[Samba] joining samba 3.0.25b on aix to a native w2k domain
Jeroen Kleijer
jeroen.kleijer at xs4all.nl
Sat Jul 7 22:09:01 GMT 2007
Hi,
I've compiled Samba 3.0.25b on an AIX 5.2 machine without any hassle
(also without ADS / Kerberos Support!) but getting it to join our AD
domain is a true PITA.
The AIX machine is called NLXDRZ05, the domain D-REIZEN.INTRA (could
also be D-REIZEN, I'm a Unix guy, not an NT guy and I usually leave that
stuff to the people that know what they're doing)
I've had a machine account created in the domain, had a user account
created with which I can join the machine to the domain (user smbinst)
after some initial trouble I was able to join the machine to the domain.
The very next day however, it seemed to have lost its trust relationship
and I tried to do the same steps as I did the day before but somehow
this won't work and I can't join the domain any more. I've had the
computer account deleted and recreated but this didn't help.
My smb.conf file looks like this.
#
# $Id: smb.conf,v 1.9 2005/10/31 14:30:25 nl10638 Exp $
#
[global]
## workgroup = D-REIZEN.INTRA ## (I switch between D-REIZEN and
D-REIZEN.INTRA for testing purposes)
workgroup = D-REIZEN
netbios name = NLXDRZ05
server string = nlxdrz05 - Atos Origin +31(0)40-2785088
security = DOMAIN
encrypt passwords = Yes
password server = 10.100.2.104 10.100.2.105
## log file = /appl/samba/config/log.smbd
log level = 2
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
max log size = 500
username map = /appl/samba/config/username.map
client use spnego = Yes
## client schannel = No
(I've tried using the domains / workgroups D-REIZEN.INTRA (which I could
initially join succesfully to but it stated "Succesfully joined the
D-REIZEN domain!") and the plain D-REIZEN domain but to no avail)
Trying to make it join the D-REIZEN.INTRA domain again results in the
following messages: (I'm not quite sure what the NT_STATUS_ACCESS_DENIED
means but I'm not too fond of it)
root at nlxdrz05:/appl/samba/src/samba-3.0.25b/source
/appl/samba/cur/bin/net rpc join -U smbinst MEMBER -w D-REIZEN.INTRA -I NLXDRZ05 -S 10.100.2.104 -d 3
[2007/07/06 18:24:45, 3] param/loadparm.c:lp_load(5024)
lp_load: refreshing parameters
[2007/07/06 18:24:45, 3] param/loadparm.c:init_globals(1424)
Initialising global parameters
[2007/07/06 18:24:45, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/appl/samba/config/smb.conf"
[2007/07/06 18:24:45, 3] param/loadparm.c:do_section(3763)
Processing section "[global]"
[2007/07/06 18:24:45, 2] lib/interface.c:add_interface(81)
added interface ip=10.100.2.44 bcast=10.100.2.255 nmask=255.255.255.0
[2007/07/06 18:24:45, 2] lib/interface.c:add_interface(81)
added interface ip=10.192.20.227 bcast=10.192.20.255 nmask=255.255.255.192
[2007/07/06 18:24:45, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.1.18 bcast=192.168.1.255 nmask=255.255.255.0
[2007/07/06 18:24:45, 3] libsmb/cliconnect.c:cli_start_connection(1505)
Connecting to host=10.100.2.104
[2007/07/06 18:24:45, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.100.2.44 at port 445
[2007/07/06 18:24:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 10.100.2.104 pipe \lsarpc fnum 0x77d0 bind request returned ok.
W[2007/07/06 18:24:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 10.100.2.104 pipe \NETLOGON fnum 0x77d1 bind request returned ok.
