[Samba] Member Join dnsupdate problem
Epsilon Minus
theepsilonminus at gmail.com
Fri Dec 23 15:44:34 UTC 2022
Hello.
I have a problem when trying to add a samba as a member. I get the
samba authentication to work fine, but I can't get it to update the
dns records correctly.
root at fs06:~# samba-tool domain join EXAMPLE.COM.AR MEMBER
-Uadministrator --server=DC05 -v
Password for [EXAMPLE\administrator]:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : 'DC05'
machine_name : 'FS06'
domain_name : *
domain_name : 'EXAMPLE.COM.AR'
domain_name_type : JoinDomNameTypeDNS (1)
account_ou : NULL
admin_account : 'administrator'
admin_domain : NULL
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
os_servicepack : NULL
create_upn : 0x00 (0)
upn : NULL
dnshostname : 'FS06'
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x01 (1)
secure_channel_type : SEC_CHAN_WKSTA (2)
desired_encryption_types : 0x0000001f (31)
provision_computer_account_only: 0x00 (0)
odj_provision_data : NULL
request_offline_join : 0x00 (0)
libnet_join_precreate_machine_acct: Machine account successfully created
join: struct secrets_domain_infoB
version : SECRETS_DOMAIN_INFO_VERSION_1 (1)
reserved : 0x00000000 (0)
info : union secrets_domain_infoU(case 1)
info1 : *
info1: struct secrets_domain_info1
reserved_flags : 0x0000000000000000 (0)
join_time : Fri Dec 23 12:38:27 2022 -03
computer_name : 'FS06'
account_name : 'FS06$'
secure_channel_type : SEC_CHAN_WKSTA (2)
domain_info: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : 'EXAMPLE'
dns_domain: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : 'example.com.ar'
dns_forest: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : 'example.com.ar'
domain_guid :
83c96a45-1808-4bc2-9b58-0c535f3ed3da
sid : *
sid :
S-1-5-21-527077859-282153845-2196410814
trust_flags : 0x0000001a (26)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
1: NETR_TRUST_FLAG_PRIMARY
1: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000040 (64)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
1: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
0:
LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION
0: LSA_TRUST_ATTRIBUTE_PIM_TRUST
0:
LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION
reserved_routing : NULL
supported_enc_types : 0x0000001f (31)
1: KERB_ENCTYPE_DES_CBC_CRC
1: KERB_ENCTYPE_DES_CBC_MD5
1: KERB_ENCTYPE_RC4_HMAC_MD5
1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
0: KERB_ENCTYPE_FAST_SUPPORTED
0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
0: KERB_ENCTYPE_CLAIMS_SUPPORTED
0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
salt_principal : *
salt_principal :
'host/fs06.example.com.ar at EXAMPLE.COM.AR'
password_last_change : Fri Dec 23 12:38:27 2022 -03
password_changes : 0x0000000000000001 (1)
next_change : NULL
password : *
password: struct secrets_domain_info1_password
change_time : Fri Dec 23 12:38:27 2022 -03
change_server : 'dc05.example.com.ar'
cleartext_blob : DATA_BLOB length=240
nt_hash: struct samr_Password
hash: ARRAY(16): <REDACTED SECRET VALUES>
salt_data : *
salt_data :
'EXAMPLE.COM.ARhostfs06.example.com.ar'
default_iteration_count : 0x00001000 (4096)
num_keys : 0x0003 (3)
keys: ARRAY(3)
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000012 (18)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB length=32
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000011 (17)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB length=16
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000017 (23)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB length=16
old_password : NULL
older_password : NULL
ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
