[Samba] Samba + Windows 2003 AD

Henrik Dige Semark hendigsem at hotmail.com
Thu Jan 8 17:15:31 GMT 2009 


How can I ping
UNDERVISNING.LOCAL when its just the domain ? the windows server that
runs the domain is bgdc.birke-gym.dk and I can ping that just fine 



My resolv.conf
---------------
search birke-gym.dk
nameserver 127.0.0.1


My nsswitch.conf
---------------
passwd:         files winbind compat
group:          files winbind compat
shadow:         files winbind compat

hosts:          files mdns4_minimal [NOTFOUND=return] dns mdns4
networks:       files

protocols:      files winbind db files
services:       files winbind db files

ethers:         db files
rpc:            db files

netgroup:       files winbind nis
automount:      files winbind

is I'm missing something ?

----

Med Venlig Hilsen / Best regards

Henrik Dige Semark



Subject: RE: [Samba] Samba + Windows 2003 AD
Date: Thu, 8 Jan 2009 09:54:22 -0700
From: agray at aeso.ca
To: hendigsem at hotmail.com










Can you :
ping -I 1 UNDERVISNING.LOCAL
 
No? Check resolv.conf or nsswitch.conf
 
(I have a SUN Solaris background - not much 
Debian)
 
For more help, please include samba at lists.samba.org in to: or 
cc:
 
Good luck (held og lykke)! 
(Sorry, I don't speak Danish... )
 
- Avron



From: Henrik Dige Semark [mailto:hendigsem at hotmail.com] 

Sent: Thursday, January 08, 2009 9:48 AM
To: Avron 
Gray
Subject: RE: [Samba] Samba + Windows 2003 AD






Hey thanx for the quick answer 
:)

When I try the net ads testjoin its not very informative :P

# 
net ads testjoin MAIL$@UNDERVISNING.LOCAL's password:
[2009/01/08 
17:39:52, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Operations 
error
Join to domain is not valid





I have also tried wbinfo --all-domains 
but it can't see the domain I try to connect to, will this say that my smb.conf 
I rung in some point ?



I have an older SMB witch is running a 
Domain it self, and it can see the domain when I run this command
---- 

Med Venlig Hilsen / Best regards 
Henrik Dige Semark



> 
Subject: RE: [Samba] Samba + Windows 2003 AD
> Date: Thu, 8 Jan 2009 
09:25:47 -0700
> From: agray at aeso.ca
> To: hendigsem at hotmail.com; 
samba at lists.samba.org
> 
> Have you run:
> net ads 
testjoin
> 
> Does it say "Join is OK"?
> 
> 
> 
This might not be related... 
> 
> I had to compile samba 3.0.33 to 
get around a Windows Domain restriction
> issue:
> 
https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
> 
if the \NETLOGON pipe is opened up on the Windows AD server, the join
> 
works fine. As soon as it is restricted via domain policies, it
> 
restricts anonymous access to the ports. As soon as this happens, we are
> 
unable to complete a net join ads successfully.
> 
> - Avron
> 

