[Samba] Unable to join ADS domain with 3.3.0rc1 on Suse 11.0 linux
Luciano Mannucci
luciano at vespaperitivo.it
Wed Dec 3 11:06:44 GMT 2008
I'm setting up anew server with 3.3.0rc1 and cannot join my AD domain.
It may not be a problem strictly linked to the samba versiom, for my
Active Directory administrators have tightened and enforced security
policies since last time I joined a linux server succefully.
BTW, this is what I get with net join command:
namenor:/usr/src/local/samba/samba-3.3.0rc1/source # net ads join -S
gilgamesh.mcs.it -U Administrator -d10 [2008/12/03 12:00:06, 5]
lib/debug.c:debug_dump_status(407) INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
[2008/12/03 12:00:06, 3] param/loadparm.c:lp_load_ex(8790)
lp_load_ex: refreshing parameters
[2008/12/03 12:00:06, 3] param/loadparm.c:init_globals(4626)
Initialising global parameters
[2008/12/03 12:00:06, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2008/12/03 12:00:06, 3] param/loadparm.c:do_section(7453)
Processing section "[global]"
doing parameter security = ADS
doing parameter realm = mcs2003.it
doing parameter workgroup = MCS2003
doing parameter netbios name = NAMENOR
[2008/12/03 12:00:06, 4] param/loadparm.c:handle_netbios_name(6806)
handle_netbios_name: set global_myname to: NAMENOR
doing parameter server string = Samba: version %v, host %h
doing parameter password server = *
doing parameter name resolve order = wins bcast
doing parameter printing = cups
doing parameter printcap name = cups
doing parameter printcap cache time = 750
doing parameter cups options = raw
doing parameter map to guest = Bad User
doing parameter idmap uid = 3000-8004
doing parameter idmap gid = 800-1988
doing parameter winbind enum groups = yes
doing parameter logon path = \\%L\profiles\.msprofile
doing parameter logon home = \\%L\%U\.9xprofile
doing parameter logon drive = P:
doing parameter unix extensions = Yes
doing parameter encrypt passwords = Yes
doing parameter usershare allow guests = No
[2008/12/03 12:00:06, 4] param/loadparm.c:lp_load_ex(8834)
pm_process() returned Yes
[2008/12/03 12:00:06, 7] param/loadparm.c:lp_servicenumber(9039)
lp_servicenumber: couldn't find homes
[2008/12/03 12:00:06, 10] param/loadparm.c:set_server_role(8012)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UCS-2LE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UCS-2LE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF-16LE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF-16LE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UCS-2BE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UCS-2BE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF-16BE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF-16BE
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF8
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF8
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF-8
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF-8
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset ASCII
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset ASCII
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset 646
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset 646
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset ISO-8859-1
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset ISO-8859-1
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UCS2-HEX
[2008/12/03 12:00:06, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UCS2-HEX
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2008/12/03 12:00:06, 5] lib/util.c:init_names(269)
Netbios name list:-
my_netbios_names[0]="NAMENOR"
[2008/12/03 12:00:06, 2] lib/interface.c:add_interface(337)
added interface eth0 ip=192.168.132.26 bcast=192.168.132.255
netmask=255.255.255.0 Enter Administrator's password:
[2008/12/03 12:00:11, 1] libnet/libnet_join.c:libnet_Join(1862)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : 'gilgamesh.mcs.it'
machine_name : 'NAMENOR'
domain_name : *
domain_name : 'MCS2003.IT'
account_ou : NULL
admin_account : 'Administrator'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2008/12/03 12:00:11, 3] libsmb/cliconnect.c:cli_start_connection(1630)
Connecting to host=gilgamesh.mcs.it
[2008/12/03 12:00:11, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/locks/gencache.tdb
[2008/12/03 12:00:11, 10] lib/gencache.c:gencache_get(208)
Returning valid cache entry: key = AD_SITENAME/DOMAIN/MCS2003.IT, value =
Default-First-Site-Name, timeout = Tue Jan 19 04:14:07 2038 [2008/12/03
12:00:11, 5] libads/dns.c:sitename_fetch(817) sitename_fetch: Returning
sitename for MCS2003.IT: "Default-First-Site-Name" [2008/12/03 12:00:11, 10]
libsmb/namequery.c:internal_resolve_name(1443) internal_resolve_name: looking
up gilgamesh.mcs.it#20 (sitename Default-First-Site-Name) [2008/12/03 12:00:11,
10] lib/gencache.c:gencache_get(194) Cache entry with key =
NBT/GILGAMESH.MCS.IT#20 couldn't be found [2008/12/03 12:00:11, 5]
libsmb/namecache.c:namecache_fetch(229) no entry for gilgamesh.mcs.it#20 found.
[2008/12/03 12:00:11, 3] libsmb/namequery.c:resolve_wins(1026)
resolve_wins: Attempting wins lookup for name gilgamesh.mcs.it<0x20>
[2008/12/03 12:00:11, 3] libsmb/namequery.c:resolve_wins(1030)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2008/12/03 12:00:11, 3] libsmb/namequery.c:name_resolve_bcast(953)
name_resolve_bcast: Attempting broadcast lookup for name
gilgamesh.mcs.it<0x20> [2008/12/03 12:00:11, 10]
lib/util_sock.c:open_socket_in(1280) bind succeeded on port 0
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_KEEPALIVE = 0
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_REUSEADDR = 1
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_BROADCAST = 1
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(778)
Could not test socket option TCP_NODELAY.
