'Unknown error' messages during Samba4 vampire

Zahari Zahariev zahari.zahariev at gmail.com
Tue Nov 16 14:46:51 MST 2010 

Hello Andrew & list,

After commit 6ff009cacca7f62fc1b67270fb2bee4f20906c70 the problem when 
joining Windows 2003 with msDS-Behavior-Version 2 shifted to this error:

@ Vampire  from Windows server
Finding a writeable DC for domain 'autorepl2.test'
Found DC win2008R2-b.autorepl2.test
workgroup is AUTOREPL02
realm is autorepl2.test
checking samaccountname
Adding CN=UBUNTU1,OU=Domain Controllers,DC=autorepl2,DC=test
Adding CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test
Adding CN=NTDS Settings,CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test
Join failed - cleaning up
checking samaccountname
Deleted CN=UBUNTU1,OU=Domain Controllers,DC=autorepl2,DC=test
Deleted CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test
Traceback (most recent call last):
   File "bin/python/samba/netcmd/__init__.py", line 99, in _run
     return self.run(*args, **kwargs)
   File "bin/python/samba/netcmd/join.py", line 64, in run
     site=site, netbios_name=netbios_name)
   File "bin/python/samba/join.py", line 552, in join_DC
     ctx.do_join()
   File "bin/python/samba/join.py", line 485, in do_join
     ctx.join_add_objects()
   File "bin/python/samba/join.py", line 359, in join_add_objects
     res = ctx.samdb.search(base=ctx.ntds_dn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
_ldb.LdbError: (32, "LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test<0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test'\n>  <>")
Status: FAILED

The strange thing is that now the "samba-tool join" to Windows 2008R2 
having msDS-Behavior-Version 2 (the same) also fails with the exactly 
the same error.

Why this could be?