> -----Original Message-----
> From: 
samba-bounces+agray=aeso.ca at lists.samba.org
> 
[mailto:samba-bounces+agray=aeso.ca at lists.samba.org] On Behalf Of Henrik
> 
Dige Semark
> Sent: Thursday, January 08, 2009 9:13 AM
> To: Samba 
list
> Subject: [Samba] Samba + Windows 2003 AD
> 
> 
> 
Hey, I don't know if this is the right list to ask this question in, but
> 
I have tried on the IRC (irc.freenode.net #samba) and people on there
> 
advised me to try here instead.
> 
> 
> I have: 
> 
Debian 4.0r4
> Samba version 3.0.24 - mail.birke-gym.dk - 
10.3.16.1
> krb5 Version 1.4.4-7etch6
> Kernel Version 
2.6.18-6-amd64
> 
> A Windows Server 2003 SP2 with AD/DC - 
bgdc.birke-gym.dk - 10.3.17.1
> 
> 
------------------------------------------------------------------------
> 
--------------
> 
> When I try to connect my samba to the DC I get 
this output:
> 
> # net ads join -U Administrator 
--debuglevel=10
> [2009/01/08 17:10:15, 5] 
lib/debug.c:debug_dump_status(391)
> INFO: Current debug levels:
> 
all: True/10
> tdb: False/0
> printdrivers: False/0
> lanman: 
False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv: 
False/0
> rpc_cli: False/0
> passdb: False/0
> sam: 
False/0
> auth: False/0
> winbind: False/0
> vfs: 
False/0
> idmap: False/0
> quota: False/0
> acls: 
False/0
> locking: False/0
> msdfs: False/0
> dmapi: 
False/0
> [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
> 
lp_load: refreshing parameters
> [2009/01/08 17:10:15, 3] 
param/loadparm.c:init_globals(1418)
> Initialising global 
parameters
> [2009/01/08 17:10:15, 3] 
param/params.c:pm_process(572)
> params.c:pm_process() - Processing 
configuration file
> "/etc/samba/smb.conf"
> [2009/01/08 17:10:15, 
3] param/loadparm.c:do_section(3695)
> Processing section 
"[global]"
> doing parameter server string = Debian 4.0 - Samba %v - 
BDC
> doing parameter netbios name = mail
> [2009/01/08 17:10:15, 4] 
param/loadparm.c:handle_netbios_name(3053)
> handle_netbios_name: set 
global_myname to: MAIL
> doing parameter workgroup = UNDERVISNING
> 
doing parameter display charset = ASCII
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset 
UCS-2LE
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset UCS-2LE
> 
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> 
Attempting to register new charset UTF-16LE
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset 
UTF-16LE
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset 
UCS-2BE
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset UCS-2BE
> 
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> 
Attempting to register new charset UTF-16BE
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset 
UTF-16BE
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset 
UTF8
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset UTF8
> 
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> 
Attempting to register new charset UTF-8
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset UTF-8
> 
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> 
Attempting to register new charset ASCII
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset ASCII
> 
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> 
Attempting to register new charset 646
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset 646
> 
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
> 
Attempting to register new charset ISO-8859-1
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset 
ISO-8859-1
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset 
UCS2-HEX
> [2009/01/08 17:10:15, 5] 
lib/iconv.c:smb_register_charset(113)
> Registered charset 
UCS2-HEX
> doing parameter unix charset = UTF-8
> doing parameter 
dos charset = ASCII
> doing parameter Inherit permissions = yes
> 
doing parameter Inherit owner = yes
> doing parameter security = 
ADS
> doing parameter idmap uid = 500-10000000
> doing parameter 
idmap gid = 500-10000000
> doing parameter template shell = 
/bin/bash
> doing parameter winbind use default domain = yes
> doing 
parameter winbind separator = %
> doing parameter winbind enum users = 
yes
> doing parameter winbind enum groups = yes
> doing parameter 
template homedir = /home/%D/%U
> doing parameter client use spnego = 
yes
> doing parameter password server = bgdc.birke-gym.dk
> doing 
parameter encrypt passwords = Yes
> doing parameter realm = 
UNDERVISNING.LOCAL
> doing parameter wins server = 
bgdc.birke-gym.dk
> doing parameter nt acl support = true
> doing 
parameter os level = 1000
> doing parameter preferred master = no
> 
doing parameter domain master = no
> doing parameter local master = 
no
> doing parameter domain logons = no
> doing parameter hide 
special files = Yes
> doing parameter hide unreadable = Yes
> doing 
parameter disable netbios = yes
> doing parameter name resolve order = 
wins lmhosts hosts bcast
> doing parameter log level = 10
> doing 
parameter log file = /var/log/samba/UNDERVISNING
> [2009/01/08 17:10:15, 
4] param/loadparm.c:lp_load(4984)
> pm_process() returned Yes
> 
[2009/01/08 17:10:15, 7] param/loadparm.c:lp_servicenumber(5120)
> 
lp_servicenumber: couldn't find homes
> [2009/01/08 17:10:15, 10] 
param/loadparm.c:set_server_role(4229)
> set_server_role: role = 
ROLE_DOMAIN_MEMBER
> [2009/01/08 17:10:15, 5] 
lib/util.c:init_names(286)
> Netbios name list:-
> 
my_netbios_names[0]="MAIL"
> [2009/01/08 17:10:15, 2] 
lib/interface.c:add_interface(81)
> added interface ip=194.182.87.97 
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 
2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.2 
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 
2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.98 
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 
2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.121 
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15, 
2] lib/interface.c:add_interface(81)
> added interface ip=10.3.255.1 
bcast=10.3.255.255 nmask=255.255.255.0
> [2009/01/08 17:10:15, 2] 
lib/interface.c:add_interface(81)
> added interface ip=10.3.16.1 
bcast=10.3.31.255 nmask=255.255.240.0
> [2009/01/08 17:10:15, 2] 
lib/interface.c:add_interface(81)
> added interface ip=10.3.2.250 
bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2] 
lib/interface.c:add_interface(81)
> added interface ip=10.3.2.1 
bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2] 
lib/interface.c:add_interface(81)
> added interface ip=10.8.0.1 
bcast=10.8.0.255 nmask=255.255.255.0
> Administrator's password:
> 
[2009/01/08 17:10:19, 6] libads/ldap.c:ads_find_dc(224)
> ads_find_dc: 
looking for realm 'UNDERVISNING.LOCAL'
> [2009/01/08 17:10:19, 8] 
libsmb/namequery.c:get_sorted_dc_list(1551)
> get_sorted_dc_list: 
attempting lookup using [ads]
> [2009/01/08 17:10:19, 5] 
lib/gencache.c:gencache_init(61)
> Opening cache file at 
/var/run/samba/gencache.tdb
> [2009/01/08 17:10:19, 10] 
lib/gencache.c:gencache_get(329)
> Cache entry with key = 
SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found
> [2009/01/08 17:10:19, 5] 
libsmb/namequery.c:saf_fetch(105)
> saf_fetch: failed to find server for 
"UNDERVISNING.LOCAL" domain
> [2009/01/08 17:10:19, 3] 
libsmb/namequery.c:get_dc_list(1426)
> get_dc_list: preferred server list: 
", bgdc.birke-gym.dk"
> [2009/01/08 17:10:19, 10] 
libsmb/namequery.c:internal_resolve_name(1132)
> internal_resolve_name: 
looking up bgdc.birke-gym.dk#20
> [2009/01/08 17:10:19, 10] 
lib/gencache.c:gencache_get(304)
> Returning valid cache entry: key = 
NBT/BGDC.BIRKE-GYM.DK#20, value =
> 10.3.17.1:0, timeout = Thu Jan 8 
17:20:53 2009
> [2009/01/08 17:10:19, 5] 
libsmb/namecache.c:namecache_fetch(201)
> name bgdc.birke-gym.dk#20 
found.
> [2009/01/08 17:10:19, 10]
> 
libsmb/namequery.c:remove_duplicate_addrs2(408)
> remove_duplicate_addrs2: 
looking for duplicate address/port pairs
> [2009/01/08 17:10:19, 4] 
libsmb/namequery.c:get_dc_list(1529)
> get_dc_list: returning 1 ip 
addresses in an ordered list
> [2009/01/08 17:10:19, 4] 
libsmb/namequery.c:get_dc_list(1530)
> get_dc_list: 10.3.17.1:389
> 
[2009/01/08 17:10:19, 5] libads/ldap.c:ads_try_connect(127)
> 
ads_try_connect: sending CLDAP request to 10.3.17.1 (realm:
> 
UNDERVISNING.LOCAL)
> [2009/01/08 17:10:19, 10] 
libsmb/namequery.c:saf_store(71)
> saf_store: domain = [UNDERVISNING], 
server = [10.3.17.1], expire =
> [1231431919]
> [2009/01/08 
17:10:19, 10] lib/gencache.c:gencache_set(140)
> Adding cache entry with 
key = SAF/DOMAIN/UNDERVISNING; value =
> 10.3.17.1 and timeout = Thu Jan 8 
17:25:19 2009
> (900 seconds ahead)
> [2009/01/08 17:10:19, 3] 
libads/ldap.c:ads_connect(287)
> Connected to LDAP server 
10.3.17.1
> 
> ==== STOPS HERE FOR ABOUT 30 SEC ====
> 

