Confused [Was: Upgrade from S3 to a Samba4 DC [with LDAPSAM]]

Adam Tauno Williams awilliam at whitemice.org
Mon Oct 31 13:54:18 MDT 2011 

Quoting Adam Tauno Williams <awilliam at whitemice.org>:
> Quoting Adam Tauno Williams <awilliam at whitemice.org>:
>> So I have an S4 instance I've built from an upgrade of a Samba 3  
>> LDAPSAM domain.
>> I took an XP workstation off the production network, created the  
>> Samba4 instance, brought it up on its own network and connected the  
>> XP workstation.  Attempting to login on the XP workstation and it  
>> says "domain unavailable".  Hrmm....
>> I can get tickets as an 'upgraded' domain user.
>>  kinit adam at MICORE.US
>> DNS is working.
>>  host -t SRV _ldap._tcp.micore.us.
>>  host -t SRV _kerberos._udp.micore.us.
>>  host -t A barbel.micore.us.
>> But -
>> Ignoring unknown parameter "server role"
>> SID for domain BARBEL is: S-1-5-21-2037442776-3290224752-88127236
>> barbel:~ # net getdomainsid
>> Ignoring unknown parameter "server role"
>> SID for local machine BARBEL is: S-1-5-21-2037442776-3290224752-88127236
>> Could not fetch domain SID
>> ... should the domain SID be fetchable?  Is the upgraded domain  
>> somehow disabled?
>> That is the same SID as the S3 DC.
> Attempting to access the domain from the XP workstation by  
> specifying \\{serverName}\netlogon and using "BACKBONE\adam" and the  
> password appears to authenticate but then fails with a "The security  
> ID structure is invalid."  [BACKBONE was the NetBIOS domain of the  
> upgraded domain].

I Updated the Samba4 to the latest git [4.0.0alpha18-GIT-63c7107]

It appears the error is here -
[2011/10/31 15:49:00,  5] ../source4/dsdb/samdb/samdb.c:81(samdb_credentials)
   (normal if no LDAP backend) Could not find entry to match filter:  
'(&(objectclass=ldapSecret)(cn=SAMDB Credentials))' base: '': No such  
object: (null)
[2011/10/31 15:49:00,  5] ../auth/gensec/gensec_start.c:616(gensec_start_mech)
   Starting GENSEC mechanism spnego
[2011/10/31 15:49:00,  5] ../auth/gensec/gensec_start.c:616(gensec_start_mech)
   Starting GENSEC submechanism gssapi_krb5
[2011/10/31 15:49:00,  1]  
../source4/auth/gensec/gensec_gssapi.c:638(gensec_gssapi_update)
   GSS server Update(krb5)(1) Update failed:  An unsupported mechanism  
was requested: unknown mech-code 0 for mech 1 2 840 113554 1 2 2
[2011/10/31 15:49:00,  1]  
../source4/auth/gensec/spnego.c:555(gensec_spnego_parse_negTokenInit)
   SPNEGO(gssapi_krb5) NEG_TOKEN_INIT failed: NT_STATUS_LOGON_FAILURE
[2011/10/31 15:49:00,  2]  
../source4/auth/gensec/spnego.c:727(gensec_spnego_server_negTokenTarg)
   SPNEGO login failed: NT_STATUS_LOGON_FAILURE
[2011/10/31 15:49:00, 10] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
   smbsrv_recv
[2011/10/31 15:49:00, 10] ../source4/smb_server/smb_server.c:94(smbsrv_recv)
   smbsrv_recv
[2011/10/31 15:49:00,  5]  
../source4/smb_server/smb/receive.c:507(switch_message)
   switch message SMBtconX (task_id 0:2328.0)

Is this a problem in the provisioned database [No such object: (null)]  
or in some interaction with the XP client [unknown mech-code 0 for  
mech].

More information about the samba-technical mailing list