[Samba] Joining Domain
Andre Kruger
Andre.Kruger at TRW.COM
Wed Aug 27 08:52:27 MDT 2014
UPDATE:
I got the samba server to join my domain using
net rpc join -U krugersa
instead of
net ads join -U krugersa
The new problem I have now is similar to my previous problem. First things first. I started winbindd interactively, ""winbindd -I". I can then list all of our domains using "wbinfo --all-domains". The command returns results as expected.
Next I can check the secret between my samba server and AD using "wbindo -t". I get expected results:
"checking the trust secret for domain DOMAIN via RPC calls succeeded".
However, when I try and list either AD users or groups using "wbinfo -u" or "wibinfo -g", immediately after issuing the command I get the following on the winbinnd interactive window:
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED <----- This is the same error message as before when I was trying to join my domain using "net ads join..."
kerberos_kinit_password SAMBATEST$@AD.DOMAIN.COM failed: Clock skew too great <----- I have no idea where this is coming from. The clocks on my samba server and my DC are exactly the same. And SAMBATEST??
===============================================================
INTERNAL ERROR: Signal 11 in pid 1167 (4.1.11)
Please read the Trouble-Shooting section of the Samba HOWTO
===============================================================
PANIC (pid 1167): internal error
BACKTRACE: 37 stack frames:
#0 /usr/local/samba/lib/libsmbconf.so.0'log_stack_trace+0x27 [0xfea32d1c]
#1 /usr/local/samba/lib/libsmbconf.so.0'smb_panic_s3+0x63 [0xfea32bc0]
#2 /usr/local/samba/lib/libsamba-util.so.0.0.1'smb_panic+0x2a [0xfedba2fa]
#3 /usr/local/samba/lib/libsamba-util.so.0.0.1'sig_fault+0x0 [0xfedba05a]
#4 /usr/local/samba/lib/libsamba-util.so.0.0.1'sig_fault+0x11 [0xfedba06b]
#5 /lib/libc.so.1'__sighndlr+0x15 [0xfeeefc25]
#6 /lib/libc.so.1'call_user_handler+0x2a2 [0xfeee298e]
#7 /lib/libnsl.so.1'inet_pton4+0x1c [0xfeb03c3c]
#8 /lib/libnsl.so.1'inet_pton+0x29 [0xfeb03bed]
#9 /usr/local/samba/lib/libsamba-util.so.0.0.1'is_ipaddress_v4+0x2b [0xfedb5cf1]
#10 /usr/local/samba/lib/libsamba-util.so.0.0.1'is_ipaddress+0x22 [0xfedb5e27]
#11 /usr/local/samba/lib/private/libgse.so'internal_resolve_name+0x9d [0xfeabb4ed]
#12 /usr/local/samba/lib/private/libgse.so'get_dc_list+0x333 [0xfeabc8c2]
#13 /usr/local/samba/lib/private/libgse.so'get_sorted_dc_list+0xba [0xfeabcffe]
#14 /usr/local/samba/sbin/winbindd'get_dcs+0x1b2 [0x809a4c3]
#15 /usr/local/samba/sbin/winbindd'find_new_dc+0x59 [0x809a809]
#16 /usr/local/samba/sbin/winbindd'cm_open_connection+0x3d5 [0x809b19a]
#17 /usr/local/samba/sbin/winbindd'init_dc_connection_network+0x90 [0x809b799]
#18 /usr/local/samba/sbin/winbindd'init_dc_connection+0x51 [0x809b819]
#19 /usr/local/samba/sbin/winbindd'get_cache+0x99 [0x8084209]
#20 /usr/local/samba/sbin/winbindd'enum_dom_groups+0x20 [0x8087e0c]
#21 /usr/local/samba/sbin/winbindd'_wbint_QueryGroupList+0x67 [0x80ae7c8]
#22 /usr/local/samba/sbin/winbindd'api_wbint_QueryGroupList+0x196 [0x80ce945]
#23 /usr/local/samba/sbin/winbindd'winbindd_dual_ndrcmd+0x15e [0x80ada27]
#24 /usr/local/samba/sbin/winbindd'child_process_request+0xd0 [0x80aa143]
#25 /usr/local/samba/sbin/winbindd'child_handler+0xea [0x80ac590]
#26 /usr/local/samba/lib/private/libtevent.so.0.9.18'poll_event_loop_poll+0x55b [0xfed7789a]
#27 /usr/local/samba/lib/private/libtevent.so.0.9.18'poll_event_loop_once+0x98 [0xfed77ac0]
#28 /usr/local/samba/lib/private/libtevent.so.0.9.18'_tevent_loop_once+0xc9 [0xfed74178]
#29 /usr/local/samba/sbin/winbindd'fork_domain_child+0x8c3 [0x80acfe0]
#30 /usr/local/samba/sbin/winbindd'wb_child_request_trigger+0x55 [0x80a92a0]
#31 /usr/local/samba/lib/private/libtevent.so.0.9.18'tevent_queue_immediate_trigger+0x6b [0xfed75007]
#32 /usr/local/samba/lib/private/libtevent.so.0.9.18'tevent_common_loop_immediate+0x18b [0xfed74cea]
#33 /usr/local/samba/lib/private/libtevent.so.0.9.18'poll_event_loop_once+0x4b [0xfed77a73]
#34 /usr/local/samba/lib/private/libtevent.so.0.9.18'_tevent_loop_once+0xc9 [0xfed74178]
#35 /usr/local/samba/sbin/winbindd'main+0xac5 [0x8080dc1]
#36 /usr/local/samba/sbin/winbindd'_start+0x83 [0x8074053]
dumping core in /var/samba/log/cores/winbindd
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
tdb_chainlock_with_timeout_internal: alarm (40) timed out for key DC1.ad.domain.com in tdb /usr/local/samba/var/lock/mutex.tdb
tdb_chainlock_with_timeout_internal: alarm (40) timed out for key DC1.ad.domain.com in tdb /usr/local/samba/var/lock/mutex.tdb
cm_prepare_connection: mutex grab failed for DC1.ad.domain.com
cm_prepare_connection: mutex grab failed for DC1.ad.domain.com
tdb_chainlock_with_timeout_internal: alarm (40) timed out for key DC1.ad.domain.com in tdb /usr/local/samba/var/lock/mutex.tdb
