[Samba] Samba + Windows 2003 AD

Henrik Dige Semark hendigsem at hotmail.com
Thu Jan 8 16:57:21 GMT 2009






Sorry to Avron for sending my answer
direct
and not over the groupe :)

------------








Hey thanx for the quick
answer :)

When I try the net ads testjoin its not very
informative :P

# net ads testjoin 

MAIL$@UNDERVISNING.LOCAL's password:
[2009/01/08 17:39:52, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Operations error
Join to domain is not valid


I have also tried wbinfo
--all-domains but it can't see the domain I try to connect to, will
this say that my smb.conf I rung in some point ?
I have an older SMB witch
is running a Domain it self, and it can see the domain when I run
this command


----

Med Venlig Hilsen / Best regards

Henrik Dige Semark



> Subject: RE: [Samba] Samba + Windows 2003 AD
> Date: Thu, 8 Jan 2009 09:25:47 -0700
> From: agray at aeso.ca
> To: hendigsem at hotmail.com; samba at lists.samba.org
> 
> Have you run:
> net ads testjoin
> 
> Does it say "Join is OK"?
> 
> 
> This might not be related... 
> 
> I had to compile samba 3.0.33 to get around a Windows Domain restriction
> issue:
> https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
> if the \NETLOGON pipe is opened up on the Windows AD server, the join
> works fine. As soon as it is restricted via domain policies, it
> restricts anonymous access to the ports. As soon as this happens, we are
> unable to complete a net join ads successfully.
> 
> - Avron
> 
> -----Original Message-----
> From: samba-bounces+agray=aeso.ca at lists.samba.org
> [mailto:samba-bounces+agray=aeso.ca at lists.samba.org] On Behalf Of Henrik
> Dige Semark
> Sent: Thursday, January 08, 2009 9:13 AM
> To: Samba list
> Subject: [Samba] Samba + Windows 2003 AD
> 
> 
> Hey, I don't know if this is the right list to ask this question in, but
> I have tried on the IRC (irc.freenode.net #samba) and people on there
> advised me to try here instead.
> 
> 
> I have: 
> Debian 4.0r4
> Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1
> krb5 Version 1.4.4-7etch6
> Kernel Version 2.6.18-6-amd64
> 
> A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1
> 
> ------------------------------------------------------------------------
> --------------
> 
> When I try to connect my samba to the DC I get this output:
> 
> # net ads join -U Administrator --debuglevel=10
> [2009/01/08 17:10:15, 5] lib/debug.c:debug_dump_status(391)
>   INFO: Current debug levels:
>     all: True/10
>     tdb: False/0
>     printdrivers: False/0
>     lanman: False/0
>     smb: False/0
>     rpc_parse: False/0
>     rpc_srv: False/0
>     rpc_cli: False/0
>     passdb: False/0
>     sam: False/0
>     auth: False/0
>     winbind: False/0
>     vfs: False/0
>     idmap: False/0
>     quota: False/0
>     acls: False/0
>     locking: False/0
>     msdfs: False/0
>     dmapi: False/0
> [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
>   lp_load: refreshing parameters
> [2009/01/08 17:10:15, 3] param/loadparm.c:init_globals(1418)
>   Initialising global parameters
> [2009/01/08 17:10:15, 3] param/params.c:pm_process(572)
>   params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2009/01/08 17:10:15, 3] param/loadparm.c:do_section(3695)
>   Processing section "[global]"
>   doing parameter server string = Debian 4.0 - Samba %v - BDC
>   doing parameter netbios name = mail
> [2009/01/08 17:10:15, 4] param/loadparm.c:handle_netbios_name(3053)
>   handle_netbios_name: set global_myname to: MAIL
>   doing parameter workgroup = UNDERVISNING
>   doing parameter display charset = ASCII
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UCS-2LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UCS-2LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UTF-16LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UTF-16LE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UCS-2BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UCS-2BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UTF-16BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UTF-16BE
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UTF8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UTF8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UTF-8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UTF-8
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset ASCII
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset ASCII
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset 646
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset 646
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset ISO-8859-1
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset ISO-8859-1
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>   Attempting to register new charset UCS2-HEX
> [2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(113)
>   Registered charset UCS2-HEX
>   doing parameter unix charset = UTF-8
>   doing parameter dos charset = ASCII
>   doing parameter Inherit permissions = yes
>   doing parameter Inherit owner = yes
>   doing parameter security = ADS
>   doing parameter idmap uid = 500-10000000
>   doing parameter idmap gid = 500-10000000
>   doing parameter template shell = /bin/bash
