'net vampire' does not work with standard build for me
Bernd Markgraf
bernd.markgraf at med.ovgu.de
Mon Apr 19 13:55:44 MDT 2010
Hi Kamen,
I got a fresh git clone and applied your patch. This is the result when
I try to vampire my domain:
./bin/net vampire -d 5 -Uadministrator dzne.uni-magdeburg.de
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Traceback (most recent call last):
File
"/opt/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py", line
99, in _run
return self.run(*args, **kwargs)
File "/opt/samba/lib/python2.4/site-packages/samba/netcmd/vampire.py",
line 51, in run
(domain_name, domain_sid) = net.vampire(domain=domain,
target_dir=target_dir)
TypeError: argument 2 must be string, not None
So the options for net vampire changed on the way? On my previous
attempts the was on option --realm now it wants --target-dir
I assume this is the directory where database files shall be stored?
So next try is:
./bin/net vampire -d 5 -Uadministrator dzne.uni-magdeburg.de
--target-dir=/opt/samba/private
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
dos charset 'CP850' unavailable - using ASCII
Mapped to DCERPC endpoint \pipe\lsarpc
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is KAUAI$@DZNE.UNI-MAGDEBURG.DE
Starting GENSEC submechanism gssapi_krb5
GSS Import name of cifs at KAUAI failed: Miscellaneous failure (see text):
unable to find realm of host maui
Failed to start GENSEC client mech gssapi_krb5:
NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Password for [WORKGROUP\administrator]:
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 82 C3 DE 1A 9B 42 A6 D9 .....B..
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SMB signing enabled!
[0000] 9F B8 73 6A B0 F1 90 D0 ..sj....
Seen valid packet, so turning signing on
Seen valid packet, so marking signing as 'seen valid'
sign_outgoing_message: SENT SIG (seq: 2): sent SMB signature of
[0000] F6 2B 7C F8 8B 63 75 02 .+|..cu.
[0000] 1B 17 3C A3 A3 85 F2 81 ..<.....
sign_outgoing_message: SENT SIG (seq: 4): sent SMB signature of
[0000] 0B 32 2D 27 EC 9E 6C 31 .2-'..l1
[0000] 53 3C 11 3B 0C 67 5E 7D S<.;.g^}
sign_outgoing_message: SENT SIG (seq: 6): sent SMB signature of
[0000] D9 AE C8 C1 6F CB 67 D8 ....o.g.
[0000] 7B 3E 30 46 16 C2 AD BF {>0F....
sign_outgoing_message: SENT SIG (seq: 8): sent SMB signature of
[0000] B4 1A 15 22 22 BB 6B FD ..."".k.
sign_outgoing_message: SENT SIG (seq: 10): sent SMB signature of
[0000] 79 30 53 0F CA 2F CB 02 y0S../..
[0000] 82 B2 66 61 A9 96 60 2E ..fa..`.
[0000] DE 4D 12 06 1E 3F E7 A6 .M...?..
sign_outgoing_message: SENT SIG (seq: 12): sent SMB signature of
[0000] 24 0D C9 79 C7 06 FC 44 $..y...D
sign_outgoing_message: SENT SIG (seq: 14): sent SMB signature of
[0000] 67 97 9C 87 F2 9F 06 FE g.......
[0000] BD 0A B1 BF C6 E1 3D 29 ......=)
[0000] 6B C4 BE 19 DE 54 D5 00 k....T..
sign_outgoing_message: SENT SIG (seq: 16): sent SMB signature of
[0000] A6 2A 89 A7 47 A2 AA 87 .*..G...
sign_outgoing_message: SENT SIG (seq: 18): sent SMB signature of
[0000] E6 EB 5E FB 6F 2C 20 6C ..^.o, l
[0000] 6E 28 02 5C 2F 15 86 DE n(.\/...
[0000] 21 BE AC 6F 7A B1 14 D9 !..oz...
sign_outgoing_message: SENT SIG (seq: 20): sent SMB signature of
[0000] CF 52 ED A8 EF 0E F0 09 .R......
[0000] D7 8C 5A E5 4A FB 2E 37 ..Z.J..7
sign_outgoing_message: SENT SIG (seq: 22): sent SMB signature of
[0000] EA C1 18 B0 70 59 AB 19 ....pY..
[0000] 5A F1 C3 D9 37 1A B9 E3 Z...7...
sign_outgoing_message: SENT SIG (seq: 24): sent SMB signature of
[0000] 65 20 68 8C 89 55 3A 82 e h..U:.
[0000] C9 D1 AD B8 04 83 91 F8 ........
sign_outgoing_message: SENT SIG (seq: 26): sent SMB signature of
[0000] BE 9B 5E EF 55 30 33 97 ..^.U03.
