[Samba] Samba + Windows 2003 AD
Avron Gray
agray at aeso.ca
Thu Jan 8 17:22:05 GMT 2009
Are you trying to join an existing Windows domain? Or create a new domain?
- Avron
-----Original Message-----
From: samba-bounces+agray=aeso.ca at lists.samba.org [mailto:samba-bounces+agray=aeso.ca at lists.samba.org] On Behalf Of Henrik Dige Semark
Sent: Thursday, January 08, 2009 10:16 AM
To: Samba list
Subject: RE: [Samba] Samba + Windows 2003 AD
How can I ping
UNDERVISNING.LOCAL when its just the domain ? the windows server that runs the domain is bgdc.birke-gym.dk and I can ping that just fine
My resolv.conf
---------------
search birke-gym.dk
nameserver 127.0.0.1
My nsswitch.conf
---------------
passwd: files winbind compat
group: files winbind compat
shadow: files winbind compat
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4
networks: files
protocols: files winbind db files
services: files winbind db files
ethers: db files
rpc: db files
netgroup: files winbind nis
automount: files winbind
is I'm missing something ?
----
Med Venlig Hilsen / Best regards
Henrik Dige Semark
Subject: RE: [Samba] Samba + Windows 2003 AD
Date: Thu, 8 Jan 2009 09:54:22 -0700
From: agray at aeso.ca
To: hendigsem at hotmail.com
Can you :
ping -I 1 UNDERVISNING.LOCAL
No? Check resolv.conf or nsswitch.conf
(I have a SUN Solaris background - not much
Debian)
For more help, please include samba at lists.samba.org in to: or
cc:
Good luck (held og lykke)!
(Sorry, I don't speak Danish... )
- Avron
From: Henrik Dige Semark [mailto:hendigsem at hotmail.com]
Sent: Thursday, January 08, 2009 9:48 AM
To: Avron
Gray
Subject: RE: [Samba] Samba + Windows 2003 AD
Hey thanx for the quick answer
:)
When I try the net ads testjoin its not very informative :P
#
net ads testjoin MAIL$@UNDERVISNING.LOCAL's password:
[2009/01/08
17:39:52, 0] utils/net_ads.c:ads_startup(289)
ads_connect: Operations
error
Join to domain is not valid
I have also tried wbinfo --all-domains
but it can't see the domain I try to connect to, will this say that my smb.conf
I rung in some point ?
I have an older SMB witch is running a
Domain it self, and it can see the domain when I run this command
----
Med Venlig Hilsen / Best regards
Henrik Dige Semark
>
Subject: RE: [Samba] Samba + Windows 2003 AD
> Date: Thu, 8 Jan 2009
09:25:47 -0700
> From: agray at aeso.ca
> To: hendigsem at hotmail.com;
samba at lists.samba.org
>
> Have you run:
> net ads
testjoin
>
> Does it say "Join is OK"?
>
>
>
This might not be related...
>
> I had to compile samba 3.0.33 to
get around a Windows Domain restriction
> issue:
>
https://bugzilla.samba.org/show_bug.cgi?id=4771 The bug indicates that
>
if the \NETLOGON pipe is opened up on the Windows AD server, the join
>
works fine. As soon as it is restricted via domain policies, it
>
restricts anonymous access to the ports. As soon as this happens, we are
>
unable to complete a net join ads successfully.
>
> - Avron
>
> -----Original Message-----
> From:
samba-bounces+agray=aeso.ca at lists.samba.org
>
[mailto:samba-bounces+agray=aeso.ca at lists.samba.org] On Behalf Of Henrik
>
Dige Semark
> Sent: Thursday, January 08, 2009 9:13 AM
> To: Samba
list
> Subject: [Samba] Samba + Windows 2003 AD
>
>
>
Hey, I don't know if this is the right list to ask this question in, but
>
I have tried on the IRC (irc.freenode.net #samba) and people on there
>
advised me to try here instead.
