[Samba] Error while contacting ADS from Samba server

Rahul rahulsahadev at gmail.com
Sat Jul 28 14:39:43 GMT 2007 

Hi Doug,
        Thanks for your timely reply.

We have verified the things which you have mentioned in your mail in the
security settings but with any combination the result does not change. We
have also resolved the invalid parameters and module load warnings that was
getting reported in the log file.

When we give net rpc join -U Username%password , its joining to the domain.
But when we give net ads join  -U username%password , its giving problem and
reporting the following error

   Failed to get ldap server info
   ads_connect: No results returned

I had attached the log file (with ebug level set to 10) in the last mail
that was the output of
net ads join command

I am pasting the samba global setting here,

   [global]
        workgroup=jhcc
        realm=JHCC.ORG
        idmap uid=1000-1500
        idmap gid=1000-1500
        wins server=172.16.64.21
        server string=sanatserver
        netbios name=terabox
        encrypt passwords=yes
        interfaces=eth0
        socket options=TCP_NODELAY
        read raw=yes
        write raw=yes
        oplocks=no
        level2 oplocks=no
        unix extensions=no
        template shell=/bin/false
        directory mask=0770
        create mask=0770
        veto
files=/aquota.group/aquota.user/lost+found/.owner*/quota.group/quota.user/
        root preexec=/usr/local/arm/samba/bin/smb-preexec '%S' '%I' '%U'
'%a' '%T'
        root preexec close=Yes
        root postexec=/usr/local/arm/samba/bin/smb-postexec '%S' '%I' '%U'
'%a' '%T'
        security=ADS
        ldap ssl=no
        password server=*
        winbind separator=+

If any other group members can throw light on this issue it will be helpful.

regards,
      Rahul



On 7/28/07, Doug VanLeuven <roamdad at sonic.net> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Rahul wrote:
> > Hi List,
> >         We have a problem in connecting ADS server from SAMBA. Whenever
> we
> > try to contact the
> > ADS server from the Samba its giving error as LDAP_NO_RESULTS_RETURNED.
> <snip>
> >   doing parameter write cache size = 262144
> > [2007/07/26 23:56:48, 1] param/loadparm.c:lp_do_parameter(3283)
> >   WARNING: The "write cache size" option is deprecated
> >   doing parameter read size = 65536
> > [2007/07/26 23:56:48, 0] param/loadparm.c:map_parameter(2536)
> >   Unknown parameter encountered: "read size"
>
> You really should run "testparm -sv 2>&1|less" and resolve any errors
> first off.
>
> <snip>
> >   Probing module 'ANSI_X3.4-1968'
> > [2007/07/26 23:56:48, 5] lib/module.c:smb_probe_module(115)
> >   Probing module 'ANSI_X3.4-1968': Trying to load from
> > /usr/local/arm/samba/lib/charset/ANSI_X3.4-1968.so
> > [2007/07/26 23:56:48, 3] lib/module.c:do_smb_load_module(49)
> >   Error loading module '/usr/local/arm/samba/lib/charset/ANSI_X3.4-
> 1968.so':
> > /usr/local/arm/samba/lib/charset/ANSI_X3.4-1968.so: cannot open shared
> > object file: No such file or directory
> > [2007/07/26 23:56:48, 5] lib/charcnv.c:charset_name(78)
> >   Locale charset 'ANSI_X3.4-1968' unsupported, using ASCII instead
>
> The code is doing what it can to let you know there are problems with
> the basic configuration file, and possibly the installation.
>
> <snip>
> > [2007/07/26 23:56:50, 4] libsmb/namequery.c:get_dc_list(1406)
> >   get_dc_list: returning 2 ip addresses in an unordered list
> > [2007/07/26 23:56:50, 4] libsmb/namequery.c:get_dc_list(1407)
> >   get_dc_list: 172.16.64.21:389 172.16.64.27:389
> > [2007/07/26 23:56:50, 5] libads/ldap.c:ads_try_connect(123)
> >   ads_try_connect: trying ldap server '172.16.64.21' port 389
> > [2007/07/26 23:56:50, 3] libads/ldap.c:ads_connect(285)
> >   Connected to LDAP server 172.16.64.21
> > [2007/07/26 23:56:50, 1] libads/ldap.c:ads_connect(289)
> >   Failed to get ldap server info
> > [2007/07/26 23:56:50, 0] utils/net_ads.c:ads_startup(191)
> >   ads_connect: No results returned
> > [2007/07/26 23:56:50, 2] utils/net.c:main(873)
> >   return code = -1
>
> There are 2 DC's being found, but the connection is being refused like
> you describe.
>
> I thought (until samba4) that domain controller policy had to allow
> anonymous connections, but I've found a messages that suggest this just
> masks an underlying problem.
>
> Security settings/local policy/security options/
>   Allow anonymous SID/Name translation (enabled)
>   Do not allow anonymous enumeration of SAM accounts (disabled)
>   Do not allow anonymous enumeration of SAM accounts
>                                           and shares (disabled)
>
> See how they're set and maybe experiment with one or more settings.
>
> Make sure the domain join is OK.
>
> Try and fix the config files (obsolete & unknown values) and
> installation (missing objects).  Over the years I've learned errors in
> the config can have unpredictable impacts on performance.  Start
> troubleshooting with a clean slate.
>
> Regards, Doug
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
> Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org
>
> iD8DBQFGqu4tFqWysr/jOHMRAiSKAJ9eN8hUx64DX6+CmsdkttYy2mmQbwCgvZ4S
> y5rGYNTdkqSrOr09PW+npAM=
> =OsgQ
> -----END PGP SIGNATURE-----
>



-- 
regards,
       Rahul

More information about the samba mailing list