[Samba] Error while contacting ADS from Samba server
Rahul
rahulsahadev at gmail.com
Sat Jul 28 14:39:43 GMT 2007
Hi Doug,
Thanks for your timely reply.
We have verified the things which you have mentioned in your mail in the
security settings but with any combination the result does not change. We
have also resolved the invalid parameters and module load warnings that was
getting reported in the log file.
When we give net rpc join -U Username%password , its joining to the domain.
But when we give net ads join -U username%password , its giving problem and
reporting the following error
Failed to get ldap server info
ads_connect: No results returned
I had attached the log file (with ebug level set to 10) in the last mail
that was the output of
net ads join command
I am pasting the samba global setting here,
[global]
workgroup=jhcc
realm=JHCC.ORG
idmap uid=1000-1500
idmap gid=1000-1500
wins server=172.16.64.21
server string=sanatserver
netbios name=terabox
encrypt passwords=yes
interfaces=eth0
socket options=TCP_NODELAY
read raw=yes
write raw=yes
oplocks=no
level2 oplocks=no
unix extensions=no
template shell=/bin/false
directory mask=0770
create mask=0770
veto
files=/aquota.group/aquota.user/lost+found/.owner*/quota.group/quota.user/
root preexec=/usr/local/arm/samba/bin/smb-preexec '%S' '%I' '%U'
'%a' '%T'
root preexec close=Yes
root postexec=/usr/local/arm/samba/bin/smb-postexec '%S' '%I' '%U'
'%a' '%T'
security=ADS
ldap ssl=no
password server=*
winbind separator=+
If any other group members can throw light on this issue it will be helpful.
regards,
Rahul
On 7/28/07, Doug VanLeuven <roamdad at sonic.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rahul wrote:
> > Hi List,
> > We have a problem in connecting ADS server from SAMBA. Whenever
> we
> > try to contact the
> > ADS server from the Samba its giving error as LDAP_NO_RESULTS_RETURNED.
> <snip>
> > doing parameter write cache size = 262144
> > [2007/07/26 23:56:48, 1] param/loadparm.c:lp_do_parameter(3283)
> > WARNING: The "write cache size" option is deprecated
> > doing parameter read size = 65536
> > [2007/07/26 23:56:48, 0] param/loadparm.c:map_parameter(2536)
> > Unknown parameter encountered: "read size"
>
> You really should run "testparm -sv 2>&1|less" and resolve any errors
> first off.
>
> <snip>
> > Probing module 'ANSI_X3.4-1968'
> > [2007/07/26 23:56:48, 5] lib/module.c:smb_probe_module(115)
> > Probing module 'ANSI_X3.4-1968': Trying to load from
> > /usr/local/arm/samba/lib/charset/ANSI_X3.4-1968.so
> > [2007/07/26 23:56:48, 3] lib/module.c:do_smb_load_module(49)
> > Error loading module '/usr/local/arm/samba/lib/charset/ANSI_X3.4-
> 1968.so':
> > /usr/local/arm/samba/lib/charset/ANSI_X3.4-1968.so: cannot open shared
> > object file: No such file or directory
> > [2007/07/26 23:56:48, 5] lib/charcnv.c:charset_name(78)
> > Locale charset 'ANSI_X3.4-1968' unsupported, using ASCII instead
>
> The code is doing what it can to let you know there are problems with
> the basic configuration file, and possibly the installation.
>
> <snip>
> > [2007/07/26 23:56:50, 4] libsmb/namequery.c:get_dc_list(1406)
> > get_dc_list: returning 2 ip addresses in an unordered list
> > [2007/07/26 23:56:50, 4] libsmb/namequery.c:get_dc_list(1407)
> > get_dc_list: 172.16.64.21:389 172.16.64.27:389
> > [2007/07/26 23:56:50, 5] libads/ldap.c:ads_try_connect(123)
> > ads_try_connect: trying ldap server '172.16.64.21' port 389
> > [2007/07/26 23:56:50, 3] libads/ldap.c:ads_connect(285)
> > Connected to LDAP server 172.16.64.21
> > [2007/07/26 23:56:50, 1] libads/ldap.c:ads_connect(289)
> > Failed to get ldap server info
> > [2007/07/26 23:56:50, 0] utils/net_ads.c:ads_startup(191)
> > ads_connect: No results returned
> > [2007/07/26 23:56:50, 2] utils/net.c:main(873)
> > return code = -1
>
> There are 2 DC's being found, but the connection is being refused like
> you describe.
>
> I thought (until samba4) that domain controller policy had to allow
> anonymous connections, but I've found a messages that suggest this just
> masks an underlying problem.
>
> Security settings/local policy/security options/
> Allow anonymous SID/Name translation (enabled)
> Do not allow anonymous enumeration of SAM accounts (disabled)
> Do not allow anonymous enumeration of SAM accounts
> and shares (disabled)
>
> See how they're set and maybe experiment with one or more settings.
>
> Make sure the domain join is OK.
>
> Try and fix the config files (obsolete & unknown values) and
> installation (missing objects). Over the years I've learned errors in
> the config can have unpredictable impacts on performance. Start
> troubleshooting with a clean slate.
>
> Regards, Doug
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFGqu4tFqWysr/jOHMRAiSKAJ9eN8hUx64DX6+CmsdkttYy2mmQbwCgvZ4S
> y5rGYNTdkqSrOr09PW+npAM=
> =OsgQ
> -----END PGP SIGNATURE-----
>
--
regards,
Rahul
More information about the samba
mailing list