>
>
> I have:
>
Debian 4.0r4
> Samba version 3.0.24 - mail.birke-gym.dk -
10.3.16.1
> krb5 Version 1.4.4-7etch6
> Kernel Version
2.6.18-6-amd64
>
> A Windows Server 2003 SP2 with AD/DC -
bgdc.birke-gym.dk - 10.3.17.1
>
>
------------------------------------------------------------------------
>
--------------
>
> When I try to connect my samba to the DC I get
this output:
>
> # net ads join -U Administrator
--debuglevel=10
> [2009/01/08 17:10:15, 5]
lib/debug.c:debug_dump_status(391)
> INFO: Current debug levels:
>
all: True/10
> tdb: False/0
> printdrivers: False/0
> lanman:
False/0
> smb: False/0
> rpc_parse: False/0
> rpc_srv:
False/0
> rpc_cli: False/0
> passdb: False/0
> sam:
False/0
> auth: False/0
> winbind: False/0
> vfs:
False/0
> idmap: False/0
> quota: False/0
> acls:
False/0
> locking: False/0
> msdfs: False/0
> dmapi:
False/0
> [2009/01/08 17:10:15, 3] param/loadparm.c:lp_load(4953)
>
lp_load: refreshing parameters
> [2009/01/08 17:10:15, 3]
param/loadparm.c:init_globals(1418)
> Initialising global
parameters
> [2009/01/08 17:10:15, 3]
param/params.c:pm_process(572)
> params.c:pm_process() - Processing
configuration file
> "/etc/samba/smb.conf"
> [2009/01/08 17:10:15,
3] param/loadparm.c:do_section(3695)
> Processing section
"[global]"
> doing parameter server string = Debian 4.0 - Samba %v -
BDC
> doing parameter netbios name = mail
> [2009/01/08 17:10:15, 4]
param/loadparm.c:handle_netbios_name(3053)
> handle_netbios_name: set
global_myname to: MAIL
> doing parameter workgroup = UNDERVISNING
>
doing parameter display charset = ASCII
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset
UCS-2LE
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset UCS-2LE
>
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>
Attempting to register new charset UTF-16LE
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset
UTF-16LE
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset
UCS-2BE
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset UCS-2BE
>
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>
Attempting to register new charset UTF-16BE
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset
UTF-16BE
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset
UTF8
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset UTF8
>
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>
Attempting to register new charset UTF-8
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset UTF-8
>
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>
Attempting to register new charset ASCII
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset ASCII
>
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>
Attempting to register new charset 646
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset 646
>
[2009/01/08 17:10:15, 5] lib/iconv.c:smb_register_charset(105)
>
Attempting to register new charset ISO-8859-1
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset
ISO-8859-1
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(105)
> Attempting to register new charset
UCS2-HEX
> [2009/01/08 17:10:15, 5]
lib/iconv.c:smb_register_charset(113)
> Registered charset
UCS2-HEX
> doing parameter unix charset = UTF-8
> doing parameter
dos charset = ASCII
> doing parameter Inherit permissions = yes
>
doing parameter Inherit owner = yes
> doing parameter security =
ADS
> doing parameter idmap uid = 500-10000000
> doing parameter
idmap gid = 500-10000000
> doing parameter template shell =
/bin/bash
> doing parameter winbind use default domain = yes
> doing
parameter winbind separator = %
> doing parameter winbind enum users =
yes
> doing parameter winbind enum groups = yes
> doing parameter
template homedir = /home/%D/%U
> doing parameter client use spnego =
yes
> doing parameter password server = bgdc.birke-gym.dk
> doing
parameter encrypt passwords = Yes
> doing parameter realm =
UNDERVISNING.LOCAL
> doing parameter wins server =
bgdc.birke-gym.dk
> doing parameter nt acl support = true
> doing
parameter os level = 1000
> doing parameter preferred master = no
>
doing parameter domain master = no
> doing parameter local master =
no
> doing parameter domain logons = no
> doing parameter hide
special files = Yes
> doing parameter hide unreadable = Yes
> doing
parameter disable netbios = yes
> doing parameter name resolve order =
wins lmhosts hosts bcast
> doing parameter log level = 10
> doing
parameter log file = /var/log/samba/UNDERVISNING
> [2009/01/08 17:10:15,
4] param/loadparm.c:lp_load(4984)
