[Samba] Problem to join Win20900 ADS realm
Javier Argentina
javier.debian.bb.ar at gmail.com
Thu Sep 3 07:38:25 MDT 2009
Some help, please?
2009/9/2, JAP <javier.debian.bb.ar at gmail.com>:
> Dear samba team:
>
> I've some troubles to join a GNU/Linux Debian “squeeze” machine to a
> Windows 2000 ADS realm. I've studied everything about samba, but this
> problem cause that I cant print in the Windows servers and I've other
> problems.
> I've joined machines in this domain before ( I made a recipe at
> http://wiki.debian.org/SAMBAclienteWindows)
> But in the last days, I've a problem with the disk, and was necessary to
> set up all the system again.
> And it's impossible to me join the domain!
> I'd tracked everything in the web about this problem, but I did not find
> the solution.
> Attaches all the information about the net / samba configuration and the
> errors.
>
> Please, if you can help me.
>
> Javier
>
> -------------------------------------------------------------------------
>
> My host: station91
> My user: win-user5
> My password: win-pass
> My domain: company
> My realm: local.company
> My KDC administrative server: serverpdc1
> My KDC secondary server: serverbdc7
>
> -------------------------------------------------------------------------
>
>
> # /etc/network/interfaces
> #
> # This file describes the network interfaces available on your system
> # and how to activate them. For more information, see interfaces(5).
>
> # The loopback network interface
> auto lo
> iface lo inet loopback
>
> # LOCAL
> allow-hotplug eth0
> auto eth0
> iface eth0 inet dhcp
> post-up route del default gw 10.111.1.254
> post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0
> post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
> post-up net time set -S serverpdc1
>
> -------------------------------------------------------------------------
>
> # /etc/krb5.conf
>
> [libdefaults]
> default_realm = LOCAL.COMPANY
>
> # The following krb5.conf variables are only for MIT Kerberos.
> krb4_config = /etc/krb.conf
> krb4_realms = /etc/krb.realms
> kdc_timesync = 1
> ccache_type = 4
> forwardable = true
> proxiable = true
>
> [realms]
> LOCAL.COMPANY = {
> kdc = serverbdc7
> kdc = serverpdc1
> kdc = serverbdc2
> kdc = serverbdc5
> admin_server = serverpdc1
> }
>
> [domain_realm]
> .local.company = LOCAL.COMPANY
> local.company = LOCAL.COMPANY
>
> [login]
> krb4_convert = true
> krb4_get_tickets = false
>
> -------------------------------------------------------------------------
>
>
> # /etc/nsswitch.conf
> #
> # Example configuration of GNU Name Service Switch functionality.
> # If you have the `glibc-doc-reference' and `info' packages installed, try:
> # `info libc "Name Service Switch"' for information about this file.
>
> passwd: files winbind ldap
> group: files winbind ldap
> shadow: files
>
> hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4
> networks: files
>
> protocols: db files
> services: db files
> ethers: db files
> rpc: db files
>
> netgroup: nis
>
> -------------------------------------------------------------------------
>
>
> # /etc/samba/smb.conf
> # Samba config file created using SWAT
> # from UNKNOWN (��t)
> # Date: 2009/09/02 08:30:38
>
> [global]
> ldap ssl ads = Yes
> idmap gid = 10000-20000
> passwd chat = *Enter\snew\s*\spassword:* %n\n
> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
> obey pam restrictions = Yes
> browse list = No
> dns proxy = No
> idmap uid = 10000-20000
> local master = No
> workgroup = COMPANY
> os level = 0
> winbind refresh tickets = Yes
> update encrypted = Yes
> printcap name = cups
> security = ADS
> winbind separator = +
> max log size = 1000
> lanman auth = Yes
> log file = /var/log/samba/log.%m
> include = /etc/samba/dhcp.conf
> wins server = eth0:10.111.1.201
> auth methods = winbind, krb5, ldap, guest, sam
> interfaces = eth0
> username map = /etc/samba/smbusers
> domain master = No
> winbind trusted domains only = yes
> realm = LOCAL.COMPANY
> winbind use default domain = Yes
> server string = %h - Jefe Almacenaje (13-6922)
> password server = serverbdc7, serverpdc1, *
> unix password sync = Yes
> template homedir = /home/%U
> syslog = 0
> panic action = /usr/share/samba/panic-action %d
> pam password change = Yes
>
> [homes]
> comment = Home Directories
> valid users = %S
> create mask = 0700
> directory mask = 0700
> browseable = No
>
> [printers]
> comment = All Printers
> path = /var/spool/samba
> create mask = 0700
> printable = Yes
> browseable = No
>
> [print$]
> comment = Printer Drivers
> path = /var/lib/samba/printers
> [homes]
> comment = Home Directories
> valid users = %S
> create mask = 0700
> directory mask = 0700
> browseable = No
>
> -------------------------------------------------------------------------
>
>
>
> station91:~# wbinfo -m --verbose
> Domain Name DNS Domain Trust Type Transitive In Out
> BUILTIN None Yes Yes Yes
> IBPBW91 None Yes Yes Yes
> COMPANY LOCAL.COMPANY None Yes Yes Yes
>
> -------------------------------------------------------------------------
>
>
> station91:~# wbinfo -u –verbose
> (do nothing!!)
