[cifs-protocol] RE: Microsoft Client tool expectatations

Hongwei Sun hongweis at microsoft.com
Tue Sep 23 21:33:27 GMT 2008


  The product team is analyzing the network trace for trusted domain join problem.   We have several questions regarding the test.

(1) What was the exact error message and when did it show ?   Did you see  message (" Unable to read the functional level of the specified forest." & "The directory datatype cannot be converted to/from a native DS datatype") displayed from "Active Directory Trust and Domain" ?

(2) Which frame(s) in the trace are related to the error ?   at the end ?
   We can see error STATUS_OBJECT_NAME_NOT_FOUND returned LsarQueryTrustedDomainInfoByName() in frame 111 & 113,Is that a downstream effect of not reading the right data from AD?

(3) What is your Windows Server 2008 domain name ?  Is it AD2008 ?   Do you actually have a Netbios name different then the DNS name?
   Is 2008.naomi.abartlet.net the name of Samba4 domain ?


Hongwei  Sun - Sr. Support Escalation Engineer
DSC Protocol  Team, Microsoft
hongweis at microsoft.com
Tel:  469-7757027 x 57027

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org]
Sent: Monday, September 08, 2008 7:22 AM
To: Interoperability Documentation Help
Cc: pfif at tridgell.net; cifs-protocol at samba.org
Subject: Microsoft Client tool expectatations

How do I determine what LDAP values a Microsoft client tool is expecting?

For example, with the attached patch against current GIT, I cannot make
windows 2008 join Samba4 as a 2-way, forest level trusted domain.   It
seems something is wrong with what we return to cn=partitions,cn=configuration,....

Similarly, against our current GIT tree, the Win2k3 admin pack on WinXP won't launch 'Active Directory Users and Computers' against Samba4.  The error seems to be in response to our return value for the cn=aggregate schema.

In both cases, I just have cryptic error messages.  How can I determine what these tools are expecting?

Attached please find network traces for both the 2008 server attempting to join the trust and a WinXP machine trying to open 'Active Directory Users and Computers'.

(keytab to follow in private mail)

The join fails with:  'unable to read the functional level of the forest' Cannot convert to/from the native DS datatype.

The ADUC launch fails with: 'unspecified error'.  (This used to work, before I 'fixed' some schema stuff).


Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

More information about the cifs-protocol mailing list