> pm_process() returned Yes
>
[2009/01/08 17:10:15, 7] param/loadparm.c:lp_servicenumber(5120)
>
lp_servicenumber: couldn't find homes
> [2009/01/08 17:10:15, 10]
param/loadparm.c:set_server_role(4229)
> set_server_role: role =
ROLE_DOMAIN_MEMBER
> [2009/01/08 17:10:15, 5]
lib/util.c:init_names(286)
> Netbios name list:-
>
my_netbios_names[0]="MAIL"
> [2009/01/08 17:10:15, 2]
lib/interface.c:add_interface(81)
> added interface ip=194.182.87.97
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15,
2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.2
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15,
2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.98
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15,
2] lib/interface.c:add_interface(81)
> added interface ip=194.182.87.121
bcast=194.182.87.127
> nmask=255.255.255.128
> [2009/01/08 17:10:15,
2] lib/interface.c:add_interface(81)
> added interface ip=10.3.255.1
bcast=10.3.255.255 nmask=255.255.255.0
> [2009/01/08 17:10:15, 2]
lib/interface.c:add_interface(81)
> added interface ip=10.3.16.1
bcast=10.3.31.255 nmask=255.255.240.0
> [2009/01/08 17:10:15, 2]
lib/interface.c:add_interface(81)
> added interface ip=10.3.2.250
bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2]
lib/interface.c:add_interface(81)
> added interface ip=10.3.2.1
bcast=10.3.3.255 nmask=255.255.254.0
> [2009/01/08 17:10:15, 2]
lib/interface.c:add_interface(81)
> added interface ip=10.8.0.1
bcast=10.8.0.255 nmask=255.255.255.0
> Administrator's password:
>
[2009/01/08 17:10:19, 6] libads/ldap.c:ads_find_dc(224)
> ads_find_dc:
looking for realm 'UNDERVISNING.LOCAL'
> [2009/01/08 17:10:19, 8]
libsmb/namequery.c:get_sorted_dc_list(1551)
> get_sorted_dc_list:
attempting lookup using [ads]
> [2009/01/08 17:10:19, 5]
lib/gencache.c:gencache_init(61)
> Opening cache file at
/var/run/samba/gencache.tdb
> [2009/01/08 17:10:19, 10]
lib/gencache.c:gencache_get(329)
> Cache entry with key =
SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found
> [2009/01/08 17:10:19, 5]
libsmb/namequery.c:saf_fetch(105)
> saf_fetch: failed to find server for
"UNDERVISNING.LOCAL" domain
> [2009/01/08 17:10:19, 3]
libsmb/namequery.c:get_dc_list(1426)
> get_dc_list: preferred server list:
", bgdc.birke-gym.dk"
> [2009/01/08 17:10:19, 10]
libsmb/namequery.c:internal_resolve_name(1132)
> internal_resolve_name:
looking up bgdc.birke-gym.dk#20
> [2009/01/08 17:10:19, 10]
lib/gencache.c:gencache_get(304)
> Returning valid cache entry: key =
NBT/BGDC.BIRKE-GYM.DK#20, value =
> 10.3.17.1:0, timeout = Thu Jan 8
17:20:53 2009
> [2009/01/08 17:10:19, 5]
libsmb/namecache.c:namecache_fetch(201)
> name bgdc.birke-gym.dk#20
found.
> [2009/01/08 17:10:19, 10]
>
libsmb/namequery.c:remove_duplicate_addrs2(408)
> remove_duplicate_addrs2:
looking for duplicate address/port pairs
> [2009/01/08 17:10:19, 4]
libsmb/namequery.c:get_dc_list(1529)
> get_dc_list: returning 1 ip
addresses in an ordered list
> [2009/01/08 17:10:19, 4]
libsmb/namequery.c:get_dc_list(1530)
> get_dc_list: 10.3.17.1:389
>
[2009/01/08 17:10:19, 5] libads/ldap.c:ads_try_connect(127)
>
ads_try_connect: sending CLDAP request to 10.3.17.1 (realm:
>
UNDERVISNING.LOCAL)
> [2009/01/08 17:10:19, 10]
libsmb/namequery.c:saf_store(71)
> saf_store: domain = [UNDERVISNING],
server = [10.3.17.1], expire =
> [1231431919]
> [2009/01/08
17:10:19, 10] lib/gencache.c:gencache_set(140)
> Adding cache entry with
key = SAF/DOMAIN/UNDERVISNING; value =
> 10.3.17.1 and timeout = Thu Jan 8
17:25:19 2009
> (900 seconds ahead)
> [2009/01/08 17:10:19, 3]
libads/ldap.c:ads_connect(287)
> Connected to LDAP server
10.3.17.1
>
> ==== STOPS HERE FOR ABOUT 30 SEC ====
>
> [2009/01/08 17:10:24, 0] utils/net_ads.c:ads_startup(289)
>
ads_connect: Operations error
> [2009/01/08 17:10:24, 2]
utils/net.c:main(988)
> return code = -1
>
>
------------------------------------------------------------------------
>
--------------
>
> Windows Server Event log:
>
=======
> Windows Server Event - [22:56:34]
>
> Successful
Network Logon:
> User Name: BGDC$
> Domain: UNDERVISNING
>
Logon ID: (0x0,0x1C82893)
> Logon Type: 3
> Logon Process:
Kerberos
> Authentication Package: Kerberos
> Workstation Name:
> Logon GUID: {791dbfae-1330-1cc3-24ee-538ed69bc9d8}
> Caller User
Name: -
> Caller Domain: -
> Caller Logon ID: -
> Caller
Process ID: -
> Transited Services: -
> Source Network Address:
10.3.17.1
> Source Port: 4831
>
> For more information, see
Help and Support Center at
>
http://go.microsoft.com/fwlink/events.asp.