> [2009/01/08 17:10:24, 0] utils/net_ads.c:ads_startup(289)
> 
ads_connect: Operations error
> [2009/01/08 17:10:24, 2] 
utils/net.c:main(988)
> return code = -1
> 
> 
------------------------------------------------------------------------
> 
--------------
> 
> Windows Server Event log:
> 
=======
> Windows Server Event - [22:56:34]
> 
> Successful 
Network Logon:
> User Name: BGDC$
> Domain: UNDERVISNING
> 
Logon ID: (0x0,0x1C82893)
> Logon Type: 3
> Logon Process: 
Kerberos
> Authentication Package: Kerberos
> Workstation Name: 

> Logon GUID: {791dbfae-1330-1cc3-24ee-538ed69bc9d8}
> Caller User 
Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller 
Process ID: -
> Transited Services: -
> Source Network Address: 
10.3.17.1
> Source Port: 4831
> 
> For more information, see 
Help and Support Center at
> 
http://go.microsoft.com/fwlink/events.asp.
> 
> 
> 
======================================
> Windows Server Event - 
[22:56:34]
> Special privileges assigned to new logon:
> User Name: 
BGDC$
> Domain: UNDERVISNING
> Logon ID: (0x0,0x1C82893)
> 
Privileges: SeSecurityPrivilege
> SeBackupPrivilege
> 
SeRestorePrivilege
> SeTakeOwnershipPrivilege
> 
SeDebugPrivilege
> SeSystemEnvironmentPrivilege
> 
SeLoadDriverPrivilege
> SeImpersonatePrivilege
> 
SeEnableDelegationPrivilege
> 
> For more information, see Help and 
Support Center at 
> http://go.microsoft.com/fwlink/events.asp.
> 

