[Samba] Samba + Windows 2003 AD
Henrik Dige Semark
hendigsem at hotmail.com
Thu Jan 8 16:57:21 GMT 2009
Sorry to Avron for sending my answer
direct
and not over the groupe :)
------------
Hey thanx for the quick
answer :)
When I try the net ads testjoin its not very
informative :P
# net ads testjoin
MAIL$@UNDERVISNING.LOCAL's password:
[2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Operations error
Join to domain is not valid
I have also tried wbinfo
--all-domains but it can't see the domain I try to connect to, will
this say that my smb.conf I rung in some point ?
I have an older SMB witch
is running a Domain it self, and it can see the domain when I run
this command
----
Med Venlig Hilsen / Best regards
Henrik Dige Semark
> Subject: RE: [Samba] Samba + Windows 2003 AD
> Date: Thu, 8 Jan 2009 09:25:47 -0700
> From: agray at aeso.ca
> To: hendigsem at hotmail.com; samba at lists.samba.org
>
> Have you run:
> net ads testjoin
>
> Does it say "Join is OK"?
>
>
> This might not be related...
>
> I had to compile samba 3.0.33 to get around a Windows Domain restriction
> issue:
> https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
> if the \NETLOGON pipe is opened up on the Windows AD server, the join
> works fine. As soon as it is restricted via domain policies, it
> restricts anonymous access to the ports. As soon as this happens, we are
> unable to complete a net join ads successfully.
>
> - Avron
>
> -----Original Message-----
> From: samba-bounces+agray=aeso.ca at lists.samba.org
> [mailto:samba-bounces+agray=aeso.ca at lists.samba.org] On Behalf Of Henrik
> Dige Semark
> Sent: Thursday, January 08, 2009 9:13 AM
> To: Samba list
> Subject: [Samba] Samba + Windows 2003 AD
>
>
> Hey, I don't know if this is the right list to ask this question in, but
> I have tried on the IRC (irc.freenode.net #samba) and people on there
> advised me to try here instead.
>
>
> I have:
> Debian 4.0r4
> Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1
> krb5 Version 1.4.4-7etch6
> Kernel Version 2.6.18-6-amd64
>
> A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1
>
> ------------------------------------------------------------------------
> --------------
>
> When I try to connect my samba to the DC I get this output:
>
> # net ads join -U Administrator --debuglevel=10
> [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391)
> INFO: Current debug levels:
> all: True/10
> tdb: False/0
> printdrivers: False/0
> lanman: False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv: False/0
> rpc_cli: False/0
> passdb: False/0
> sam: False/0
> auth: False/0
> winbind: False/0
> vfs: False/0
> idmap: False/0
> quota: False/0
> acls: False/0
> locking: False/0
> msdfs: False/0
> dmapi: False/0
> [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
> lp_load: refreshing parameters
> [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418)
> Initialising global parameters
> [2009/01/08 17:10:15, 3] param/params.c:pm_process(572)
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695)
> Processing section "[global]"
> doing parameter server string = Debian 4.0 - Samba %v - BDC
> doing parameter netbios name = mail
> [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053)
> handle_netbios_name: set global_myname to: MAIL
> doing parameter workgroup = UNDERVISNING
> doing parameter display charset = ASCII
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset UCS-2LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset UCS-2LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset UTF-16LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset UTF-16LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset UCS-2BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset UCS-2BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset UTF-16BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset UTF-16BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset UTF8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset UTF8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset UTF-8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset UTF-8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset ASCII
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset ASCII
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset 646
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset 646
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset ISO-8859-1
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset ISO-8859-1
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset UCS2-HEX
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
> Registered charset UCS2-HEX
> doing parameter unix charset = UTF-8