>   doing parameter winbind use default domain = yes
>   doing parameter winbind separator = %
>   doing parameter winbind enum users = yes
>   doing parameter winbind enum groups = yes
>   doing parameter template homedir = /home/%D/%U
>   doing parameter client use spnego = yes
>   doing parameter password server = bgdc.birke-gym.dk
>   doing parameter encrypt passwords = Yes
>   doing parameter realm = UNDERVISNING.LOCAL
>   doing parameter wins server = bgdc.birke-gym.dk
>   doing parameter nt acl support = true
>   doing parameter os level = 1000
>   doing parameter preferred master = no
>   doing parameter domain master = no
>   doing parameter local master = no
>   doing parameter domain logons = no
>   doing parameter hide special files = Yes
>   doing parameter hide unreadable = Yes
>   doing parameter disable netbios = yes
>   doing parameter name resolve order = wins lmhosts hosts bcast
>   doing parameter log level = 10
>   doing parameter log file = /var/log/samba/UNDERVISNING
> [2009/01/08 17:10:15, 4] param/loadparm.c:lp_load(4984)
>   pm_process() returned Yes
> [2009/01/08 17:10:15, 7] param/loadparm.c:lp_servicenumber(5120)
>   lp_servicenumber: couldn't find homes
> [2009/01/08 17:10:15, 10] param/loadparm.c:set_server_role(4229)
>   set_server_role: role = ROLE_DOMAIN_MEMBER
> [2009/01/08 17:10:15, 5] lib/util.c:init_names(286)
>   Netbios name list:-
>   my_netbios_names[0]="MAIL"
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=194.182.87.97 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=194.182.87.2 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=194.182.87.98 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=194.182.87.121 bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.3.255.1 bcast=10.3.255.255 nmask=255.255.255.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.3.16.1 bcast=10.3.31.255 nmask=255.255.240.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.3.2.250 bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.3.2.1 bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2] lib/interface.c:add_interface(81)
>   added interface ip=10.8.0.1 bcast=10.8.0.255 nmask=255.255.255.0
> Administrator's password:
> [2009/01/08 17:10:19, 6] libads/ldap.c:ads_find_dc(224)
>   ads_find_dc: looking for realm 'UNDERVISNING.LOCAL'
> [2009/01/08 17:10:19, 8] libsmb/namequery.c:get_sorted_dc_list(1551)
>   get_sorted_dc_list: attempting lookup using [ads]
> [2009/01/08 17:10:19, 5] lib/gencache.c:gencache_init(61)
>   Opening cache file at /var/run/samba/gencache.tdb
> [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(329)
>   Cache entry with key = SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found
> [2009/01/08 17:10:19, 5] libsmb/namequery.c:saf_fetch(105)
>   saf_fetch: failed to find server for "UNDERVISNING.LOCAL" domain
> [2009/01/08 17:10:19, 3] libsmb/namequery.c:get_dc_list(1426)
>   get_dc_list: preferred server list: ", bgdc.birke-gym.dk"
> [2009/01/08 17:10:19, 10] libsmb/namequery.c:internal_resolve_name(1132)
>   internal_resolve_name: looking up bgdc.birke-gym.dk#20
> [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_get(304)
>   Returning valid cache entry: key = NBT/BGDC.BIRKE-GYM.DK#20, value =
> 10.3.17.1:0, timeout = Thu Jan  8 17:20:53 2009
> [2009/01/08 17:10:19, 5] libsmb/namecache.c:namecache_fetch(201)
>   name bgdc.birke-gym.dk#20 found.
> [2009/01/08 17:10:19, 10]
> libsmb/namequery.c:remove_duplicate_addrs2(408)
>   remove_duplicate_addrs2: looking for duplicate address/port pairs
> [2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1529)
>   get_dc_list: returning 1 ip addresses in an ordered list
> [2009/01/08 17:10:19, 4] libsmb/namequery.c:get_dc_list(1530)
>   get_dc_list: 10.3.17.1:389
> [2009/01/08 17:10:19, 5] libads/ldap.c:ads_try_connect(127)
>   ads_try_connect: sending CLDAP request to 10.3.17.1 (realm:
> UNDERVISNING.LOCAL)
> [2009/01/08 17:10:19, 10] libsmb/namequery.c:saf_store(71)
>   saf_store: domain = [UNDERVISNING], server = [10.3.17.1], expire =
> [1231431919]
> [2009/01/08 17:10:19, 10] lib/gencache.c:gencache_set(140)
>   Adding cache entry with key = SAF/DOMAIN/UNDERVISNING; value =
> 10.3.17.1 and timeout = Thu Jan  8 17:25:19 2009
>    (900 seconds ahead)
> [2009/01/08 17:10:19, 3] libads/ldap.c:ads_connect(287)
>   Connected to LDAP server 10.3.17.1
> 
> ==== STOPS HERE FOR ABOUT 30 SEC ====
> 
> [2009/01/08 17:10:24, 0] utils/net_ads.c:ads_startup(289)
>   ads_connect: Operations error
> [2009/01/08 17:10:24, 2] utils/net.c:main(988)
>   return code = -1
> 
> ------------------------------------------------------------------------
> --------------
>  
> Windows Server Event log:
> =======
> Windows Server Event - [22:56:34]
> 
> Successful Network Logon:
>     User Name:    BGDC$
>     Domain:        UNDERVISNING
>     Logon ID:        (0x0,0x1C82893)
>     Logon Type:    3
>     Logon Process:    Kerberos
>     Authentication Package:    Kerberos
>     Workstation Name:   
>     Logon GUID:    {791dbfae-1330-1cc3-24ee-538ed69bc9d8}
>     Caller User Name:    -
>     Caller Domain:    -
>     Caller Logon ID:    -
>     Caller Process ID: -
>     Transited Services: -
>     Source Network Address:    10.3.17.1
>     Source Port:    4831
