[Samba] Failing to join an ADS domain
Olivier Cherrier
oc at symacx.com
Tue Jul 7 09:22:53 GMT 2009
Hi,
I am trying to join a microsoft AD domain using RHEL 5.3. I tried with the
default Samba release (provided by redhat) with no luck. I've just upgraded
to Samba 3.3.6 (using http://ftp.sernet.de/pub/samba/recent/rhel/5/x86_64/)
but it still fails.
The AD domain is "example.domain.org" and has its own DNS servers.
My /etc/resolv.conf file redirects DNS queries to the AD DC DNS servers and it
works OK.
Furthemore, I would like to *not* use any WINS server and use raw SMB like
Windows 2000+.
[root at samba ~]# net -d 30 ads join -U admin at EXAMPLE.DOMAIN.ORG > /tmp/net_command.log 2>&1
Enter admin at EXAMPLE.DOMAIN.ORG's password:
Segmentation fault
[root at samba ~]# The output is in the attached file.
Here are my Samba 3.3.6 configuration:
=========================
# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[smbhome]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
[global]
workgroup = EXAMPLE
realm = EXAMPLE.DOMAIN.ORG
server string = Samba Server
security = ADS
password server = server1.example.domain.org
server2.example.domain.org
log level = 3
log file = /var/log/samba/log.%m
max log size = 1000
smb ports = 139
name resolve order = host
server signing = auto
client use spnego = No
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
os level = 0
local master = No
domain master = No
enhanced browsing = No
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind separator = /
winbind use default domain = Yes
hosts allow = 10., 127., 172., 193., 192.
[smbhome]
comment = Test share
path = /home/smbhome
read only = No
inherit acls = Yes
map acl inherit = Yes
veto files = /lost+found/
hide files = /Network Trash Folder/
store dos attributes = Yes
dos filemode = Yes
And here is my /etc/krb5.conf:
===================
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = EXAMPLE.DOMAIN.ORG
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EXAMPLE.DOMAIN.ORG = {
kdc = plato.beilux.eib.org
admin_server = 172.18.16.92:749
default_domain = beilux.eib.org
}
[domain_realm]
.example.domain.org = EXAMPLE.DOMAIN.ORG
domain.org = EXAMPLE.DOMAIN.ORG
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
Running kinit ... and klist works:
[root at samba ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin at EXAMPLE.DOMAIN.ORG
Valid starting Expires Service principal
07/02/09 17:20:29 07/03/09 03:20:37
krbtgt/EXAMPLE.DOMAIN.ORG at EXAMPLE.DOMAIN.ORG
renew until 07/03/09 17:20:29
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached
[root at samba ~]#
Thanks in advance for any help / pointers.
Regards.
--
Olivier Cherrier
-------------- next part --------------
[2009/07/02 18:11:56, 5] lib/debug.c:debug_dump_status(407)
INFO: Current debug levels:
all: True/30
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
[2009/07/02 18:11:56, 3] param/loadparm.c:lp_load_ex(8824)
lp_load_ex: refreshing parameters
[2009/07/02 18:11:56, 3] param/loadparm.c:init_globals(4631)
Initialising global parameters
[2009/07/02 18:11:56, 3] param/params.c:pm_process(569)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2009/07/02 18:11:56, 3] param/loadparm.c:do_section(7487)
Processing section "[global]"
doing parameter netbios name = SAMBA
[2009/07/02 18:11:56, 4] param/loadparm.c:handle_netbios_name(6827)
handle_netbios_name: set global_myname to: SAMBA
doing parameter server string = Samba Server
doing parameter workgroup = EXAMPLE
doing parameter realm = EXAMPLE.DOMAIN.ORG
doing parameter security = ads
doing parameter encrypt passwords = yes
doing parameter password server = server1.example.domain.org server2.example.domain.org
doing parameter domain master = no
doing parameter local master = no
doing parameter preferred master = no
doing parameter enhanced browsing = no
doing parameter idmap uid = 10000-20000
doing parameter idmap gid = 10000-20000
doing parameter winbind separator = /
doing parameter winbind use default domain = yes
doing parameter log level = 3
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter name resolve order = host
doing parameter smb ports = 139
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
doing parameter hosts allow = 10. 127. 172. 193. 192.