cm_prepare_connection: mutex grab failed for DC1.ad.domain.com
ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED
kinit succeeded but ads_sasl_spnego_krb5_bind failed: NT_STATUS_NOT_SUPPORTED
When I stop winbindd interactive I get the following output:
Kinit failed: Clock skew too great
^CGot sig[2] terminate (is_parent=1)
Got sig[2] terminate (is_parent=0)
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Got sig[2] terminate (is_parent=0)
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
ld.so.1: winbindd: fatal: relocation error: file winbindd: symbol idmap_close: referenced symbol not found
Killed
My smb.conf
[global]
workgroup = DOMAIN
realm = AD.DOMAIN.COM
server string = Samba
security = ADS
log file = /var/samba/log/log.%m
max log size = 50000
client ldap sasl wrapping = sign
load printers = No
local master = No
domain master = No
dns proxy = No
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
winbind nss info = rfc2307
idmap config *:range = 70001-800000
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 500-40000
idmap config * : backend = tdb
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Andre Kruger
Sent: 27 August 2014 13:18
To: samba at lists.samba.org
Subject: Re: [Samba] Joining Domain
I made the change that you suggest but I still get the exact same error message. Just to clarify:
1. I added " idmap config DOMAIN : schema_mode = rfc2307"
1. Yes, the krugersa account has the rights required. I join other machines to my domain using this account. Administrator isn't used.
2. idmap config DOMAIN : backend = ad/rid <- I assume this does not impact joining the domain? It is used after the domain has been joined successfully.
The is my global section as it is now:
[global]
workgroup = DOMAIN
realm = AD.DOMAIN.COM
server string = Samba
security = ADS
log file = /var/samba/log/log.%m
max log size = 50000
client ldap sasl wrapping = sign
load printers = No
local master = No
domain master = No
dns proxy = No
winbind separator = +
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
idmap config DOMAIN : range = 20000-800000
idmap config DOMAIN : backend = ad
idmap config DOMAIN : schema_mode = rfc2307
idmap config * : backend = tdb <- I don't get this line, it is not in my smb.conf file but when I parse the file with testparm it is in the output. Why?
-----Original Message-----
From: samba-bounces at lists.samba.org [mailto:samba-bounces at lists.samba.org] On Behalf Of Rowland Penny
Sent: 27 August 2014 11:31
To: samba at lists.samba.org
Subject: Re: [Samba] Joining Domain
On 27/08/14 10:21, Andre Kruger wrote:
> I have successfully compiled and installed Samba 4.1.11 from source on OpenIndiana 151a8.
>
> I tested the server by creating a folder and adding a local samba user (smbpasswd -a) and mapping a drive from my Windows machine which successded. I was able to access the test file in the folder as well as edit and save it.
>
> Now I am trying to join my samba server to my domain but it is failing and the error messages are not helping much and google's responses aren't really helping.
>
> Can anybody on the list help? When I try and join the domain I get the following error message:
>
> ./net ads join -U krugersa
> Enter krugersa's password:
Does 'krugersa' have the required permissions to join to the domain ?
have you tried with 'Administrator' ?
> ads_setup_sasl_wrapping() failed: NT_STATUS_NOT_SUPPORTED kinit
> succeeded but ads_sasl_spnego_krb5_bind failed:
> NT_STATUS_NOT_SUPPORTED Failed to join domain: failed to connect to
> AD: NT_STATUS_NOT_SUPPORTED
>
>
> What causes samba to output this particular error message? "NT_STATUS_NOT_SUPPORTED" is very general...
>
> A copy of my smb.conf file:
>
> [global]
> workgroup = DOMAIN
> realm = AD.DOMAIN.COM
> server string = Samba
> security = ADS
> log file = /var/samba/log/log.%m
> max log size = 50000
> client ldap sasl wrapping = sign
> load printers = No
> local master = No
> domain master = No
> dns proxy = No
> winbind separator = +
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> idmap config * : range = 20000-800000
> idmap config * : backend = tdb
You appear to have a portion missing:
idmap config DOMAIN : backend = ad
idmap config DOMAIN : range = 10000-999999
idmap config DOMAIN : schema_mode = rfc2307
Adjust the range to suit your setup, if your AD users do not have uidNumber's change 'ad' to 'rid'
Rowland
>
> [homes]
> comment = Home Directories
> read only = No
> browseable = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> printable = Yes
> print ok = Yes
> browseable = No
>
> [testperm]
> path = /testperm
> valid users = @DOMAIN+Admins
> read only = No
> create mask = 0770
> directory mask = 0770
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list