMSSP: Set final flags:
>>
>> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>> Got NTLMSSP neg_flags=0x60088215
>>
>> [2009/09/02 10:38:12, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
>>
>> NTLMSSP Sign/Seal - Initialising with flags:
>>
>> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>> Got NTLMSSP neg_flags=0x60088215
>>
>> [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_session_setup(1055)
>>
>> SPNEGO login failed: Logon failure
>>
>> [2009/09/02 10:38:12, 1] libsmb/cliconnect.c:cli_full_connection(1754)
>>
>> failed session setup with NT_STATUS_LOGON_FAILURE
>>
>> [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1902)
>>
>> libnet_Join:
>>
>> libnet_JoinCtx: struct libnet_JoinCtx
>> out: struct libnet_JoinCtx
>> account_name : NULL
>> netbios_domain_name : NULL
>> dns_domain_name : NULL
>> forest_name : NULL
>> dn : NULL
>> domain_sid : NULL
>> domain_sid : (NULL SID)
>> modified_config : 0x00 (0)
>> error_string : 'failed to lookup DC info for
>> domain 'LOCAL.COMPANY' over rpc: Logon failure'
>> domain_is_ad : 0x00 (0)
>> result : WERR_LOGON_FAILURE
>> Failed to join domain: failed to lookup DC info for domain
>> 'LOCAL.COMPANY' over rpc: Logon failure
>> [2009/09/02 10:38:12, 2] utils/net.c:main(770)
>> return code = -1
>>
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# net rpc join -U win-user5%win-pass -S serverpdc1 -d 3
>> [2009/09/02 10:40:30, 3] param/loadparm.c:lp_load_ex(8818)
>> lp_load_ex: refreshing parameters
>> [2009/09/02 10:40:30, 3] param/loadparm.c:init_globals(4653)
>> Initialising global parameters
>> [2009/09/02 10:40:30, 3] param/params.c:pm_process(569)
>> params.c:pm_process() - Processing configuration file
>> "/etc/samba/smb.conf"
>> [2009/09/02 10:40:30, 3] param/loadparm.c:do_section(7481)
>>
>> Processing section "[global]"
>>
>> [2009/09/02 10:40:30, 3] param/params.c:pm_process(569)
>>
>> params.c:pm_process() - Processing configuration file
>> "/etc/samba/dhcp.conf"
>> [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340)
>>
>> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>
>>
>> [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340)
>>
>> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
>> netmask=255.255.255.0
>> [2009/09/02 10:40:30, 3] libsmb/cliconnect.c:cli_start_connection(1649)
>>
>> Connecting to host=serverpdc1
>>
>> [2009/09/02 10:40:30, 3] lib/util_sock.c:open_socket_out(1400)
>>
>> Connecting to 10.1.0.231 at port 445
>>
>> [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>>
>> rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
>> request returned ok.
>> [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>>
>> rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
>> request returned ok.
>> [2009/09/02 10:40:31, 3]
>> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
>>
>> rpccli_netlogon_set_trust_password: unable to setup creds
>> (NT_STATUS_ACCESS_DENIED)!
>> [2009/09/02 10:40:31, 1] utils/net_rpc.c:run_rpc_command(193)
>>
>> rpc command function failed! (NT_STATUS_ACCESS_DENIED)
>>
>> [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_start_connection(1649)
>>
>> Connecting to host=serverpdc1
>>
>> [2009/09/02 10:40:31, 3] lib/util_sock.c:open_socket_out(1400)
>>
>> Connecting to 10.1.0.231 at port 445
>>
>> [2009/09/02 10:40:31, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(823)
>>
>> Doing spnego session setup (blob length=108)
>>
>> [2009/09/02 10:40:31, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 2 840 48018 1 2 2
>>
>> [2009/09/02 10:40:31, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 2 840 113554 1 2 2
>>
>> [2009/09/02 10:40:31, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 2 840 113554 1 2 2 3
>>
>> [2009/09/02 10:40:31, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>> got OID=1 3 6 1 4 1 311 2 2 10
>>
>> [2009/09/02 10:40:31, 3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(858)
>>
>> got principal=serverpdc1$@LOCAL.COMPANY
>>
>> [2009/09/02 10:40:31, 3]
>> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
>>
>> Got challenge flags:
>>
>> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>> Got NTLMSSP neg_flags=0x62898215
>>
>> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
>> NTLMSSP: Set final flags:
>> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>> Got NTLMSSP neg_flags=0x60088215
>> [2009/09/02 10:40:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
>> NTLMSSP Sign/Seal - Initialising with flags:
>> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>> Got NTLMSSP neg_flags=0x60088215
>> [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_session_setup(1055)
>> SPNEGO login failed: Logon failure
>> [2009/09/02 10:40:31, 1] libsmb/cliconnect.c:cli_full_connection(1754)
>> failed session setup with NT_STATUS_LOGON_FAILURE
>> Could not connect to server serverpdc1
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>> [2009/09/02 10:40:31, 2] utils/net.c:main(770)
>> return code = 1
>>
>>
>
More information about the samba
mailing list