>
> -------------------------------------------------------------------------
>
>
> station91:~# wbinfo -g --verbose
> BUILTIN+administrators
> BUILTIN+users
>
> -------------------------------------------------------------------------
>
>
> station91:~# wbinfo -u --verbose -K win-user5%win-pass
> plaintext kerberos password authentication for [win-user5%win-pass]
> failed (requesting cctype: FILE)
> error code was NT_STATUS_LOGON_FAILURE (0xc000006d)
> error messsage was: Logon failure
> Could not authenticate user [win-user5%win-pass] with Kerberos (ccache:
> FILE)
>
> -------------------------------------------------------------------------
>
>
> station91:~# kinit win-user5
> Password for win-user5 at LOCAL.COMPANY:
>
> station91:~# klist
> Ticket cache: FILE:/tmp/krb5cc_0
> Default principal: win-user5 at LOCAL.COMPANY
> Valid starting Expires Service principal
> 09/02/09 10:07:00 09/02/09 20:07:17 krbtgt/LOCAL.COMPANY at LOCAL.COMPANY
> renew until 09/03/09 10:07:00
>
> -------------------------------------------------------------------------
>
>
> station91:~# net rpc oldjoin -U win-user5%win-pass -S serverpdc1 -d 3
>
> [2009/09/02 10:36:21, 3] param/loadparm.c:lp_load_ex(8818)
>
> lp_load_ex: refreshing parameters
>
> [2009/09/02 10:36:21, 3] param/loadparm.c:init_globals(4653)
>
> Initialising global parameters
>
> [2009/09/02 10:36:21, 3] param/params.c:pm_process(569)
>
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2009/09/02 10:36:21, 3] param/loadparm.c:do_section(7481)
>
> Processing section "[global]"
>
> [2009/09/02 10:36:21, 3] param/params.c:pm_process(569)
>
> params.c:pm_process() - Processing configuration file
> "/etc/samba/dhcp.conf"
> [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340)
>
> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>
>
> [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340)
> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
> netmask=255.255.255.0
> [2009/09/02 10:36:21, 3] libsmb/cliconnect.c:cli_start_connection(1649)
> Connecting to host=serverpdc1
> [2009/09/02 10:36:21, 3] lib/util_sock.c:open_socket_out(1400)
> Connecting to 10.1.0.231 at port 445
> [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
> rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
> request returned ok.
> [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
> rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
> request returned ok.
> [2009/09/02 10:36:21, 3]
> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
> rpccli_netlogon_set_trust_password: unable to setup creds
> (NT_STATUS_ACCESS_DENIED)!
