'net vampire' does not work with standard build for me

Bernd Markgraf bernd.markgraf at med.ovgu.de
Tue Apr 20 14:16:01 MDT 2010 

Hi Kamen,

> Yes. Net command takes --target-dir now.
> --target-dir is actually where Samba is to be installed.
Thanks for clearing that up.

> What I think you are missing here is ... the --realm option
> Anatoliy (aatanasov) is having the same problem currently 
> (more people having the problem, more probably it will be resolved
> faster).
yes that option was there (and i used it) in my previous attempts.

> For me, 'net vampire' works quite well, although I don't event have
> kerberos configured.
> What I have is a target directory (say,
> SAMBA_DIR=/home/kamenim/samba), with pre-configured smb.conf
> in $SAMBA_DIR/etc/smb.conf.
> I think you should have at leas following options set in you smb.conf
> file:
> [globals]
> netbios name = DRS1
> workgroup = SAMBA
> realm = SAMBA.DEVEL
> server role     = domain controller
> ads:dc function level = 4
I was missing the realm line and had no ads:dc function level

> I use 'ads:dc function level' option as I use to test against w2k8-r2.
> I think you should match Functional Level for your domain
> (which is 2 as it seems).
i tried both 2 and 4. in both cases i get this output from 
net vampire -d 9 -Uadministrator%passwd dzne.uni-magdeburg.de --target-dir=/opt/samba
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
dos charset 'CP850' unavailable - using ASCII
Mapped to DCERPC endpoint \pipe\lsarpc
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
Shutdown SMB signing
BSRSPYL SMB signing enabled
Shutdown SMB signing
Starting GENSEC mechanism spnego
Server claims it's principal name is KAUAI$@DZNE.UNI-MAGDEBURG.DE
Starting GENSEC submechanism gssapi_krb5
Received smb_krb5 packet of length 295
Received smb_krb5 packet of length 1381
gensec_gssapi: credentials were delegated
GSSAPI Connection will have no cryptographic protection
SMB signing enabled!
[0000] 91 E5 27 B6 F0 5A 0E F4                            ..'..Z.. 
Seen valid packet, so turning signing on
Seen valid packet, so marking signing as 'seen valid'
sign_outgoing_message: SENT SIG (seq: 2): sent SMB signature of
[0000] 89 7B 78 C7 06 BF 4A CE                            .{x...J. 
[0000] 84 D2 97 72 D9 CB AA 71                            ...r...q 
sign_outgoing_message: SENT SIG (seq: 4): sent SMB signature of
[0000] 02 CA 63 AD D5 E6 81 A3                            ..c..... 
[0000] 9A 83 9A 78 B2 CB E7 68                            ...x...h 
sign_outgoing_message: SENT SIG (seq: 6): sent SMB signature of
[0000] 29 E4 A0 0F 2E 66 40 83                            )....f at . 
[0000] F8 9D 72 85 00 B8 4F 17                            ..r...O. 
sign_outgoing_message: SENT SIG (seq: 8): sent SMB signature of
[0000] 43 DB 35 3C 66 77 83 EC                            C.5<fw.. 
sign_outgoing_message: SENT SIG (seq: 10): sent SMB signature of
[0000] F2 BF 30 7C C1 96 FE 93                            ..0|.... 
[0000] EB 84 44 EF 81 B1 82 F5                            ..D..... 
[0000] A7 11 10 B5 35 19 70 0A                            ....5.p. 
sign_outgoing_message: SENT SIG (seq: 12): sent SMB signature of
[0000] 18 AC 85 35 7B 3D 14 DF                            ...5{=.. 
sign_outgoing_message: SENT SIG (seq: 14): sent SMB signature of
[0000] 64 50 7A A9 49 46 1D C9                            dPz.IF.. 
[0000] F5 96 54 FF 28 05 F3 85                            ..T.(... 
[0000] 9A 16 CF B5 45 1B 43 0A                            ....E.C. 
sign_outgoing_message: SENT SIG (seq: 16): sent SMB signature of
[0000] AF AC E5 17 42 91 C0 40                            ....B..@ 
sign_outgoing_message: SENT SIG (seq: 18): sent SMB signature of
[0000] 28 38 7C 94 41 94 37 AB                            (8|.A.7. 
[0000] 65 CB D2 A1 28 32 FC 0F                            e...(2.. 
[0000] 2F FB 34 05 12 16 8C C5                            /.4..... 
sign_outgoing_message: SENT SIG (seq: 20): sent SMB signature of
[0000] FA 14 87 80 26 8E 52 65                            ....&.Re 
[0000] 9A 78 AA F6 C2 F2 E3 B4                            .x...... 
sign_outgoing_message: SENT SIG (seq: 22): sent SMB signature of
[0000] 74 9E 81 A0 46 25 B6 30                            t...F%.0 
[0000] C2 C0 55 26 A9 A7 EE 4E                            ..U&...N 
sign_outgoing_message: SENT SIG (seq: 24): sent SMB signature of
[0000] D4 E5 1E 6A 04 24 4D 7F                            ...j.$M. 
