'Unknown error' messages during Samba4 vampire

Zahari Zahariev zahari.zahariev at gmail.com
Wed Nov 17 06:56:58 MST 2010 

Hi Tridge & Andrew,

Now everything with all my local join/replication machines is back to 
normal as it was before "net vampire" got rewritten into "samba-tool 
join". Thank you for the time spent.

Excellent job!

On 11/16/10 11:46 PM, Zahari Zahariev wrote:
> Hello Andrew & list,
>
> After commit 6ff009cacca7f62fc1b67270fb2bee4f20906c70 the problem when 
> joining Windows 2003 with msDS-Behavior-Version 2 shifted to this error:
>
> @ Vampire  from Windows server
> Finding a writeable DC for domain 'autorepl2.test'
> Found DC win2008R2-b.autorepl2.test
> workgroup is AUTOREPL02
> realm is autorepl2.test
> checking samaccountname
> Adding CN=UBUNTU1,OU=Domain Controllers,DC=autorepl2,DC=test
> Adding CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test
> Adding CN=NTDS Settings,CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test
> Join failed - cleaning up
> checking samaccountname
> Deleted CN=UBUNTU1,OU=Domain Controllers,DC=autorepl2,DC=test
> Deleted CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test
> Traceback (most recent call last):
>    File "bin/python/samba/netcmd/__init__.py", line 99, in _run
>      return self.run(*args, **kwargs)
>    File "bin/python/samba/netcmd/join.py", line 64, in run
>      site=site, netbios_name=netbios_name)
>    File "bin/python/samba/join.py", line 552, in join_DC
>      ctx.do_join()
>    File "bin/python/samba/join.py", line 485, in do_join
>      ctx.join_add_objects()
>    File "bin/python/samba/join.py", line 359, in join_add_objects
>      res = ctx.samdb.search(base=ctx.ntds_dn, scope=ldb.SCOPE_BASE, attrs=["objectGUID"])
> _ldb.LdbError: (32, "LDAP error 32 LDAP_NO_SUCH_OBJECT - CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test<0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:\n\t'CN=UBUNTU1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=autorepl2,DC=test'\n>  <>")
> Status: FAILED
> The strange thing is that now the "samba-tool join" to Windows 2008R2 
> having msDS-Behavior-Version 2 (the same) also fails with the exactly 
> the same error.
>
> Why this could be?
>
> On 11/9/10 4:52 PM, Zahari Zahariev wrote:
>> This is debug level 5:
>>
>> @ Vampire  from Windows server
>> adding hidden service IPC$
>> adding hidden service ADMIN$
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> Finding a writeable DC for domain 'autorepl1.test'
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> finddcs: searching for a DC by DNS domain autorepl1.test
>> finddcs: looking for SRV records for _ldap._tcp.autorepl1.test
>> finddcs: DNS SRV response 0 at '10.191.44.11'
>> finddcs: performing CLDAP query on 10.191.44.11
>> finddcs: Found matching DC 10.191.44.11 with server_type=0x000003fd
>> Found DC win2003a.autorepl1.test
>> Initialising global parameters
>> adding hidden service IPC$
>> adding hidden service ADMIN$
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> added interface ip=10.191.44.10 nmask=255.255.0.0
>> Starting GENSEC mechanism spnego
>> Starting GENSEC submechanism gssapi_krb5
>> Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for 
>> requested realm
>> Cannot reach a KDC we require to contact 
>> ldap/win2003a.autorepl1.test@ : kinit for administrator@ failed 
>> (Cannot contact any KDC for requested realm: unable to reach any KDC 
>> in realm )
>>
>> Failed to start GENSEC client mech gssapi_krb5: 
>> NT_STATUS_NO_LOGON_SERVERS
>> Starting GENSEC submechanism ntlmssp
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x62898235
>>   NTLMSSP_NEGOTIATE_UNICODE
>>   NTLMSSP_REQUEST_TARGET
>>   NTLMSSP_NEGOTIATE_SIGN
>>   NTLMSSP_NEGOTIATE_SEAL
>>   NTLMSSP_NEGOTIATE_NTLM
>>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>   NTLMSSP_NEGOTIATE_NTLM2
>>   NTLMSSP_NEGOTIATE_TARGET_INFO
>>   NTLMSSP_NEGOTIATE_VERSION
>>   NTLMSSP_NEGOTIATE_128
>>   NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP challenge set by NTLM2
>> challenge is:
>> [0000] 22 F1 6B EE 0C 8F A0 2F                            ".k..../
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x60088235
>>   NTLMSSP_NEGOTIATE_UNICODE
>>   NTLMSSP_REQUEST_TARGET
>>   NTLMSSP_NEGOTIATE_SIGN
>>   NTLMSSP_NEGOTIATE_SEAL
>>   NTLMSSP_NEGOTIATE_NTLM