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(778)
Could not test socket option TCP_KEEPCNT.
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(778)
Could not test socket option TCP_KEEPIDLE.
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(778)
Could not test socket option TCP_KEEPINTVL.
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option IPTOS_LOWDELAY = 0
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option IPTOS_THROUGHPUT = 0
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_SNDBUF = 109568
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_RCVBUF = 109568
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_SNDLOWAT = 1
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_RCVLOWAT = 1
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_SNDTIMEO = 0
[2008/12/03 12:00:11, 5] lib/util_sock.c:print_socket_options(781)
socket option SO_RCVTIMEO = 0
[2008/12/03 12:00:11, 5] libsmb/nmblib.c:send_udp(824)
Sending a packet of len 50 to (192.168.132.255) on port 137
[2008/12/03 12:00:11, 5] libsmb/nmblib.c:send_udp(824)
Sending a packet of len 50 to (192.168.132.255) on port 137
[2008/12/03 12:00:12, 5] libsmb/nmblib.c:send_udp(824)
Sending a packet of len 50 to (192.168.132.255) on port 137
[2008/12/03 12:00:12, 1] libsmb/cliconnect.c:cli_start_connection(1637)
cli_start_connection: failed to connect to GILGAMESH.MCS.IT<20> (0.0.0.0).
Error NT_STATUS_BAD_NETWORK_NAME [2008/12/03 12:00:12, 1]
libnet/libnet_join.c:libnet_Join(1893) libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for domain
'MCS2003.IT' over rpc: The network name cannot be found'
domain_is_ad : 0x00 (0) result :
WERR_NO_SUCH_SHARE [2008/12/03 12:00:12, 10] intl/lang_tdb.c:lang_tdb_init(138)
lang_tdb_init: /usr/lib/samba/POSIX.msg: No such file or directory
Failed to join domain: failed to lookup DC info for domain 'MCS2003.IT' over
rpc: The network name cannot be found [2008/12/03 12:00:12, 2]
utils/net.c:main(769) return code = -1
namenor:/usr/src/local/samba/samba-3.3.0rc1/source #
I have compiled with:
sh configure --prefix=/usr --sysconfdir=/etc/samba --localstatedir=/var
--libdir=/usr/lib/samba --with-configdir=/etc/samba --with-ads
my smb.conf beeing: (slightly edited fom SuSE example)
cat /etc/samba/smb.conf
# smb.conf is the main Samba configuration file. You find a full commented
# version at /usr/share/doc/packages/samba/examples/smb.conf.SUSE if the
# samba-doc package is installed.
# Date: 2008-08-28
[global]
security = ADS
realm = mcs2003.it
workgroup = MCS2003
netbios name = NAMENOR
server string = Samba: version %v, host %h
password server = *
name resolve order = wins bcast
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
idmap uid = 3000-8004
idmap gid = 800-1988
winbind enum groups = yes
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
unix extensions = Yes
encrypt passwords = Yes
usershare allow guests = No
[homes]
comment = Home Directories
valid users = %S, %D%w%S
browseable = No
read only = No
inherit acls = Yes
[profiles]
comment = Network Profiles Service
path = %H
read only = No
store dos attributes = Yes
create mask = 0600
directory mask = 0700
[users]
comment = All users
path = /home
read only = No
inherit acls = Yes
veto files = /aquota.user/groups/shares/
[groups]
comment = All groups
path = /home/groups
read only = No
inherit acls = Yes
[printers]
comment = All Printers
path = /var/tmp
printable = Yes
create mask = 0600
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/drivers
write list = @ntadmin root
force group = ntadmin
create mask = 0664
directory mask = 0775
And my krb5.conf file (taken from an other machine that works) is:
[libdefaults]
default_realm = MCS2003.IT
# default_realm = EXAMPLE.COM
[realms]
gss_mit_compat = true
[realms]
MCS2003.IT = {
kdc = 192.168.132.3
default_domain = mcs2003.it
kpasswd_server = 192.168.132.3
admin_server = 192.168.132.3
}
[domain_realm]
.mcs2003.it = MCS2003.IT
mcs2003.it = MCS2003.IT
.example.com = MCS2003.IT
example.com = MCS2003.IT
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
try_first_pass = true
}
# EXAMPLE.COM = {
# kdc = kerberos.example.com
# admin_server = kerberos.example.com
# }
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
where should I look?
thanks to all,
luciano.
--
/"\ /Via A. Salaino, 7 - 20144 Milano (Italy)
\ / ASCII RIBBON CAMPAIGN / PHONE : +39 2 485781 FAX: +39 2 48578250
X AGAINST HTML MAIL / E-MAIL: posthamster at sublink.sublink.ORG
/ \ AND POSTINGS / WWW: http://www.mannucci.ORG/
More information about the samba
mailing list