file or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with
backend 'tdb': Unable to open tdb
'/var/lib/samba/private/secrets.ldb': No such file or directory
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
odj_provision_data : NULL
account_name : 'FS06$'
netbios_domain_name : 'EXAMPLE'
dns_domain_name : 'example.com.ar'
forest_name : 'example.com.ar'
dn :
'CN=FS06,CN=Computers,DC=example,DC=com,DC=ar'
domain_guid : 83c96a45-1808-4bc2-9b58-0c535f3ed3da
domain_sid : *
domain_sid :
S-1-5-21-527077859-282153845-2196410814
modified_config : 0x00 (0)
error_string : NULL
domain_is_ad : 0x01 (1)
set_encryption_types : 0x0000001f (31)
krb5_salt : 'host/fs06.example.com.ar at EXAMPLE.COM.AR'
dcinfo : *
dcinfo: struct netr_DsRGetDCNameInfo
dc_unc : *
dc_unc : '\\dc05.example.com.ar'
dc_address : *
dc_address : '\\192.168.50.55'
dc_address_type : DS_ADDRESS_TYPE_INET (1)
domain_guid :
83c96a45-1808-4bc2-9b58-0c535f3ed3da
domain_name : *
domain_name : 'example.com.ar'
forest_name : *
forest_name : 'example.com.ar'
dc_flags : 0xe00013fc (3758101500)
0: DS_SERVER_PDC
1: DS_SERVER_GC
1: DS_SERVER_LDAP
1: DS_SERVER_DS
1: DS_SERVER_KDC
1: DS_SERVER_TIMESERV
1: DS_SERVER_CLOSEST
1: DS_SERVER_WRITABLE
1: DS_SERVER_GOOD_TIMESERV
0: DS_SERVER_NDNC
0: DS_SERVER_SELECT_SECRET_DOMAIN_6
1: DS_SERVER_FULL_SECRET_DOMAIN_6
0: DS_SERVER_WEBSERV
0: DS_SERVER_DS_8
1: DS_DNS_CONTROLLER
1: DS_DNS_DOMAIN
1: DS_DNS_FOREST_ROOT
dc_site_name : *
dc_site_name : 'Default-First-Site-Name'
client_site_name : *
client_site_name : 'Default-First-Site-Name'
account_rid : 0x00001247 (4679)
result : WERR_OK
Joined domain example.com.ar (S-1-5-21-527077859-282153845-2196410814)
root at fs06:~# samba_dnsupdate
The server update list was not found, and --update-list was not provided.
[Errno 2] No such file or directory: '/var/lib/samba/private/dns_update_list'
Usage: samba_dnsupdate [options]
Password for [EXAMPLE\administrator]:
DNS Update for fs06.example.com.ar failed: ERROR_DNS_UPDATE_FAILED
DNS update failed!
root at fs06:~# ls -la /var/lib/samba/
total 2228
drwxr-xr-x 7 root root 4096 dic 23 12:35 .
drwxr-xr-x 42 root root 4096 nov 3 00:28 ..
-rw------- 1 root root 421888 nov 2 10:24 account_policy.tdb
drwxr-xr-x 4 root root 4096 nov 2 10:16 DriverStore
-rw------- 1 root root 425984 nov 2 10:29 group_mapping.tdb
drwxr-xr-x 12 root root 4096 nov 2 10:16 printers
drwxr-xr-x 3 root root 4096 dic 23 12:32 private
-rw------- 1 root root 528384 nov 2 10:24 registry.tdb
-rw------- 1 root root 421888 nov 2 10:24 share_info.tdb
drwxrwx--T 2 root sambashare 4096 nov 2 10:16 usershares
-rw------- 1 root root 32768 dic 23 12:35 winbindd_cache.tdb
-rw-r--r-- 1 root root 421888 nov 2 10:49 winbindd_idmap.tdb
drwxr-x--- 2 root winbindd_priv 4096 dic 23 12:35 winbindd_privileged
root at fs06:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.1 LTS
Release: 22.04
Codename: jammy
root at fs06:~# dpkg --list | grep samba
ii python3-samba 2:4.15.9+dfsg-0ubuntu0.3
amd64 Python 3 bindings for Samba
ii samba 2:4.15.9+dfsg-0ubuntu0.3
amd64 SMB/CIFS file, print, and login server for
Unix
ii samba-common 2:4.15.9+dfsg-0ubuntu0.3
all common files used by both the Samba server and
client
ii samba-common-bin 2:4.15.9+dfsg-0ubuntu0.3
amd64 Samba common files used by both the server and
the client
ii samba-dsdb-modules:amd64 2:4.15.9+dfsg-0ubuntu0.3
amd64 Samba Directory Services Database
ii samba-libs:amd64 2:4.15.9+dfsg-0ubuntu0.3
amd64 Samba core libraries
ii samba-testsuite 2:4.15.9+dfsg-0ubuntu0.3
amd64 test suite from Samba
ii samba-vfs-modules:amd64 2:4.15.9+dfsg-0ubuntu0.3
amd64 Samba Virtual FileSystem plugins
More information about the samba
mailing list