[Samba] Samba + Windows 2003 AD
Henrik Dige Semark
hendigsem at hotmail.com
Thu Jan 8 16:13:03 GMT 2009
Hey, I don't know if this is the right list to ask this question in, but I have tried on the IRC (irc.freenode.net #samba) and people on there advised me to try here instead.
I have:
Debian 4.0r4
Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1
krb5 Version 1.4.4-7etch6
Kernel Version 2.6.18-6-amd64
A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1
--------------------------------------------------------------------------------------
When I try to connect my samba to the DC I get this output:
# net ads join -U Administrator --debuglevel=10
[2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391)
INFO: Current debug levels:
all: True/10
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
[2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
lp_load: refreshing parameters
[2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418)
Initialising global parameters
[2009/01/08 17:10:15, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695)
Processing section "[global]"
doing parameter server string = Debian 4.0 - Samba %v - BDC
doing parameter netbios name = mail
[2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053)
handle_netbios_name: set global_myname to: MAIL
doing parameter workgroup = UNDERVISNING
doing parameter display charset = ASCII
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2LE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2LE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16LE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16LE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS-2BE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS-2BE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-16BE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-16BE
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF8
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF8
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UTF-8
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UTF-8
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ASCII
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ASCII
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset 646
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset 646
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset ISO-8859-1
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset ISO-8859-1
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
Attempting to register new charset UCS2-HEX
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
Registered charset UCS2-HEX
doing parameter unix charset = UTF-8
doing parameter dos charset = ASCII
doing parameter Inherit permissions = yes
doing parameter Inherit owner = yes
doing parameter security = ADS
doing parameter idmap uid = 500-10000000
doing parameter idmap gid = 500-10000000
doing parameter template shell = /bin/bash
doing parameter winbind use default domain = yes
doing parameter winbind separator = %
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter template homedir = /home/%D/%U
doing parameter client use spnego = yes
doing parameter password server = bgdc.birke-gym.dk
doing parameter encrypt passwords = Yes
doing parameter realm = UNDERVISNING.LOCAL
doing parameter wins server = bgdc.birke-gym.dk
doing parameter nt acl support = true
doing parameter os level = 1000
doing parameter preferred master = no
doing parameter domain master = no
doing parameter local master = no
doing parameter domain logons = no
doing parameter hide special files = Yes
doing parameter hide unreadable = Yes
doing parameter disable netbios = yes
doing parameter name resolve order = wins lmhosts hosts bcast
doing parameter log level = 10
doing parameter log file = /var/log/samba/UNDERVISNING
[2009/01/08 17:10:15, 4] param/loadparm.c:lp_load(4984)
pm_process() returned Yes
[2009/01/08 17:10:15, 7] param/loadparm.c:lp_servicenumber(5120)
lp_servicenumber: couldn't find homes
[2009/01/08 17:10:15, 10] param/loadparm.c:set_server_role(4229)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2009/01/08 17:10:15, 5] lib/util.c:init_names(286)
Netbios name list:-
my_netbios_names[0]="MAIL"
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=194.182.87.97 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=194.182.87.2 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=194.182.87.98 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=194.182.87.121 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=10.3.255.1 bcast=10.3.255.255 nmask=255.255.255.0
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=10.3.16.1 bcast=10.3.31.255 nmask=255.255.240.0
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=10.3.2.250 bcast=10.3.3.255 nmask=255.255.254.0
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=10.3.2.1 bcast=10.3.3.255 nmask=255.255.254.0
[2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
added interface ip=10.8.0.1 bcast=10.8.0.255 nmask=255.255.255.0
Administrator's password:
[2009/01/08 17:10:19, 6] libads/ldap.c:ads_find_dc(224)
ads_find_dc: looking for realm 'UNDERVISNING.LOCAL'
[2009/01/08 17:10:19, 8] libsmb/namequery.c:get_sorted_dc_list(1551)
get_sorted_dc_list: attempting lookup using [ads]
[2009/01/08 17:10:19, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/run/samba/gencache.tdb
[2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(329)
Cache entry with key = SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found
[2009/01/08 17:10:19, 5] libsmb/namequery.c:saf_fetch(105)
saf_fetch: failed to find server for "UNDERVISNING.LOCAL" domain
[2009/01/08 17:10:19, 3] libsmb/namequery.c:get_dc_list(1426)
get_dc_list: preferred server list: ", bgdc.birke-gym.dk"
[2009/01/08 17:10:19, 10] libsmb/namequery.c:internal_resolve_name(1132)
internal_resolve_name: looking up bgdc.birke-gym.dk#20
[2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(304)
Returning valid cache entry: key = NBT/BGDC.BIRKE-GYM.DK#20, value = 10.3.17.1:0, timeout = Thu Jan 8 17:20:53 2009
[2009/01/08 17:10:19, 5] libsmb/namecache.c:namecache_fetch(201)
name bgdc.birke-gym.dk#20 found.