[2007/07/06 18:24:46, 3] libsmb/trusts_util.c:just_change_the_password(57)
just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2007/07/06 18:24:46, 1] utils/net_rpc.c:run_rpc_command(170)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password: <manually entering the password>
[2007/07/06 18:24:48, 3] libsmb/cliconnect.c:cli_start_connection(1505)
Connecting to host=10.100.2.104
[2007/07/06 18:24:48, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.100.2.44 at port 445
[2007/07/06 18:24:48, 3] libsmb/cliconnect.c:cli_session_setup_spnego(789)
Doing spnego session setup (blob length=58)
[2007/07/06 18:24:48, 3] libsmb/cliconnect.c:cli_session_setup_spnego(814)
got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/06 18:24:48, 3] libsmb/cliconnect.c:cli_session_setup_spnego(822)
got principal=NONE
[2007/07/06 18:24:49, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018)
Got challenge flags:
[2007/07/06 18:24:49, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60898215
[2007/07/06 18:24:49, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040)
NTLMSSP: Set final flags:
[2007/07/06 18:24:49, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2007/07/06 18:24:49, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2007/07/06 18:24:49, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2007/07/06 18:24:59, 0] libsmb/clientgen.c:cli_receive_smb(112)
Receiving SMB: Server stopped responding
[2007/07/06 18:24:59, 3] libsmb/cliconnect.c:cli_session_setup(957)
SPNEGO login failed: NT_STATUS_IO_TIMEOUT
[2007/07/06 18:24:59, 1] libsmb/cliconnect.c:cli_full_connection(1605)
failed session setup with NT_STATUS_IO_TIMEOUT
Could not connect to server 10.100.2.104
Connection failed: NT_STATUS_IO_TIMEOUT
[2007/07/06 18:24:59, 2] utils/net.c:main(1032)
return code = 1
It waits for a couple of seconds, gets a timeout and exits with exit
status 1 not joined to the domain.
If, however, I try to get it to join it to the D-REIZEN domain (instead
of D-REIZEN.INTRA) I don't get the timeout but I immediately get thrown
out with a NT_STATUS_TRUSTED_RELATION_SHIP_FAILURE. (and again, just
prior to enter my password I get the NT_STATUS_ACCESS_DENIED)
root at nlxdrz05:/appl/samba/src/samba-3.0.25b/source
/appl/samba/cur/bin/net rpc join -U smbinst MEMBER -w D-REIZEN -I NLXDRZ05
[2007/07/06 18:32:54, 3] param/loadparm.c:lp_load(5024)
lp_load: refreshing parameters
[2007/07/06 18:32:54, 3] param/loadparm.c:init_globals(1424)
Initialising global parameters
[2007/07/06 18:32:54, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/appl/samba/config/smb.conf"
[2007/07/06 18:32:54, 3] param/loadparm.c:do_section(3763)
Processing section "[global]"
[2007/07/06 18:32:54, 2] lib/interface.c:add_interface(81)
added interface ip=10.192.20.227 bcast=10.192.20.255 nmask=255.255.255.192
[2007/07/06 18:32:54, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.1.18 bcast=192.168.1.255 nmask=255.255.255.0
[2007/07/06 18:32:54, 3] libsmb/cliconnect.c:cli_start_connection(1505)
Connecting to host=10.100.2.104
[2007/07/06 18:32:54, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.100.2.44 at port 445
[2007/07/06 18:32:54, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 10.100.2.104 pipe \lsarpc fnum 0x706a bind request returned ok.
[2007/07/06 18:32:54, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine 10.100.2.104 pipe \NETLOGON fnum 0x706b bind request returned ok.
[2007/07/06 18:32:54, 3] libsmb/trusts_util.c:just_change_the_password(57)
just_change_the_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)!
[2007/07/06 18:32:54, 1] utils/net_rpc.c:run_rpc_command(170)
rpc command function failed! (NT_STATUS_ACCESS_DENIED)
Password:
[2007/07/06 18:32:57, 3] libsmb/cliconnect.c:cli_start_connection(1505)
Connecting to host=10.100.2.104
[2007/07/06 18:32:57, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.100.2.44 at port 445
[2007/07/06 18:32:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(789)
Doing spnego session setup (blob length=58)
[2007/07/06 18:32:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(814)
got OID=1 3 6 1 4 1 311 2 2 10
[2007/07/06 18:32:57, 3] libsmb/cliconnect.c:cli_session_setup_spnego(822)
got principal=NONE
[2007/07/06 18:32:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018)
Got challenge flags:
[2007/07/06 18:32:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60898215
[2007/07/06 18:32:57, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040)
NTLMSSP: Set final flags:
[2007/07/06 18:32:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2007/07/06 18:32:57, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2007/07/06 18:32:57, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2007/07/06 18:32:57, 3] libsmb/cliconnect.c:cli_session_setup(957)
SPNEGO login failed: Trust relationship failure
[2007/07/06 18:32:57, 1] libsmb/cliconnect.c:cli_full_connection(1605)
failed session setup with NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
Could not connect to server 10.100.2.104
Connection failed: NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE
[2007/07/06 18:32:57, 2] utils/net.c:main(1032)
return code = 1
Does this look familiar to any one?
Regards,
Jeroen Kleijer
More information about the samba
mailing list