[Samba] Re: join fails samba 3.2 & ADS 2003R2 SP2
Roland Hebertinger
rh at idowa.de
Mon Nov 3 18:51:57 GMT 2008
Marc-Andre Vallee <Marc-Andre.Vallee <at> complys.com> writes:
>
> Hi,
>
> SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1)
> When I try to join (net ads join -U Administrator), I get :
> Failed to join domain: failed to set machine spn: Can't contact LDAP server
Any news on this one? I have the same problem with a slightly different setup.
I'm using a Samba 3.2.4 running on SLES 10 SP2 and try to join an AD running on
a Windows 2008.
Here's my output:
# net ads join -U Administrator -d 3
[2008/11/03 19:35:42, 3] param/loadparm.c:lp_load_ex(8754)
lp_load_ex: refreshing parameters
[2008/11/03 19:35:42, 3] param/loadparm.c:init_globals(4597)
Initialising global parameters
[2008/11/03 19:35:42, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2008/11/03 19:35:42, 3] param/loadparm.c:do_section(7417)
Processing section "[global]"
[2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
added interface eth0 ip=fe80::214:5eff:fed8:9816%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
added interface eth1 ip=fe80::214:5eff:fed8:9818%eth1
bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff::
[2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
added interface eth0 ip=192.168.1.28 bcast=192.168.1.255 netmask=255.255.255.0
[2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
added interface eth0 ip=192.168.1.144 bcast=192.168.1.255 netmask=255.255.255.0
[2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0
[2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
added interface eth0 ip=192.168.1.195 bcast=192.168.1.255 netmask=255.255.255.0
[2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337)
added interface eth1 ip=10.168.1.195 bcast=10.168.1.255 netmask=255.255.255.0
Enter Administrator's password:
[2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1770)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'SR-HOME-1'
domain_name : *
domain_name : 'VERLAG.VN.IDOWA.DE'
account_ou : NULL
admin_account : 'Administrator'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_start_connection(1632)
Connecting to host=sr-dc-1.verlag.vn.idowa.de
[2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_lmhosts(1162)
resolve_lmhosts: Attempting lmhosts lookup for name
sr-dc-1.verlag.vn.idowa.de<0x20>
[2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1026)
resolve_wins: Attempting wins lookup for name sr-dc-1.verlag.vn.idowa.de<0x20>
[2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1030)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_hosts(1244)
resolve_hosts: Attempting host lookup for name sr-dc-1.verlag.vn.idowa.de<0x20>
[2008/11/03 19:35:46, 3] lib/util_sock.c:open_socket_out(1331)
Connecting to 192.168.1.82 at port 445
[2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804)
Doing spnego session setup (blob length=124)
[2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
got OID=1 2 840 48018 1 2 2
[2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
got OID=1 2 840 113554 1 2 2
[2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
got OID=1 2 840 113554 1 2 2 3
[2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831)
got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839)
got principal=not_defined_in_RFC4178 at please_ignore
[2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025)
Got challenge flags:
[2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x62898215
[2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047)
NTLMSSP: Set final flags:
[2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2008/11/03 19:35:46, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
NTLMSSP Sign/Seal - Initialising with flags:
[2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
Got NTLMSSP neg_flags=0x60088215
[2008/11/03 19:35:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum
0x4000 bind request returned ok.
[2008/11/03 19:35:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086)
rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum
0x4001 bind request returned ok.
[2008/11/03 19:35:46, 3] libads/ldap.c:ads_connect(430)
Successfully contacted LDAP server 192.168.1.82
[2008/11/03 19:35:46, 3] libads/ldap.c:ads_connect(480)
Connected to LDAP server sr-dc-1.verlag.vn.idowa.de
[2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(789)
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178 at please_ignore
[2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_krb5_mk_req(671)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 04
Nov 2008 05:35:33 CET
[2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_krb5_mk_req(713)
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1801)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'VERLAG'
dns_domain_name : 'verlag.vn.idowa.de'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-1576172290-2542936531-3051237126
modified_config : 0x00 (0)
error_string : 'failed to set machine spn: Can't
contact LDAP server'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
Failed to join domain: failed to set machine spn: Can't contact LDAP server
[2008/11/03 19:35:46, 2] utils/net.c:main(1172)
return code = -1
====================================
smb.conf: (adopted from the default one after installation of the rpms, changed
lines marked with >)
[global]
> workgroup = VERLAG
> realm = VERLAG.VN.IDOWA.DE
> netbios name = sr-home-1
> security = ADS
> password server = sr-dc-1.verlag.vn.idowa.de
printing = cups
printcap name = cups
printcap cache time = 750
cups options = raw
map to guest = Bad User
logon path = \\%L\profiles\.msprofile
logon home = \\%L\%U\.9xprofile
logon drive = P:
usershare allow guests = Yes
=====================================
krb5.conf:
[libdefaults]
default_realm = VERLAG.VN.IDOWA.DE
clockskew = 300
[realms]
VERLAG.VN.IDOWA.DE = {
kdc = SR-DC-1.VERLAG.VN.IDOWA.DE
admin_server = SR-DC-1.VERLAG.VN.IDOWA.DE
kpasswd_server = SR-DC-1.VERLAG.VN.IDOWA.DE
}
[domain_realm]
.verlag.vn.idowa.de = VERLAG.VN.IDOWA.DE
[logging]
default = SYSLOG:NOTICE:DAEMON
kdc = FILE:/var/log/kdc.log
kadmind = FILE:/var/log/kadmind.log
[appdefaults]
pam = {
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 0
debug = false
}
Any hint what to try or any idea where to search for further information is
appreciated!
--
Mit freundlichen Grüssen
Roland Hebertinger
Leiter EDV
Technik Server / Netze
==========================================================
Straubinger Tagblatt
EDV-Abteilung FON: +49.9421.940381
Ludwigsplatz 30 FAX: +49.9421.9406236
D-94315 Straubing
http://www.idowa.de Email: rh at idowa.de
==========================================================
Zeitungsgruppe Straubinger Tagblatt / Landshuter Zeitung
Cl. Attenkofer'sche Buch- und Kunstdruckerei
Verlagsbuchhandlung Straubing KG
Registergericht: Amtsgericht Straubing, HRA 1118
==========================================================
More information about the samba
mailing list