>>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>   NTLMSSP_NEGOTIATE_NTLM2
>>   NTLMSSP_NEGOTIATE_128
>>   NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x60088235
>>   NTLMSSP_NEGOTIATE_UNICODE
>>   NTLMSSP_REQUEST_TARGET
>>   NTLMSSP_NEGOTIATE_SIGN
>>   NTLMSSP_NEGOTIATE_SEAL
>>   NTLMSSP_NEGOTIATE_NTLM
>>   NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>>   NTLMSSP_NEGOTIATE_NTLM2
>>   NTLMSSP_NEGOTIATE_128
>>   NTLMSSP_NEGOTIATE_KEY_EXCH
>> workgroup is AUTOREPL01
>> realm is autorepl1.test
>> checking samaccountname
>> Adding CN=DEBIAN1,OU=Domain Controllers,DC=autorepl1,DC=test
>> Join failed - cleaning up
>> checking samaccountname
>> Traceback (most recent call last):
>>   File "bin/python/samba/netcmd/__init__.py", line 99, in _run
>>     return self.run(*args, **kwargs)
>>   File "bin/python/samba/netcmd/join.py", line 64, in run
>>     site=site, netbios_name=netbios_name)
>>   File "bin/python/samba/join.py", line 550, in join_DC
>>     ctx.do_join()
>>   File "bin/python/samba/join.py", line 483, in do_join
>>     ctx.join_add_objects()
>>   File "bin/python/samba/join.py", line 314, in join_add_objects
>>     ctx.samdb.add(rec)
>> _ldb.LdbError: (16, 'LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE -<00000057: 
>> LdapErr: DSID-0C090B38, comment: Error in attribute conversion 
>> operation, data 0, vece> <>')
>> Status: FAILED
>>
>>
>>
>> On 11/9/10 7:17 AM, Zahari Zahariev wrote:
>>> Hi Tridge,
>>>
>>> Sorry to break your enthusiasm like this :) but they are already 
>>> gone since these commits:
>>>
>>> === Start 08-11-2010 03:01:01 ===
>>>
>>> @ Clean up old binaries
>>> WAF_MAKE=1 ../buildtools/bin/waf distclean
>>> 'distclean' finished successfully (21.972s)
>>> Status: OK
>>>
>>> @ Pull new source changes
>>> From git://git.samba.org/samba
>>>    e59bf5e..c0297e5  master     ->  origin/master
>>> Updating e59bf5e..c0297e5
>>> Fast forward
>>>  buildtools/wafsamba/samba_deps.py           |    2 +-
>>>  buildtools/wafsamba/samba_install.py        |    8 ++++++--
>>>  buildtools/wafsamba/samba_optimisation.py   |    8 ++++----
>>>  source4/lib/ldb/common/ldb_modules.c        |    5 +++--
>>>  source4/scripting/python/samba/drs_utils.py |    2 ++
>>>  5 files changed, 16 insertions(+), 9 deletions(-)
>>> Status: OK
>>>
>>> @ Committers since last time
>>> COMMAND: git log 
>>> e59bf5efb5cf23ff21f2a2ac7dff8d211070a916..c0297e5e89c48153a6f34f2585f9934bae2b2fbe
>>> Status: OK
>>>
>>> The last one that the commits above fixed was:
>>> ldb: failed to initialise module 
>>> bin/python/samba/../../../bin/modules/ldb/acl.so : Unknown error
>>>
>>> If you are looking for trouble the problem that new implementation 
>>> of "samba-tool join" has
>>> against Win2003 with highest (forest&  domain) functional level 2 
>>> (win2003) is still on the table:
>>>
>>> @ Vampire  from Windows server
>>> Finding a writeable DC for domain 'autorepl1.test'
>>> Found DC win2003a.autorepl1.test
>>> Failed to get CCACHE for GSSAPI client: Cannot contact any KDC for 
>>> requested realm
>>> Failed to start GENSEC client mech gssapi_krb5: 
>>> NT_STATUS_NO_LOGON_SERVERS
>>> workgroup is AUTOREPL01
>>> realm is autorepl1.test
>>> checking samaccountname
>>> Adding CN=DEBIAN1,OU=Domain Controllers,DC=autorepl1,DC=test
>>> Join failed - cleaning up
>>> checking samaccountname
>>> Traceback (most recent call last):
>>>   File "bin/python/samba/netcmd/__init__.py", line 99, in _run
>>>     return self.run(*args, **kwargs)
>>>   File "bin/python/samba/netcmd/join.py", line 64, in run
>>>     site=site, netbios_name=netbios_name)
>>>   File "bin/python/samba/join.py", line 550, in join_DC
>>>     ctx.do_join()
>>>   File "bin/python/samba/join.py", line 483, in do_join
>>>     ctx.join_add_objects()
>>>   File "bin/python/samba/join.py", line 314, in join_add_objects
>>>     ctx.samdb.add(rec)
>>> _ldb.LdbError: (16, 'LDAP error 16 LDAP_NO_SUCH_ATTRIBUTE 
>>> -<00000057: LdapErr: DSID-0C090B38, comment: Error in attribute 
>>> conversion operation, data 0, vece> <>')
>>> Status: FAILED
>>>
>>> Thanks a million!
>>>
>>> On 11/9/10 1:07 AM, tridge at samba.org wrote:
>>>> Hi Zahari,
>>>>
>>>> Can you send me a copy of your vampire test script? I'd like to try
>>>> and track down the problems you're seeing with w2k3.
>>>>
>>>> Cheers, Tridge
>>>
>>
>

More information about the samba-technical mailing list