On 11/9/10 4:52 PM, Zahari Zahariev wrote:
> This is debug level 5:
>
> @ Vampire  from Windows server
> adding hidden service IPC$
> adding hidden service ADMIN$
> added interface ip=10.191.44.10 nmask=255.255.0.0
> added interface ip=10.191.44.10 nmask=255.255.0.0
> added interface ip=10.191.44.10 nmask=255.255.0.0
> added interface ip=10.191.44.10 nmask=255.255.0.0
> Finding a writeable DC for domain 'autorepl1.test'
> added interface ip=10.191.44.10 nmask=255.255.0.0
> added interface ip=10.191.44.10 nmask=255.255.0.0
> finddcs: searching for a DC by DNS domain autorepl1.test
> finddcs: looking for SRV records for _ldap._tcp.autorepl1.test
> finddcs: DNS SRV response 0 at '10.191.44.11'
> finddcs: performing CLDAP query on 10.191.44.11
> finddcs: Found matching DC 10.191.44.11 with server_type=0x000003fd
> Found DC win2003a.autorepl1.test
> Initialising global parameters
> adding hidden service IPC$
> adding hidden service ADMIN$
> added interface ip=10.191.44.10 nmask=255.255.0.0
> added interface ip=10.191.44.10 nmask=255.255.0.0
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gssapi_krb5
> Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for 
> requested realm
> Cannot reach a KDC we require to contact ldap/win2003a.autorepl1.test@ 
> : kinit for administrator@ failed (Cannot contact any KDC for 
> requested realm: unable to reach any KDC in realm )
>
> Failed to start GENSEC client mech gssapi_krb5: 
> NT_STATUS_NO_LOGON_SERVERS
> Starting GENSEC submechanism ntlmssp
> Got challenge flags:
> Got NTLMSSP neg_flags=0x62898235
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_SEAL
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_NTLM2
>   NTLMSSP_NEGOTIATE_TARGET_INFO
>   NTLMSSP_NEGOTIATE_VERSION
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP challenge set by NTLM2
> challenge is:
> [0000] 22 F1 6B EE 0C 8F A0 2F                            ".k..../
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088235
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_SEAL
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_NTLM2
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088235
>   NTLMSSP_NEGOTIATE_UNICODE
>   NTLMSSP_REQUEST_TARGET
>   NTLMSSP_NEGOTIATE_SIGN
>   NTLMSSP_NEGOTIATE_SEAL
>   NTLMSSP_NEGOTIATE_NTLM
>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>   NTLMSSP_NEGOTIATE_NTLM2
>   NTLMSSP_NEGOTIATE_128
>   NTLMSSP_NEGOTIATE_KEY_EXCH
> workgroup is AUTOREPL01
> realm is autorepl1.test
> checking samaccountname
> Adding CN=DEBIAN1,OU=Domain Controllers,DC=autorepl1,DC=test
> Join failed - cleaning up
> checking samaccountname
> Traceback (most recent call last):
>   File "bin/python/samba/netcmd/__init__.py", line 99, in _run
>     return self.run(*args, **kwargs)
>   File "bin/python/samba/netcmd/join.py", line 64, in run
>     site=site, netbios_name=netbios_name)
>   File "bin/python/samba/join.py", line 550, in join_DC
>     ctx.do_join()
>   File "bin/python/samba/join.py", line 483, in do_join
>     ctx.join_add_objects()
>   File "bin/python/samba/join.py", line 314, in join_add_objects
>     ctx.samdb.add(rec)
> _ldb.LdbError: (16, 'LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -<00000057: 
> LdapErr: DSID-0C090B38, comment: Error in attribute conversion 
> operation, data 0, vece> <>')
> Status: FAILED
>
>
>
> On 11/9/10 7:17 AM, Zahari Zahariev wrote:
>> Hi Tridge,
>>
>> Sorry to break your enthusiasm like this :) but they are already gone 
>> since these commits:
>>
>> === Start 08-11-2010 03:01:01 ===
>>
>> @ Clean up old binaries
>> WAF_MAKE=1 ../buildtools/bin/waf distclean
>> 'distclean' finished successfully (21.972s)
>> Status: OK
>>
>> @ Pull new source changes
>> From git://git.samba.org/samba
>>    e59bf5e..c0297e5  master     ->  origin/master
>> Updating e59bf5e..c0297e5
>> Fast forward
>>  buildtools/wafsamba/samba_deps.py           |    2 +-
>>  buildtools/wafsamba/samba_install.py        |    8 ++++++--
>>  buildtools/wafsamba/samba_optimisation.py   |    8 ++++----
>>  source4/lib/ldb/common/ldb_modules.c        |    5 +++--
>>  source4/scripting/python/samba/drs_utils.py |    2 ++
>>  5 files changed, 16 insertions(+), 9 deletions(-)
>> Status: OK
>>
>> @ Committers since last time
>> COMMAND: git log 
>> e59bf5efb5cf23ff21f2a2ac7dff8d211070a916..c0297e5e89c48153a6f34f2585f9934bae2b2fbe
>> Status: OK
>>
>> The last one that the commits above fixed was:
>> ldb: failed to initialise module 
>> bin/python/samba/../../../bin/modules/ldb/acl.so : Unknown error
>>
>> If you are looking for trouble the problem that new implementation of 
>> "samba-tool join" has
>> against Win2003 with highest (forest&  domain) functional level 2 
>> (win2003) is still on the table:
>>
>> @ Vampire  from Windows server
>> Finding a writeable DC for domain 'autorepl1.test'
>> Found DC win2003a.autorepl1.test
>> Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for 
>> requested realm
>> Failed to start GENSEC client mech gssapi_krb5: 
>> NT_STATUS_NO_LOGON_SERVERS
>> workgroup is AUTOREPL01
>> realm is autorepl1.test
>> checking samaccountname
>> Adding CN=DEBIAN1,OU=Domain Controllers,DC=autorepl1,DC=test
>> Join failed - cleaning up
>> checking samaccountname
>> Traceback (most recent call last):
>>   File "bin/python/samba/netcmd/__init__.py", line 99, in _run
>>     return self.run(*args, **kwargs)
>>   File "bin/python/samba/netcmd/join.py", line 64, in run
>>     site=site, netbios_name=netbios_name)
>>   File "bin/python/samba/join.py", line 550, in join_DC
>>     ctx.do_join()
>>   File "bin/python/samba/join.py", line 483, in do_join
>>     ctx.join_add_objects()
>>   File "bin/python/samba/join.py", line 314, in join_add_objects
>>     ctx.samdb.add(rec)
>> _ldb.LdbError: (16, 'LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -<00000057: 
>> LdapErr: DSID-0C090B38, comment: Error in attribute conversion 
>> operation, data 0, vece> <>')
>> Status: FAILED
>>
>> Thanks a million!
>>
>> On 11/9/10 1:07 AM, tridge at samba.org wrote:
>>> Hi Zahari,
>>>
>>> Can you send me a copy of your vampire test script? I'd like to try
>>> and track down the problems you're seeing with w2k3.
>>>
>>> Cheers, Tridge
>>
>

More information about the samba-technical mailing list