> doing parameter dos charset = ASCII
> doing parameter Inherit permissions = yes
> doing parameter Inherit owner = yes
> doing parameter security = ADS
> doing parameter idmap uid = 500-10000000
> doing parameter idmap gid = 500-10000000
> doing parameter template shell = /bin/bash
> doing parameter winbind use default domain = yes
> doing parameter winbind separator = %
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> doing parameter template homedir = /home/%D/%U
> doing parameter client use spnego = yes
> doing parameter password server = bgdc.birke-gym.dk
> doing parameter encrypt passwords = Yes
> doing parameter realm = UNDERVISNING.LOCAL
> doing parameter wins server = bgdc.birke-gym.dk
> doing parameter nt acl support = true
> doing parameter os level = 1000
> doing parameter preferred master = no
> doing parameter domain master = no
> doing parameter local master = no
> doing parameter domain logons = no
> doing parameter hide special files = Yes
> doing parameter hide unreadable = Yes
> doing parameter disable netbios = yes
> doing parameter name resolve order = wins lmhosts hosts bcast
> doing parameter log level = 10
> doing parameter log file = /var/log/samba/UNDERVISNING
> [2009/01/08 17:10:15, 4] param/loadparm.c:lp_load(4984)
> pm_process() returned Yes
> [2009/01/08 17:10:15, 7] param/loadparm.c:lp_servicenumber(5120)
> lp_servicenumber: couldn't find homes
> [2009/01/08 17:10:15, 10] param/loadparm.c:set_server_role(4229)
> set_server_role: role = ROLE_DOMAIN_MEMBER
> [2009/01/08 17:10:15, 5] lib/util.c:init_names(286)
> Netbios name list:-
> my_netbios_names[0]="MAIL"
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.97 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.2 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.98 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.121 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=10.3.255.1 bcast=10.3.255.255 nmask=255.255.255.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=10.3.16.1 bcast=10.3.31.255 nmask=255.255.240.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=10.3.2.250 bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=10.3.2.1 bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
> added interface ip=10.8.0.1 bcast=10.8.0.255 nmask=255.255.255.0
> Administrator's password:
> [2009/01/08 17:10:19, 6] libads/ldap.c:ads_find_dc(224)
> ads_find_dc: looking for realm 'UNDERVISNING.LOCAL'
> [2009/01/08 17:10:19, 8] libsmb/namequery.c:get_sorted_dc_list(1551)
> get_sorted_dc_list: attempting lookup using [ads]
> [2009/01/08 17:10:19, 5] lib/gencache.c:gencache_init(61)
> Opening cache file at /var/run/samba/gencache.tdb
> [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(329)
> Cache entry with key = SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found
> [2009/01/08 17:10:19, 5] libsmb/namequery.c:saf_fetch(105)
> saf_fetch: failed to find server for "UNDERVISNING.LOCAL" domain
> [2009/01/08 17:10:19, 3] libsmb/namequery.c:get_dc_list(1426)
> get_dc_list: preferred server list: ", bgdc.birke-gym.dk"
> [2009/01/08 17:10:19, 10] libsmb/namequery.c:internal_resolve_name(1132)
> internal_resolve_name: looking up bgdc.birke-gym.dk#20
> [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(304)
> Returning valid cache entry: key = NBT/BGDC.BIRKE-GYM.DK#20, value =
> 10.3.17.1:0, timeout = Thu Jan 8 17:20:53 2009
> [2009/01/08 17:10:19, 5] libsmb/namecache.c:namecache_fetch(201)
> name bgdc.birke-gym.dk#20 found.
> [2009/01/08 17:10:19, 10]
> libsmb/namequery.c:remove_duplicate_addrs2(408)
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> [2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1529)
> get_dc_list: returning 1 ip addresses in an ordered list
> [2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1530)
> get_dc_list: 10.3.17.1:389
> [2009/01/08 17:10:19, 5] libads/ldap.c:ads_try_connect(127)
> ads_try_connect: sending CLDAP request to 10.3.17.1 (realm:
> UNDERVISNING.LOCAL)
> [2009/01/08 17:10:19, 10] libsmb/namequery.c:saf_store(71)
> saf_store: domain = [UNDERVISNING], server = [10.3.17.1], expire =
> [1231431919]
> [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_set(140)
> Adding cache entry with key = SAF/DOMAIN/UNDERVISNING; value =
> 10.3.17.1 and timeout = Thu Jan 8 17:25:19 2009
> (900 seconds ahead)
> [2009/01/08 17:10:19, 3] libads/ldap.c:ads_connect(287)
> Connected to LDAP server 10.3.17.1
>
> ==== STOPS HERE FOR ABOUT 30 SEC ====
>
> [2009/01/08 17:10:24, 0] utils/net_ads.c:ads_startup(289)
> ads_connect: Operations error
> [2009/01/08 17:10:24, 2] utils/net.c:main(988)
> return code = -1
>
> ------------------------------------------------------------------------
> --------------
