samba4 and Miscellaneous failure

Oguz Yilmaz oguzyilmazlist at gmail.com
Sun Oct 14 01:40:03 MDT 2012


Hello,

I try to install samba4 in AD replicate DC mode. I will use this replicate
as local ntlm_auth purposes. I have followed howto in
http://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC .
However it seems I have problem with replications and dns. I am using
samba4-4.0.0rc2 on 32 bit centos 5, kernel 3.5.3.

host -t SRV _ldap._tcp.adtest.labristeknoloji.com. 127.0.0.1
does not work.

Error is:
GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see
text): Failed to find HOST82$@ADTEST.LABRISTEKNOLOJI.COM(kvno 5) in keytab
FILE:/var/lib/samba4/private/secrets.keytab (aes256-cts-hmac-sha1-96)

What do you suggest to follow?

*# samba-tool domain join ADTEST.LABRISTEKNOLOJI.COM DC -Uadministrator
--realm=adtest.labristeknoloji.com --server=
WIN-J0TBKSQO4SF.adtest.labristeknoloji.com --dns-backend=SAMBA_INTERNAL*
...
...
Partition[DC=adtest,DC=labristeknoloji,DC=com] objects[25419]
linked_values[0]
Partition[DC=DomainDnsZones,DC=adtest,DC=labristeknoloji,DC=com]
objects[49] linked_values[0]
Partition[DC=ForestDnsZones,DC=adtest,DC=labristeknoloji,DC=com]
objects[18] linked_values[0]
Committing SAM database
Sending DsReplicateUpdateRefs for all the partitions
Setting isSynchronized and dsServiceName
Setting up secrets database
Joined domain ADTEST (SID S-1-5-21-502746074-3176188440-2761278087) as a DC




*[root at host82 ~]# samba-tool drs kcc -Uadministrator
WIN-J0TBKSQO4SF.adtest.labristeknoloji.com

*Password for [ADTEST\administrator]:
Consistency check on WIN-J0TBKSQO4SF.adtest.labristeknoloji.com successful.




*[root at host82 ~]# samba -i -M single -d 2
*lpcfg_load: refreshing parameters from /etc/samba4/smb.conf
samba version 4.0.0rc2-4.1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
samba: using 'single' process model
dreplsrv_partition[CN=Schema,CN=Configuration,DC=adtest,DC=labristeknoloji,DC=com]
loaded
dreplsrv_partition[DC=adtest,DC=labristeknoloji,DC=com] loaded
dreplsrv_partition[CN=Configuration,DC=adtest,DC=labristeknoloji,DC=com]
loaded
dreplsrv_partition[DC=DomainDnsZones,DC=adtest,DC=labristeknoloji,DC=com]
loaded
dreplsrv_partition[DC=ForestDnsZones,DC=adtest,DC=labristeknoloji,DC=com]
loaded
kccsrv_partition[CN=Schema,CN=Configuration,DC=adtest,DC=labristeknoloji,DC=com]
loaded
kccsrv_partition[CN=Configuration,DC=adtest,DC=labristeknoloji,DC=com]
loaded
kccsrv_partition[DC=adtest,DC=labristeknoloji,DC=com] loaded
kccsrv_partition[DC=DomainDnsZones,DC=adtest,DC=labristeknoloji,DC=com]
loaded
kccsrv_partition[DC=ForestDnsZones,DC=adtest,DC=labristeknoloji,DC=com]
loaded


kccsrv_periodic_run(): update
NT_STATUS_OK
all_connected=1, 0 GUIDs returned
found 1 existing nTDSConnection objects
0 connections have been deleted
0 connections have been added
kccsrv_periodic_schedule(300) scheduled for: Sun Oct 14 10:12:51 2012 EEST
dreplsrv_notify_schedule(5) scheduled for: Sun Oct 14 10:07:56 2012 EEST
dns child failed to find name 'eba2d4a9-96d5-47fc-aa8a-0a6344e137ef._
msdcs.adtest.labristeknoloji.com' of type A
dreplsrv_op_pull_source(WERR_BADFILE) for
DC=ForestDnsZones,DC=adtest,DC=labristeknoloji,DC=com
Mapped to DCERPC endpoint 135
dreplsrv_op_pull_source(WERR_BADFILE) for CN=RID
Manager$,CN=System,DC=adtest,DC=labristeknoloji,DC=com
../source4/dsdb/repl/drepl_ridalloc.c:43: RID Manager failed RID allocation
- WERR_BADFILE - extended_ret[0x0]


*(NOTE: I added eba2d4a9-96d5-47fc-aa8a-0a6344e137ef._
msdcs.adtest.labristeknoloji.com to /etc/hosts file and continued. The new
error is the following)*

