smbtorture NET-API-BECOME-DC

Oliver Liebel oliver at itc.li
Tue Sep 16 10:11:13 GMT 2008 

in need little help with smbtorture / NET-API-BECOME-DC

using latest samba4 version from git, i try to fetch all ads-entrys from 
a w2k3-dc.
dns of the samba4-dc points to the w2k3dc-dns, /etc/krb5.conf  to the 
kdc of the w2k3dc

first i joined the samba4-machine as a bdc to the w2k3-domain (LDAP), no 
problems.

then using smbtorture with the following command-line:
#> bin/smbtorture -d 4 ncacn_np:w2k3dc  -U administrator -W ldap --realm 
ldap.local.site
   --option='become dc:smbtorture dc=ldapmaster' --option='become dc:do 
not unjoin=yes' NET-API-BECOME-DC


at the end an error comes up, telling me the subcontext 
cn=schema,cn=configuration,<tld> already exists, see  the listing below.
starting samba4 with the newly created (surely incomplete) dbs fails; 
smbd tells me

"Failed to find our own NTDS Settings objectGUID in the ldb!"
but the entry for ladpmaster exists inside ads, maby it isnt fetched 
during for some reasons...


any ideas?

greetings
oliver

----------
lp_load: refreshing parameters from /usr/local/samba/etc/smb.conf
params.c:pm_process() - Processing configuration file 
"/usr/local/samba/etc/smb.conf"
Processing section "[globals]"
pm_process() returned Yes
adding hidden service IPC$
adding hidden service ADMIN$
SHARE backend [ldb] registered.
SHARE backend [classic] registered.
GENSEC backend 'sasl-DIGEST-MD5' registered
AUTH backend 'winbind_samba3' registered
AUTH backend 'winbind' registered
AUTH backend 'server' registered
AUTH backend 'name_to_ntstatus' registered
AUTH backend 'fixed_challenge' registered
AUTH backend 'unix' registered
AUTH backend 'anonymous' registered
AUTH backend 'sam' registered
AUTH backend 'sam_ignoredomain' registered
GENSEC backend 'krb5' registered
gensec subsystem fake_gssapi_krb5 is disabled
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
gensec subsystem gssapi_spnego is disabled
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'ntlmssp' registered
Using seed 1221558524
added interface ip=192.168.198.11 nmask=255.255.255.0
....
Password for [LDAP\administrator]:
....
Received smb_krb5 packet of length 1252
Become DC [ldapmaster] of Domain[LDAP]/[ldap.local.site]
Promotion Partner is Server[w2k3dc.ldap.local.site] from 
Site[Default-First-Site]
Options:crossRef behavior_version[0]
        schema object_version[30]
        domain behavior_version[0]
        domain w2k3_update_revision[8]
Mapped to DCERPC endpoint 135
added interface ip=192.168.198.11 nmask=255.255.255.0
...
Provision for Become-DC test using python
New Server in Site[Default-First-Site]
DSA Instance [CN=NTDS 
Settings,CN=ldapmaster,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=ldap,DC=local,DC=site]
        invocationId[ac02c34c-ecae-48be-bd3b-06ffb6abb605]
Pathes under targetdir[/install/samba4/source/libnet_BecomeDC.9bXkp7]
Setting up share.ldb
Setting up secrets.ldb
Setting up the registry
Setting up templates db
Setting up idmap db
schema_fsmo_init: no schema dn present: (skip schema loading)
naming_fsmo_init: no partitions dn present: (skip loading of naming 
contexts details)
pdc_fsmo_init: no domain dn present: (skip loading of domain details)
Setting up sam.ldb attributes
Setting up sam.ldb rootDSE
schema_fsmo_init: no schema head present: (skip schema loading)
naming_fsmo_init: no partitions dn present: (skip loading of naming 
contexts details)
pdc_fsmo_init: no domain object present: (skip loading of domain details)
Pre-loading the Samba 4 and AD schema
Adding DomainDN: DC=ldap,DC=local,DC=site (permitted to fail)
Modifying DomainDN: DC=ldap,DC=local,DC=site
Adding configuration container (permitted to fail)
Modifying configuration container
Adding schema container (permitted to fail)
Modifying schema container
Setting up sam.ldb Samba4 schema
Setting up sam.ldb AD schema
Setting up sam.ldb configuration data
Setting up display specifiers
Adding users container (permitted to fail)
Modifying users container
Adding computers container (permitted to fail)
Modifying computers container
Setting up sam.ldb data
Please install the phpLDAPadmin configuration located at 
/install/samba4/source/libnet_BecomeDC.9bXkp7/private/phpldapadmin-config.php 
into /etc/phpldapadmin/config.php
Once the above files are installed, your Samba4 server will be ready to use
Server Role:    domain controller
Hostname:       ldapmaster
NetBIOS Domain: LDAP
DNS Domain:     ldap.local.site
DOMAIN SID:     S-1-5-21-820737838-112382019-1916026515
Admin password: nRo6F9IKo3hg
added interface ip=192.168.198.11 nmask=255.255.255.0
...
Received smb_krb5 packet of length 1252
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[133/1572] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site] 
objects[75/1572] linked_values[0/0]
Analyze and apply schema objects
Failed to apply records: Failed while waiting on add replicated object 
CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site: Entry 
CN=Schema,CN=Configuration,DC=ldap,DC=local,DC=site already exists: 
Entry already exists
Failed to commit objects: WERR_GENERAL_FAILURE
libnet_BecomeDC() failed - NT_STATUS_UNSUCCESSFUL
Received cldap packet of length 168 from 192.168.198.203:389
added interface ip=192.168.198.11 nmask=255.255.255.0
....
Received smb_krb5 packet of length 1252
Delete of machine account ldapmaster was successful.
ERROR IN TEST API-BECOME-DC! - Unknown error/failure
------------


____________
Virus checked by G DATA AntiVirusKit
Version: AVK 19.525 from 16.09.2008
Virus news: www.antiviruslab.com

More information about the samba-technical mailing list