> 
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>  
> 
> ======================================
> Windows Server Event - [22:56:34]
> Special privileges assigned to new logon:
>     User Name:    BGDC$
>     Domain:        UNDERVISNING
>     Logon ID:        (0x0,0x1C82893)
>     Privileges:    SeSecurityPrivilege
>            SeBackupPrivilege
>            SeRestorePrivilege
>            SeTakeOwnershipPrivilege
>            SeDebugPrivilege
>            SeSystemEnvironmentPrivilege
>            SeLoadDriverPrivilege
>            SeImpersonatePrivilege
>            SeEnableDelegationPrivilege
> 
> For more information, see Help and Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
> 
> 
> ======================================
>  
>  
>  
> Windows Server Event - [23:01:34]
>  
> User Logoff:
>     User Name:    BGDC$
>     Domain:        UNDERVISNING
>     Logon ID:        (0x0,0x1C82893) 
>     Logon Type:    3
> 
> For more information, see Help and Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
> 
> 
> ------------------------------------------------------------------------
> --------------
>  
> My klist:
> =======
> # klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: Administrator at UNDERVISNING.LOCAL
>  
> Valid starting     Expires            Service principal
> 01/04/09 16:36:47  01/04/09 23:16:47
> krbtgt/UNDERVISNING.LOCAL at UNDERVISNING.LOCAL
>  
>  
> Kerberos 4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>  
> ------------------------------------------------------------------------
> --------------
>  
> smb.conf
> =======
> cat /etc/samba/smb.conf | grep -v "#"
> [global]
>         dos charset = ASCII
>         display charset = ASCII
>         workgroup = UNDERVISNING
>         realm = UNDERVISNING.LOCAL
>         server string = Debian 4.0 - Samba %v - BDC
>         security = ADS
>         password server = bgdc.birke-gym.dk
>         log level = 10
>         log file = /var/log/samba/UNDERVISNING
>         disable netbios = Yes
>         name resolve order = wins lmhosts hosts bcast
>         os level = 1000
>         preferred master = No
>         local master = No
>         domain master = No
>         wins server = bgdc.birke-gym.dk
>         idmap uid = 500-10000000
>         idmap gid = 500-10000000
>         template shell = /bin/bash
>         winbind separator = %
>         winbind enum users = Yes
>         winbind enum groups = Yes
>         winbind use default domain = Yes
>         inherit permissions = Yes
>         inherit owner = Yes
>         hide special files = Yes
>         hide unreadable = Yes
> 
> [homes]
>         comment = Home Directories
>         valid users = %U
>         read only = No
>         browseable = No
> 
> ------------------------------------------------------------------------
> --------------
>  
> # testparm
> Load smb config files from /etc/samba/smb.conf
> Processing section "[homes]"
> Loaded services file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a dump of your service definitions
> ^C
>  
> ------------------------------------------------------------------------
> --------------
>  
> krb5.conf
> ======
>  
> [logging]
>         default = FILE:/var/log/krb5libs.log
>         #kdc = FILE:/var/log/krb5kdc.log
>         #admin_server = FILE:/var/log/kadmind.log
>  
> [libdefaults]
>         ticket_lifetime = 24000
>         default_realm = UNDERVISNING.LOCAL
>  
>         default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
>         default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc
>  
> [realms]
> #================ Birke-gym.dk =========================
>         UNDERVISNING.LOCAL = {
>                 kdc = bgdc.birke-gym.dk
>                 admin_server = bgdc.birke-gym.dk
>                 default_domain = UNDERVISNING.LOCAL
>                 }
>  
> [domain_realm]
>         .undervisning.local = UNDERVISNING.LOCAL
>         undervisning.local = UNDERVISNING.LOCAL
>  
> [login]
>         krb4_convert = true
>         krb4_get_tickets = false
>  
> ------------------------------------------------------------------------
> --------------
>  
> # cat /etc/hosts
> 127.0.0.1 localhost mail
> 127.0.1.1 mail.birke-gym.dk mail
> 
> 10.3.17.1 bgdc.birke-gym.dk bgdc
> 
> ------------------------------------------------------------------------
> --------------
> 
> Any suggestion ?
> 
> And how mutch do I have to setup on the Windows Server ? I have createt
> a krb. trust on it and I use the pass I gave there, but is there more I
> have to set ?
> 
> Sorry for my bad english, and if there is anything plz feel free to
> write, all help is resived with love 
> 
> ----
> Med Venlig Hilsen / Best regards
> Henrik Dige Semark
> _________________________________________________________________
> Del dine billeder med alle vennerne med Windows Live Photo Gallery.
> http://download.live.com/photogallery-- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba

Vind en Samsung fladskærm og få Hotmail på mobilen Læs mere her.
_________________________________________________________________
Skal du holde fest - Så brug Windows Live Begivenheder.
http://events.live.com


More information about the samba mailing list