>
> Windows Server Event log:
> =======
> Windows Server Event - [22:56:34]
>
> Successful Network Logon:
> User Name: BGDC$
> Domain: UNDERVISNING
> Logon ID: (0x0,0x1C82893)
> Logon Type: 3
> Logon Process: Kerberos
> Authentication Package: Kerberos
> Workstation Name:
> Logon GUID: {791dbfae-1330-1cc3-24ee-538ed69bc9d8}
> Caller User Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller Process ID: -
> Transited Services: -
> Source Network Address: 10.3.17.1
> Source Port: 4831
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> ======================================
> Windows Server Event - [22:56:34]
> Special privileges assigned to new logon:
> User Name: BGDC$
> Domain: UNDERVISNING
> Logon ID: (0x0,0x1C82893)
> Privileges: SeSecurityPrivilege
> SeBackupPrivilege
> SeRestorePrivilege
> SeTakeOwnershipPrivilege
> SeDebugPrivilege
> SeSystemEnvironmentPrivilege
> SeLoadDriverPrivilege
> SeImpersonatePrivilege
> SeEnableDelegationPrivilege
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> ======================================
>
>
>
> Windows Server Event - [23:01:34]
>
> User Logoff:
> User Name: BGDC$
> Domain: UNDERVISNING
> Logon ID: (0x0,0x1C82893)
> Logon Type: 3
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> ------------------------------------------------------------------------
> --------------
>
> My klist:
> =======
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at UNDERVISNING.LOCAL
>
> Valid starting Expires Service principal
> 01/04/09 16:36:47 01/04/09 23:16:47
> krbtgt/UNDERVISNING.LOCAL at UNDERVISNING.LOCAL
>
>
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
> ------------------------------------------------------------------------
> --------------
>
> smb.conf
> =======
> cat /etc/samba/smb.conf | grep -v "#"
> [global]
> dos charset = ASCII
> display charset = ASCII
> workgroup = UNDERVISNING
> realm = UNDERVISNING.LOCAL
> server string = Debian 4.0 - Samba %v - BDC
> security = ADS
> password server = bgdc.birke-gym.dk
> log level = 10
> log file = /var/log/samba/UNDERVISNING
> disable netbios = Yes
> name resolve order = wins lmhosts hosts bcast
> os level = 1000
> preferred master = No
> local master = No
> domain master = No
> wins server = bgdc.birke-gym.dk
> idmap uid = 500-10000000
> idmap gid = 500-10000000
> template shell = /bin/bash
> winbind separator = %
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> inherit permissions = Yes
> inherit owner = Yes
> hide special files = Yes
> hide unreadable = Yes
>
> [homes]
> comment = Home Directories
> valid users = %U
> read only = No
> browseable = No
>
> ------------------------------------------------------------------------
> --------------
>
> # testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
> ^C
>
> ------------------------------------------------------------------------
> --------------
>
> krb5.conf
> ======
>
> [logging]
> default = FILE:/var/log/krb5libs.log
> #kdc = FILE:/var/log/krb5kdc.log
> #admin_server = FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime = 24000
> default_realm = UNDERVISNING.LOCAL
>
> default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
>
> [realms]
> #================ Birke-gym.dk =========================
> UNDERVISNING.LOCAL = {
> kdc = bgdc.birke-gym.dk
> admin_server = bgdc.birke-gym.dk
> default_domain = UNDERVISNING.LOCAL
> }
>
> [domain_realm]
> .undervisning.local = UNDERVISNING.LOCAL
> undervisning.local = UNDERVISNING.LOCAL
>
> [login]
> krb4_convert = true
> krb4_get_tickets = false
>
> ------------------------------------------------------------------------
> --------------
>
> # cat /etc/hosts
> 127.0.0.1 localhost mail
> 127.0.1.1 mail.birke-gym.dk mail
>
> 10.3.17.1 bgdc.birke-gym.dk bgdc
>
> ------------------------------------------------------------------------
> --------------
>
> Any suggestion ?
>
> And how mutch do I have to setup on the Windows Server ? I have createt
> a krb. trust on it and I use the pass I gave there, but is there more I
> have to set ?
>
> Sorry for my bad english, and if there is anything plz feel free to
> write, all help is resived with love
>
> ----
> Med Venlig Hilsen / Best regards
> Henrik Dige Semark
> _________________________________________________________________
> Del dine billeder med alle vennerne med Windows Live Photo Gallery.
> http://download.live.com/photogallery--
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/listinfo/samba
Vind en Samsung fladskærm og få Hotmail på mobilen Læs mere her.
_________________________________________________________________
Skal du holde fest - Så brug Windows Live Begivenheder.
http://events.live.com
More information about the samba
mailing list