[0000] C7 26 F5 EE CE 06 E4 F6 .&......
sign_outgoing_message: SENT SIG (seq: 28): sent SMB signature of
[0000] CB 02 76 60 53 67 F7 47 ..v`Sg.G
[0000] D4 8C 1F 6F D3 C2 3F 87 ...o..?.
sign_outgoing_message: SENT SIG (seq: 30): sent SMB signature of
[0000] D3 9F 39 86 C9 91 23 45 ..9...#E
[0000] BB 14 56 29 04 2F 4A 7E ..V)./J~
sign_outgoing_message: SENT SIG (seq: 32): sent SMB signature of
[0000] 13 66 BD AC C0 46 0B D6 .f...F..
[0000] 7A C3 1E 7B 93 24 F2 94 z..{.$..
sign_outgoing_message: SENT SIG (seq: 34): sent SMB signature of
[0000] C5 21 77 0A 44 43 0B 96 .!w.DC..
[0000] CB B3 D6 31 54 47 B5 C0 ...1TG..
sign_outgoing_message: SENT SIG (seq: 36): sent SMB signature of
[0000] C5 0B B3 0D 6F 67 E1 11 ....og..
[0000] C7 65 B7 4D B8 E0 8C A4 .e.M....
sign_outgoing_message: SENT SIG (seq: 38): sent SMB signature of
[0000] 88 DF 57 86 70 CA EB E9 ..W.p...
[0000] 74 7A F0 1E 92 24 4A 3E tz...$J>
Mapped to DCERPC endpoint 135
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSS Import name of ldap at KAUAI failed: Miscellaneous failure (see text):
unable to find realm of host maui
Failed to start GENSEC client mech gssapi_krb5:
NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 9F B4 D9 2D 35 70 0D 59 ...-5p.Y
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSS Import name of ldap at KAUAI failed: Miscellaneous failure (see text):
unable to find realm of host maui
Failed to start GENSEC client mech gssapi_krb5:
NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] E1 AC 3F A5 DB B2 5F 83 ..?..._.
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ldb: No modules specified for this database
ldb_wrap open of ldap://KAUAI
ldb: start ldb transaction (nesting: 0)
ldb: commit ldb transaction (nesting: 0)
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
GSS Import name of ldap at kauai.dzne.uni-magdeburg.de failed:
Miscellaneous failure (see text): unable to find realm of host maui
Failed to start GENSEC client mech gssapi_krb5:
NT_STATUS_INVALID_PARAMETER
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x60898205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP challenge set by NTLM2
challenge is:
[0000] 4A E9 CB 8E B8 31 DC 9C J....1..
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088205
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
ldb: No modules specified for this database
ldb_wrap open of ldap://kauai.dzne.uni-magdeburg.de/
Become DC [(NULL)] of Domain[DZNE]/[dzne.uni-magdeburg.de]
Promotion Partner is Server[kauai.dzne.uni-magdeburg.de] from
Site[Default-First-Site-Name]
Options:crossRef behavior_version[2]
schema object_version[47]
domain behavior_version[2]
domain w2k3_update_revision[8]
ldb: start ldb transaction (nesting: 0)
ldb: cancel ldb transaction (nesting: 0)
ldb: start ldb transaction (nesting: 0)
ldb: commit ldb transaction (nesting: 0)
Mapped to DCERPC endpoint 135
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
added interface ip=149.XXX.YYY.102 nmask=255.255.255.0
added interface ip=192.168.56.1 nmask=255.255.255.0
Starting GENSEC mechanism gssapi_krb5
GSS Import name of ldap at KAUAI.DZNE.UNI-MAGDEBURG.DE failed:
Miscellaneous failure (see text): unable to find realm of host maui
Failed to start GENSEC client mech gssapi_krb5:
NT_STATUS_INVALID_PARAMETER
Failed to start GENSEC client mechanism gssapi_krb5:
NT_STATUS_INVALID_PARAMETER
Failed to bind to uuid e3514235-4b06-11d1-ab04-00c04fc2dcd2 -
NT_STATUS_INVALID_PARAMETER
libnet_BecomeDC() failed - NT_STATUS_INVALID_PARAMETER
Traceback (most recent call last):
File
"/opt/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py", line
99, in _run
return self.run(*args, **kwargs)
File "/opt/samba/lib/python2.4/site-packages/samba/netcmd/vampire.py",
line 51, in run
(domain_name, domain_sid) = net.vampire(domain=domain,
target_dir=target_dir)
RuntimeError: NT_STATUS_INVALID_PARAMETER
What is the NT_STATUS_INVALID_PARAMETER telling me all the time? Why
does it fail to find the realm for host I want to join? Does one need
any preparation on the existing DC? (there already exists an account for
the machine I am about to join - which I needed to get the kerberos key
so that box can utilize them to authenticate unix logins).
Besides the failed attempts to replicate the data to the second DC
(since my first try to vampire the domain) the existing DC doesn't log
anything.
Another bad thing I found when I put the new build into service (Version
4.0.0alpha12-GIT-c293359 with your patch) was that the Users
administration on my windows client was missing a number of tab, when
editing accounts. Most notably the account and profile tabs were
missing. So there must be something else that is not quite right.
bernd
More information about the samba-technical
mailing list