Could not determine hostname for target computer, cannot use kerberos
Could not determine hostname for target computer, cannot use kerberos
../source4/dsdb/repl/drepl_ridalloc.c:239: Requesting more RIDs from RID
Manager
added nTDSConnection object
'CN=19f7d6be-afee-4e90-88e4-168e4422c1c7,CN=NTDS
Settings,CN=HOST82,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adtest,DC=labristeknoloji,DC=com'
GSS server Update(krb5)(1) Update failed:  Miscellaneous failure (see
text): Failed to find HOST82$@ADTEST.LABRISTEKNOLOJI.COM(kvno 5) in keytab
FILE:/var/lib/samba4/private/secrets.keytab (aes256-cts-hmac-sha1-96)
dcerpc: bind_nak reason 0 - NT_STATUS_UNSUCCESSFUL



*[root at host82 ~]# klist*
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: administrator at ADTEST.LABRISTEKNOLOJI.COM

Valid starting     Expires            Service principal
10/14/12 09:31:53  10/14/12 19:31:56  krbtgt/
ADTEST.LABRISTEKNOLOJI.COM at ADTEST.LABRISTEKNOLOJI.COM
        renew until 10/15/12 09:31:53
10/14/12 09:47:03  10/14/12 19:31:56  ldap/
WIN-J0TBKSQO4SF.ADTEST.LABRISTEKNOLOJI.COM at ADTEST.LABRISTEKNOLOJI.COM


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


*[root at host82 ~]# ktutil*
ktutil:  list
slot KVNO Principal
---- ----
---------------------------------------------------------------------



*[root at host82 ~]# samba-tool drs showrepl
*Default-First-Site-Name\HOST82
DSA Options: 0x00000001
DSA object GUID: c7c9cacc-0ff6-4b5c-a5fd-5d833400f21c
DSA invocationId: 1eb32d15-c1c7-4c05-bfc8-ee7e83d4407a

==== INBOUND NEIGHBORS ====

CN=Configuration,DC=adtest,DC=labristeknoloji,DC=com
        Default-First-Site-Name\WIN-J0TBKSQO4SF via RPC
           DSA object GUID: eba2d4a9-96d5-47fc-aa8a-0a6344e137ef
           Last attempt @ Sun Oct 14 10:01:37 2012 EEST failed, result 31
(WERR_GENERAL_FAILURE)
           2 consecutive failure(s).
           Last success @ NTTIME(0)

DC=adtest,DC=labristeknoloji,DC=com
        Default-First-Site-Name\WIN-J0TBKSQO4SF via RPC
           DSA object GUID: eba2d4a9-96d5-47fc-aa8a-0a6344e137ef
           Last attempt @ Sun Oct 14 10:01:37 2012 EEST failed, result 31
(WERR_GENERAL_FAILURE)
           3 consecutive failure(s).
           Last success @ NTTIME(0)

CN=Schema,CN=Configuration,DC=adtest,DC=labristeknoloji,DC=com
        Default-First-Site-Name\WIN-J0TBKSQO4SF via RPC
           DSA object GUID: eba2d4a9-96d5-47fc-aa8a-0a6344e137ef
           Last attempt @ Sun Oct 14 10:01:37 2012 EEST failed, result 31
(WERR_GENERAL_FAILURE)
           2 consecutive failure(s).
           Last success @ NTTIME(0)

DC=ForestDnsZones,DC=adtest,DC=labristeknoloji,DC=com
        Default-First-Site-Name\WIN-J0TBKSQO4SF via RPC
           DSA object GUID: eba2d4a9-96d5-47fc-aa8a-0a6344e137ef
           Last attempt @ Sun Oct 14 10:01:36 2012 EEST failed, result 31
(WERR_GENERAL_FAILURE)
           2 consecutive failure(s).
           Last success @ NTTIME(0)

DC=DomainDnsZones,DC=adtest,DC=labristeknoloji,DC=com
        Default-First-Site-Name\WIN-J0TBKSQO4SF via RPC
           DSA object GUID: eba2d4a9-96d5-47fc-aa8a-0a6344e137ef
           Last attempt @ Sun Oct 14 10:01:36 2012 EEST failed, result 31
(WERR_GENERAL_FAILURE)
           2 consecutive failure(s).
           Last success @ NTTIME(0)

==== OUTBOUND NEIGHBORS ====

==== KCC CONNECTION OBJECTS ====

ERROR(exceptions.AttributeError): uncaught exception - 'str' object has no
attribute 'partition'
  File "/usr/lib/python2.4/site-packages/samba/netcmd/__init__.py", line
168, in _run
    return self.run(*args, **kwargs)
  File "/usr/lib/python2.4/site-packages/samba/netcmd/drs.py", line 173, in
run
    c_rdn, sep, c_server_dn = c['fromServer'][0].partition(',')


More information about the samba-technical mailing list