[0000] B0 48 52 EE A9 EA 42 95                            .HR...B. 
sign_outgoing_message: SENT SIG (seq: 26): sent SMB signature of
[0000] 39 7E 95 56 95 A1 7D F5                            9~.V..}. 
[0000] 21 13 9C BE 00 85 FD CF                            !....... 
sign_outgoing_message: SENT SIG (seq: 28): sent SMB signature of
[0000] 00 B1 B0 0D B4 A0 AF 30                            .......0 
[0000] 32 2D B0 E5 B3 0C C4 C5                            2-...... 
sign_outgoing_message: SENT SIG (seq: 30): sent SMB signature of
[0000] 99 DB E1 EF D4 45 45 CE                            .....EE. 
[0000] 8D D9 5A 27 F7 D7 05 93                            ..Z'.... 
sign_outgoing_message: SENT SIG (seq: 32): sent SMB signature of
[0000] 22 04 E1 0D E5 F8 A6 DD                            "....... 
[0000] FC 27 E9 CB 3A 8B 89 55                            .'..:..U 
sign_outgoing_message: SENT SIG (seq: 34): sent SMB signature of
[0000] AD A9 34 A5 1B 5C 99 E3                            ..4..\.. 
[0000] 2E 90 C0 84 DA BD 4A 3B                            ......J; 
sign_outgoing_message: SENT SIG (seq: 36): sent SMB signature of
[0000] 6A E5 B0 0F F4 E5 09 46                            j......F 
[0000] AA D6 67 97 AD B0 1B 79                            ..g....y 
sign_outgoing_message: SENT SIG (seq: 38): sent SMB signature of
[0000] A3 7F CA CB 38 56 02 72                            ....8V.r 
[0000] 29 76 04 65 B7 F7 02 F0                            )v.e.... 
Mapped to DCERPC endpoint 135
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
librpc/rpc/dcerpc_util.c:857: auth_pad_length 0
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographicly sealed
librpc/rpc/dcerpc_util.c:857: auth_pad_length 0
librpc/rpc/dcerpc_util.c:857: auth_pad_length 0
librpc/rpc/dcerpc_util.c:857: auth_pad_length 12
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
gensec_gssapi: credentials were delegated
GSSAPI Connection will have no cryptographic protection
ldb: No modules specified for this database
ldb_wrap open of ldap://KAUAI
ldb: start ldb transaction (nesting: 0)
ldb: commit ldb transaction (nesting: 0)
librpc/rpc/dcerpc_util.c:857: auth_pad_length 4
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
gensec_gssapi: credentials were delegated
GSSAPI Connection will have no cryptographic protection
ldb: No modules specified for this database
ldb_wrap open of ldap://kauai.dzne.uni-magdeburg.de/
Become DC [(NULL)] of Domain[DZNE]/[dzne.uni-magdeburg.de]
Promotion Partner is Server[kauai.dzne.uni-magdeburg.de] from
Site[Default-First-Site-Name]
Options:crossRef behavior_version[2]
	schema object_version[47]
	domain behavior_version[2]
	domain w2k3_update_revision[8]
ldb: start ldb transaction (nesting: 0)
ldb: cancel ldb transaction (nesting: 0)
ldb: start ldb transaction (nesting: 0)
ldb: commit ldb transaction (nesting: 0)
Mapped to DCERPC endpoint 135
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
Mapped to DCERPC endpoint 1024
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
added interface ip=149.203.XXX.YYY nmask=255.255.255.0
Starting GENSEC mechanism gssapi_krb5
librpc/rpc/dcerpc_util.c:857: auth_pad_length 0
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographicly sealed
librpc/rpc/dcerpc_util.c:857: auth_pad_length 0
librpc/rpc/dcerpc_util.c:857: auth_pad_length 0
libnet_BecomeDC() failed - NT code 0xc00020ee
Traceback (most recent call last):
  File
"/opt/samba/lib/python2.4/site-packages/samba/netcmd/__init__.py", line
99, in _run
    return self.run(*args, **kwargs)
  File "/opt/samba/lib/python2.4/site-packages/samba/netcmd/vampire.py",
line 51, in run
    (domain_name, domain_sid) = net.vampire(domain=domain,
target_dir=target_dir)
RuntimeError: NT code 0xc00020ee



>         Another bad thing I found when I put the new build into
>         service (Version
>         4.0.0alpha12-GIT-c293359 with your patch) was that the Users
>         administration on my windows client was missing a number of
>         tab, when
>         editing accounts. Most notably the account and profile tabs
>         were
>         missing. So there must be something else that is not quite
>         right.
>         
> Perhaps it will be better if Matthieu Patou can comment on this?
That would be nice. btw when i revert to my previous build everything is
back to normal.

  bernd

More information about the samba-technical mailing list