doing parameter os level = 0
[2009/07/02 18:11:56, 4] param/loadparm.c:lp_load_ex(8868)
pm_process() returned Yes
[2009/07/02 18:11:56, 7] param/loadparm.c:lp_servicenumber(9073)
lp_servicenumber: couldn't find homes
[2009/07/02 18:11:56, 10] param/loadparm.c:set_server_role(8046)
set_server_role: role = ROLE_DOMAIN_MEMBER
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UCS-2LE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UCS-2LE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF-16LE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF-16LE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UCS-2BE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UCS-2BE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF-16BE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF-16BE
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF8
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF8
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UTF-8
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UTF-8
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset ASCII
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset ASCII
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset 646
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset 646
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset ISO-8859-1
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset ISO-8859-1
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(104)
Attempting to register new charset UCS2-HEX
[2009/07/02 18:11:56, 5] lib/iconv.c:smb_register_charset(112)
Registered charset UCS2-HEX
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/charcnv.c:charset_name(82)
Substituting charset 'UTF-8' for LOCALE
[2009/07/02 18:11:56, 5] lib/util.c:init_names(269)
Netbios name list:-
my_netbios_names[0]="SAMBA"
[2009/07/02 18:11:56, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=fe80::216:3eff:fe08:ff63%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2009/07/02 18:11:56, 2] lib/interface.c:add_interface(340)
added interface eth0 ip=172.21.25.57 bcast=172.21.255.255 netmask=255.255.0.0
[2009/07/02 18:12:07, 1] libnet/libnet_join.c:libnet_Join(1871)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'SAMBA'
domain_name : *
domain_name : 'EXAMPLE.DOMAIN.ORG'
account_ou : NULL
admin_account : 'admin at EXAMPLE.DOMAIN.ORG'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2009/07/02 18:12:07, 10] libsmb/dsgetdcname.c:dsgetdcname(1167)
dsgetdcname: domain_name: EXAMPLE.DOMAIN.ORG, domain_guid: (null), site_name: (null), flags: 0x40001011
[2009/07/02 18:12:07, 10] libsmb/dsgetdcname.c:debug_dsdcinfo_flags(46)
debug_dsdcinfo_flags: 0x40001011
DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
[2009/07/02 18:12:07, 5] lib/gencache.c:gencache_init(61)
Opening cache file at /var/lib/samba/gencache.tdb
[2009/07/02 18:12:07, 10] lib/gencache.c:gencache_get(194)
Cache entry with key = AD_SITENAME/DOMAIN/EXAMPLE.DOMAIN.ORG couldn't be found
[2009/07/02 18:12:07, 5] libads/dns.c:sitename_fetch(814)
sitename_fetch: No stored sitename for EXAMPLE.DOMAIN.ORG
[2009/07/02 18:12:07, 10] libsmb/dsgetdcname.c:dsgetdcname_rediscover(1080)
dsgetdcname_rediscover
[2009/07/02 18:12:07, 4] libads/dns.c:ads_dns_lookup_srv(432)
ads_dns_lookup_srv: 3 records returned in the answer section.
[2009/07/02 18:12:07, 10] libads/dns.c:ads_dns_parse_rr_srv(213)
ads_dns_parse_rr_srv: Parsed server1.example.domain.org [0, 100, 389]
[2009/07/02 18:12:07, 10] libads/dns.c:ads_dns_parse_rr_srv(213)
ads_dns_parse_rr_srv: Parsed server2.example.domain.org [0, 100, 389]
[2009/07/02 18:12:07, 10] libads/dns.c:ads_dns_parse_rr_srv(213)
ads_dns_parse_rr_srv: Parsed server3.example.domain.org [0, 100, 389]
[2009/07/02 18:12:07, 10] libsmb/dsgetdcname.c:process_dc_dns(894)
LDAP ping to server2.example.domain.org
[2009/07/02 18:12:07, 1] libads/cldap.c:recv_cldap_netlogon(185)
Failed to parse cldap reply
[2009/07/02 18:12:07, 10] libsmb/dsgetdcname.c:process_dc_dns(894)
LDAP ping to server1.example.domain.org
[2009/07/02 18:12:07, 1] libads/cldap.c:recv_cldap_netlogon(185)
Failed to parse cldap reply
[2009/07/02 18:12:07, 10] libsmb/dsgetdcname.c:process_dc_dns(894)
LDAP ping to server3.example.domain.org
[2009/07/02 18:12:07, 1] libads/cldap.c:recv_cldap_netlogon(185)
Failed to parse cldap reply
[2009/07/02 18:12:07, 10] libsmb/dsgetdcname.c:process_dc_dns(894)
More information about the samba
mailing list