[2009/01/08 17:10:19, 10] libsmb/namequery.c:remove_duplicate_addrs2(408)
remove_duplicate_addrs2: looking for duplicate address/port pairs
[2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1529)
get_dc_list: returning 1 ip addresses in an ordered list
[2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1530)
get_dc_list: 10.3.17.1:389
[2009/01/08 17:10:19, 5] libads/ldap.c:ads_try_connect(127)
ads_try_connect: sending CLDAP request to 10.3.17.1 (realm: UNDERVISNING.LOCAL)
[2009/01/08 17:10:19, 10] libsmb/namequery.c:saf_store(71)
saf_store: domain = [UNDERVISNING], server = [10.3.17.1], expire = [1231431919]
[2009/01/08 17:10:19, 10] lib/gencache.c:gencache_set(140)
Adding cache entry with key = SAF/DOMAIN/UNDERVISNING; value = 10.3.17.1 and timeout = Thu Jan 8 17:25:19 2009
(900 seconds ahead)
[2009/01/08 17:10:19, 3] libads/ldap.c:ads_connect(287)
Connected to LDAP server 10.3.17.1
==== STOPS HERE FOR ABOUT 30 SEC ====
[2009/01/08 17:10:24, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Operations error
[2009/01/08 17:10:24, 2] utils/net.c:main(988)
return code = -1
--------------------------------------------------------------------------------------
Windows Server Event log:
=======
Windows Server Event - [22:56:34]
Successful Network Logon:
User Name: BGDC$
Domain: UNDERVISNING
Logon ID: (0x0,0x1C82893)
Logon Type: 3
Logon Process: Kerberos
Authentication Package: Kerberos
Workstation Name:
Logon GUID: {791dbfae-1330-1cc3-24ee-538ed69bc9d8}
Caller User Name: -
Caller Domain: -
Caller Logon ID: -
Caller Process ID: -
Transited Services: -
Source Network Address: 10.3.17.1
Source Port: 4831
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
======================================
Windows Server Event - [22:56:34]
Special privileges assigned to new logon:
User Name: BGDC$
Domain: UNDERVISNING
Logon ID: (0x0,0x1C82893)
Privileges: SeSecurityPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeTakeOwnershipPrivilege
SeDebugPrivilege
SeSystemEnvironmentPrivilege
SeLoadDriverPrivilege
SeImpersonatePrivilege
SeEnableDelegationPrivilege
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
======================================
Windows Server Event - [23:01:34]
User Logoff:
User Name: BGDC$
Domain: UNDERVISNING
Logon ID: (0x0,0x1C82893)
Logon Type: 3
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
--------------------------------------------------------------------------------------
My klist:
=======
# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator at UNDERVISNING.LOCAL
Valid starting Expires Service principal
01/04/09 16:36:47 01/04/09 23:16:47 krbtgt/UNDERVISNING.LOCAL at UNDERVISNING.LOCAL
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
--------------------------------------------------------------------------------------
smb.conf
=======
cat /etc/samba/smb.conf | grep -v "#"
[global]
dos charset = ASCII
display charset = ASCII
workgroup = UNDERVISNING
realm = UNDERVISNING.LOCAL
server string = Debian 4.0 - Samba %v - BDC
security = ADS
password server = bgdc.birke-gym.dk
log level = 10
log file = /var/log/samba/UNDERVISNING
disable netbios = Yes
name resolve order = wins lmhosts hosts bcast
os level = 1000
preferred master = No
local master = No
domain master = No
wins server = bgdc.birke-gym.dk
idmap uid = 500-10000000
idmap gid = 500-10000000
template shell = /bin/bash
winbind separator = %
winbind enum users = Yes
winbind enum groups = Yes
winbind use default domain = Yes
inherit permissions = Yes
inherit owner = Yes
hide special files = Yes
hide unreadable = Yes
[homes]
comment = Home Directories
valid users = %U
read only = No
browseable = No
--------------------------------------------------------------------------------------
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
^C
--------------------------------------------------------------------------------------
krb5.conf
======
[logging]
default = FILE:/var/log/krb5libs.log
#kdc = FILE:/var/log/krb5kdc.log
#admin_server = FILE:/var/log/kadmind.log
[libdefaults]
ticket_lifetime = 24000
default_realm = UNDERVISNING.LOCAL
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
[realms]
#================ Birke-gym.dk =========================
UNDERVISNING.LOCAL = {
kdc = bgdc.birke-gym.dk
admin_server = bgdc.birke-gym.dk
default_domain = UNDERVISNING.LOCAL
}
[domain_realm]
.undervisning.local = UNDERVISNING.LOCAL
undervisning.local = UNDERVISNING.LOCAL
[login]
krb4_convert = true
krb4_get_tickets = false
--------------------------------------------------------------------------------------
# cat /etc/hosts
127.0.0.1 localhost mail
127.0.1.1 mail.birke-gym.dk mail
10.3.17.1 bgdc.birke-gym.dk bgdc
--------------------------------------------------------------------------------------
Any suggestion ?
And how mutch do I have to setup on the Windows Server ? I have createt a krb. trust on it and I use the pass I gave there, but is there more I have to set ?
Sorry for my bad english, and if there is anything plz feel free to write, all help is resived with love
----
Med Venlig Hilsen / Best regards
Henrik Dige Semark
_________________________________________________________________
Del dine billeder med alle vennerne med Windows Live Photo Gallery.
http://download.live.com/photogallery
More information about the samba
mailing list