> 
> ======================================
> 
> 

> 
> Windows Server Event - [23:01:34]
> 
> User 
Logoff:
> User Name: BGDC$
> Domain: UNDERVISNING
> Logon ID: 
(0x0,0x1C82893) 
> Logon Type: 3
> 
> For more information, 
see Help and Support Center at 
> 
http://go.microsoft.com/fwlink/events.asp.
> 
> 
> 
------------------------------------------------------------------------
> 
--------------
> 
> My klist:
> =======
> # 
klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: 
Administrator at UNDERVISNING.LOCAL
> 
> Valid starting Expires Service 
principal
> 01/04/09 16:36:47 01/04/09 23:16:47
> 
krbtgt/UNDERVISNING.LOCAL at UNDERVISNING.LOCAL
> 
> 
> Kerberos 
4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
> 

> 
------------------------------------------------------------------------
> 
--------------
> 
> smb.conf
> =======
> cat 
/etc/samba/smb.conf | grep -v "#"
> [global]
> dos charset = 
ASCII
> display charset = ASCII
> workgroup = UNDERVISNING
> 
realm = UNDERVISNING.LOCAL
> server string = Debian 4.0 - Samba %v - 
BDC
> security = ADS
> password server = bgdc.birke-gym.dk
> 
log level = 10
> log file = /var/log/samba/UNDERVISNING
> disable 
netbios = Yes
> name resolve order = wins lmhosts hosts bcast
> os 
level = 1000
> preferred master = No
> local master = No
> 
domain master = No
> wins server = bgdc.birke-gym.dk
> idmap uid = 
500-10000000
> idmap gid = 500-10000000
> template shell = 
/bin/bash
> winbind separator = %
> winbind enum users = Yes
> 
winbind enum groups = Yes
> winbind use default domain = Yes
> 
inherit permissions = Yes
> inherit owner = Yes
> hide special files 
= Yes
> hide unreadable = Yes
> 
> [homes]
> comment = 
Home Directories
> valid users = %U
> read only = No
> 
browseable = No
> 
> 
------------------------------------------------------------------------
> 
--------------
> 
> # testparm
> Load smb config files from 
/etc/samba/smb.conf
> Processing section "[homes]"
> Loaded services 
file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a 
dump of your service definitions
> ^C
> 
> 
------------------------------------------------------------------------
> 
--------------
> 
> krb5.conf
> ======
> 
> 
[logging]
> default = FILE:/var/log/krb5libs.log
> #kdc = 
FILE:/var/log/krb5kdc.log
> #admin_server = 
FILE:/var/log/kadmind.log
> 
> [libdefaults]
> ticket_lifetime 
= 24000
> default_realm = UNDERVISNING.LOCAL
> 
> 
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> default_tgs_enctypes = 
des3-hmac-sha1 des-cbc-crc
> 
> [realms]
> #================ 
Birke-gym.dk =========================
> UNDERVISNING.LOCAL = {
> 
kdc = bgdc.birke-gym.dk
> admin_server = bgdc.birke-gym.dk
> 
default_domain = UNDERVISNING.LOCAL
> }
> 
> 
[domain_realm]
> .undervisning.local = UNDERVISNING.LOCAL
> 
undervisning.local = UNDERVISNING.LOCAL
> 
> [login]
> 
krb4_convert = true
> krb4_get_tickets = false
> 
> 
------------------------------------------------------------------------
> 
--------------
> 
> # cat /etc/hosts
> 127.0.0.1 localhost 
mail
> 127.0.1.1 mail.birke-gym.dk mail
> 
> 10.3.17.1 
bgdc.birke-gym.dk bgdc
> 
> 
------------------------------------------------------------------------
> 
--------------
> 
> Any suggestion ?
> 
> And how mutch 
do I have to setup on the Windows Server ? I have createt
> a krb. trust 
on it and I use the pass I gave there, but is there more I
> have to set 
?
> 
> Sorry for my bad english, and if there is anything plz feel 
free to
> write, all help is resived with love 
> 
> 
----
> Med Venlig Hilsen / Best regards
> Henrik Dige Semark
> 
_________________________________________________________________
> Del 
dine billeder med alle vennerne med Windows Live Photo Gallery.
> 
http://download.live.com/photogallery-- 
> To unsubscribe from this list 
go to the following URL and read the
> instructions: 
https://lists.samba.org/mailman/listinfo/samba



Vind en Samsung fladskrm og f Hotmail p mobilen Ls mere her.
_________________________________________________________________
Få Windows Live Hotmail to go med Samsung i200!
www.microsoft.dk/hotmail

More information about the samba mailing list