Joining Samba 4.0.1 AD DC to Win2k3 domain
Carlos Miguel Bustillo Rdguez
cbustillo at uclv.edu.cu
Wed Jan 23 20:36:33 MST 2013
I join Samba 4.0.1 as second DC to Wind2k3 domain successful. The problem is: I can't connect to Samba DNS (I use as DNS backend Bind 9.8.1 with bind_dlz plugin) through DNS Management Tool in my client with Windows XP, the message say that is impossible to connect to Active Directory, but I can to connect Samba DC through Active Directory Users and Computers Tool and I can connect to Windows DC with Active Directory Users and Computers and DNS Management without problem.
After a while the output in log.samba:
[2013/01/23 15:17:56, 0] ../source4/smbd/server.c:369(binary_smbd_main)
samba version 4.0.1 started.
Copyright Andrew Tridgell and the Samba Team 1992-2012
[2013/01/23 15:17:56, 0] ../source4/smbd/server.c:475(binary_smbd_main)
samba: using 'standard' process model
[2013/01/23 15:18:20, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2013/01/23 15:18:20, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2013/01/23 15:18:55, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2013/01/23 15:18:55, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2013/01/23 15:19:21, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
[2013/01/23 15:19:21, 0] ../auth/ntlmssp/ntlmssp_sign.c:236(ntlmssp_check_packet)
NTLMSSP NTLM2 packet check failed due to invalid signature!
These messages appears when I work with Windows Administrative Tools
Regards, Carlos
On 01/23/2013 12:55 AM, Stefan (metze) Metzmacher wrote:
La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en: http://www.uclv.edu.cu
ForwardedMessage.eml
Subject:
Re: Joining Samba 4.0.1 AD DC to Win2k3 domain
From:
"Stefan (metze) Metzmacher" <metze at samba.org><mailto:metze at samba.org>
Date:
01/23/2013 12:55 AM
To:
"Carlos Miguel Bustillo Rodriguez" <cbustillo at uclv.edu.cu><mailto:cbustillo at uclv.edu.cu>
CC:
"samba-technical at lists.samba.org"<mailto:samba-technical at lists.samba.org> <samba-technical at lists.samba.org><mailto:samba-technical at lists.samba.org>
Hi Carlos,
> to join my Samba 4.0.1 as DC to Win2k3 existing domain I followed
> the steps in
> https://wiki.samba.org/index.php/Samba4/HOWTO/Join_a_domain_as_a_DC
>
> When I join to existing domain:
>
> root at debian:~# samba-tool domain join ict.net DC -Uadministrator
> --realm=ict.net --dns-backend=BIND9_DLZ
> Finding a writeable DC for domain 'ict.net'
> Found DC msad2003.ict.net
> Password for [WORKGROUP\administrator]:
> workgroup is ICT
> realm is ict.net
> checking sAMAccountName
> Deleted CN=NTDS
> Settings,CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
>
> Deleted
> CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
>
> Adding CN=DEBIAN,OU=Domain Controllers,DC=ict,DC=net
> Adding
> CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
>
> Adding CN=NTDS
> Settings,CN=DEBIAN,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ict,DC=net
>
> Adding SPNs to CN=DEBIAN,OU=Domain Controllers,DC=ict,DC=net
> Setting account password for DEBIAN$
> Enabling account
> Calling bare provision
> No IPv6 address will be assigned
> Provision OK for domain DN DC=ict,DC=net
> Starting replication
> Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[267]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[534]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[801]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[1068]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[1335]
> linked_values[0]
> Schema-DN[CN=Schema,CN=Configuration,DC=ict,DC=net] objects[1378]
> linked_values[0]
> Analyze and apply schema objects
> Partition[CN=Configuration,DC=ict,DC=net] objects[267] linked_values[0]
> Partition[CN=Configuration,DC=ict,DC=net] objects[534] linked_values[0]
> Partition[CN=Configuration,DC=ict,DC=net] objects[801] linked_values[0]
> Partition[CN=Configuration,DC=ict,DC=net] objects[1068] linked_values[0]
> Partition[CN=Configuration,DC=ict,DC=net] objects[1335] linked_values[0]
> Partition[CN=Configuration,DC=ict,DC=net] objects[1525] linked_values[10]
> Replicating critical objects from the base DN of the domain
> Partition[DC=ict,DC=net] objects[93] linked_values[0]
> Partition[DC=ict,DC=net] objects[296] linked_values[0]
> Done with always replicated NC (base, config, schema)
> Replicating DC=DomainDnsZones,DC=ict,DC=net
> Partition[DC=DomainDnsZones,DC=ict,DC=net] objects[43] linked_values[0]
> Replicating DC=ForestDnsZones,DC=ict,DC=net
> Partition[DC=ForestDnsZones,DC=ict,DC=net] objects[19] linked_values[0]
> Partition[DC=ForestDnsZones,DC=ict,DC=net] objects[38] linked_values[0]
> Committing SAM database
> descriptor_sd_propagation_recursive: DC=DomainDnsZones,DC=ict,DC=net not
> found under DC=ict,DC=net
> descriptor_sd_propagation_recursive: DC=ForestDnsZones,DC=ict,DC=net not
> found under DC=ict,DC=net
> Sending DsReplicateUpdateRefs for all the replicated partitions
> Setting isSynchronized and dsServiceName
> Setting up secrets database
> Joined domain ICT (SID S-1-5-21-78866413-693563199-3619600819) as a DC
>
> There are two lines that worry me:
> descriptor_sd_propagation_recursive:
> DC=DomainDnsZones,DC=ict,DC=net not found under DC=ict,DC=net
> descriptor_sd_propagation_recursive:
> DC=ForestDnsZones,DC=ict,DC=net not found under DC=ict,DC=net
>
> Is normal this output??
These are ok, because it complain about naming context (partition) heads,
I may fix this 2 special cases in future releases.
metze
________________________________
La Universidad Central "Marta Abreu" de Las Villas en su 60 Aniversario. Fundada el 30 de noviembre de 1952. Visítenos en: http://www.uclv.edu.cu
More information about the samba-technical
mailing list