>
>
>
======================================
> Windows Server Event -
[22:56:34]
> Special privileges assigned to new logon:
> User Name:
BGDC$
> Domain: UNDERVISNING
> Logon ID: (0x0,0x1C82893)
>
Privileges: SeSecurityPrivilege
> SeBackupPrivilege
>
SeRestorePrivilege
> SeTakeOwnershipPrivilege
>
SeDebugPrivilege
> SeSystemEnvironmentPrivilege
>
SeLoadDriverPrivilege
> SeImpersonatePrivilege
>
SeEnableDelegationPrivilege
>
> For more information, see Help and
Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
>
> ======================================
>
>
>
> Windows Server Event - [23:01:34]
>
> User
Logoff:
> User Name: BGDC$
> Domain: UNDERVISNING
> Logon ID:
(0x0,0x1C82893)
> Logon Type: 3
>
> For more information,
see Help and Support Center at
>
http://go.microsoft.com/fwlink/events.asp.
>
>
>
------------------------------------------------------------------------
>
--------------
>
> My klist:
> =======
> #
klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal:
Administrator at UNDERVISNING.LOCAL
>
> Valid starting Expires Service
principal
> 01/04/09 16:36:47 01/04/09 23:16:47
>
krbtgt/UNDERVISNING.LOCAL at UNDERVISNING.LOCAL
>
>
> Kerberos
4 ticket cache: /tmp/tkt0
> klist: You have no tickets cached
>
>
------------------------------------------------------------------------
>
--------------
>
> smb.conf
> =======
> cat
/etc/samba/smb.conf | grep -v "#"
> [global]
> dos charset =
ASCII
> display charset = ASCII
> workgroup = UNDERVISNING
>
realm = UNDERVISNING.LOCAL
> server string = Debian 4.0 - Samba %v -
BDC
> security = ADS
> password server = bgdc.birke-gym.dk
>
log level = 10
> log file = /var/log/samba/UNDERVISNING
> disable
netbios = Yes
> name resolve order = wins lmhosts hosts bcast
> os
level = 1000
> preferred master = No
> local master = No
>
domain master = No
> wins server = bgdc.birke-gym.dk
> idmap uid =
500-10000000
> idmap gid = 500-10000000
> template shell =
/bin/bash
> winbind separator = %
> winbind enum users = Yes
>
winbind enum groups = Yes
> winbind use default domain = Yes
>
inherit permissions = Yes
> inherit owner = Yes
> hide special files
= Yes
> hide unreadable = Yes
>
> [homes]
> comment =
Home Directories
> valid users = %U
> read only = No
>
browseable = No
>
>
------------------------------------------------------------------------
>
--------------
>
> # testparm
> Load smb config files from
/etc/samba/smb.conf
> Processing section "[homes]"
> Loaded services
file OK.
> Server role: ROLE_DOMAIN_MEMBER
> Press enter to see a
dump of your service definitions
> ^C
>
>
------------------------------------------------------------------------
>
--------------
>
> krb5.conf
> ======
>
>
[logging]
> default = FILE:/var/log/krb5libs.log
> #kdc =
FILE:/var/log/krb5kdc.log
> #admin_server =
FILE:/var/log/kadmind.log
>
> [libdefaults]
> ticket_lifetime
= 24000
> default_realm = UNDERVISNING.LOCAL
>
>
default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
> default_tgs_enctypes =
des3-hmac-sha1 des-cbc-crc
>
> [realms]
> #================
Birke-gym.dk =========================
> UNDERVISNING.LOCAL = {
>
kdc = bgdc.birke-gym.dk
> admin_server = bgdc.birke-gym.dk
>
default_domain = UNDERVISNING.LOCAL
> }
>
>
[domain_realm]
> .undervisning.local = UNDERVISNING.LOCAL
>
undervisning.local = UNDERVISNING.LOCAL
>
> [login]
>
krb4_convert = true
> krb4_get_tickets = false
>
>
------------------------------------------------------------------------
>
--------------
>
> # cat /etc/hosts
> 127.0.0.1 localhost
mail
> 127.0.1.1 mail.birke-gym.dk mail
>
> 10.3.17.1
bgdc.birke-gym.dk bgdc
>
>
------------------------------------------------------------------------
>
--------------
>
> Any suggestion ?
>
> And how mutch
do I have to setup on the Windows Server ? I have createt
> a krb. trust
on it and I use the pass I gave there, but is there more I
> have to set
?
>
> Sorry for my bad english, and if there is anything plz feel
free to
> write, all help is resived with love
>
>
----
> Med Venlig Hilsen / Best regards
> Henrik Dige Semark
>
_________________________________________________________________
> Del
dine billeder med alle vennerne med Windows Live Photo Gallery.
>
http://download.live.com/photogallery--
> To unsubscribe from this list
go to the following URL and read the
> instructions:
https://lists.samba.org/mailman/listinfo/samba
Vind en Samsung fladskrm og f Hotmail p mobilen Ls mere her.
_________________________________________________________________
Få Windows Live Hotmail to go med Samsung i200!
www.microsoft.dk/hotmail--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
More information about the samba
mailing list