> [2009/09/02 10:36:21, 1] utils/net_rpc.c:run_rpc_command(193)
> rpc command function failed! (NT_STATUS_ACCESS_DENIED)
> Failed to join domain
> [2009/09/02 10:36:21, 2] utils/net.c:main(770)
> return code = -1
>
> -------------------------------------------------------------------------
>
>
> station91:~# net ads join -U win-user5%win-pass -S serverpdc1 -d 3
>
> [2009/09/02 10:38:12, 3] param/loadparm.c:lp_load_ex(8818)
>
> lp_load_ex: refreshing parameters
>
> [2009/09/02 10:38:12, 3] param/loadparm.c:init_globals(4653)
>
> Initialising global parameters
>
> [2009/09/02 10:38:12, 3] param/params.c:pm_process(569)
>
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2009/09/02 10:38:12, 3] param/loadparm.c:do_section(7481)
>
> Processing section "[global]"
>
> [2009/09/02 10:38:12, 3] param/params.c:pm_process(569)
>
> params.c:pm_process() - Processing configuration file
> "/etc/samba/dhcp.conf"
> [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340)
>
> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>
>
> [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340)
>
> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
> netmask=255.255.255.0
> [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1871)
>
> libnet_Join:
>
> libnet_JoinCtx: struct libnet_JoinCtx
>
> in: struct libnet_JoinCtx
>
> dc_name : 'serverpdc1'
>
> machine_name : 'IBPBW91'
>
> domain_name : *
>
> domain_name : 'LOCAL.COMPANY'
>
> account_ou : NULL
>
> admin_account : 'win-user5'
>
> admin_password : *
>
> machine_password : NULL
>
> join_flags : 0x00000023 (35)
>
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>
> os_version : NULL
>
> os_name : NULL
>
> create_upn : 0x00 (0)
>
> upn : NULL
>
> modify_config : 0x00 (0)
>
> ads : NULL
>
> debug : 0x01 (1)
>
> use_kerberos : 0x00 (0)
>
> secure_channel_type : SEC_CHAN_WKSTA (2)
>
> [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_start_connection(1649)
>
> Connecting to host=serverpdc1
>
> [2009/09/02 10:38:12, 3] lib/util_sock.c:open_socket_out(1400)
>
> Connecting to 10.1.0.231 at port 445
>
> [2009/09/02 10:38:12, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(823)
>
> Doing spnego session setup (blob length=108)
>
> [2009/09/02 10:38:12, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 2 840 48018 1 2 2
>
> [2009/09/02 10:38:12, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 2 840 113554 1 2 2
>
> [2009/09/02 10:38:12, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 2 840 113554 1 2 2 3
>
> [2009/09/02 10:38:12, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 3 6 1 4 1 311 2 2 10
>
> [2009/09/02 10:38:12, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(858)
>
> got principal=serverpdc1$@LOCAL.COMPANY
>
> [2009/09/02 10:38:12, 3]
> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
>
> Got challenge flags:
>
> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>
> Got NTLMSSP neg_flags=0x62898215
>
> [2009/09/02 10:38:12, 3]
> libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
>
> NTLMSSP: Set final flags:
>
> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>
> Got NTLMSSP neg_flags=0x60088215
>
> [2009/09/02 10:38:12, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
>
> NTLMSSP Sign/Seal - Initialising with flags:
>
> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>
> Got NTLMSSP neg_flags=0x60088215
>
> [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_session_setup(1055)
>
> SPNEGO login failed: Logon failure
>
> [2009/09/02 10:38:12, 1] libsmb/cliconnect.c:cli_full_connection(1754)
>
> failed session setup with NT_STATUS_LOGON_FAILURE
>
> [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1902)
>
> libnet_Join:
>
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : NULL
> dns_domain_name : NULL
> forest_name : NULL
> dn : NULL
> domain_sid : NULL
> domain_sid : (NULL SID)
> modified_config : 0x00 (0)
> error_string : 'failed to lookup DC info for
> domain 'LOCAL.COMPANY' over rpc: Logon failure'
> domain_is_ad : 0x00 (0)
> result : WERR_LOGON_FAILURE
> Failed to join domain: failed to lookup DC info for domain
> 'LOCAL.COMPANY' over rpc: Logon failure
> [2009/09/02 10:38:12, 2] utils/net.c:main(770)
> return code = -1
>
>
> -------------------------------------------------------------------------
>
>
> station91:~# net rpc join -U win-user5%win-pass -S serverpdc1 -d 3
> [2009/09/02 10:40:30, 3] param/loadparm.c:lp_load_ex(8818)
> lp_load_ex: refreshing parameters
> [2009/09/02 10:40:30, 3] param/loadparm.c:init_globals(4653)
> Initialising global parameters
> [2009/09/02 10:40:30, 3] param/params.c:pm_process(569)
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> [2009/09/02 10:40:30, 3] param/loadparm.c:do_section(7481)
>
> Processing section "[global]"
>
> [2009/09/02 10:40:30, 3] param/params.c:pm_process(569)
>
> params.c:pm_process() - Processing configuration file
> "/etc/samba/dhcp.conf"
> [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340)
>
> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>
>
> [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340)
>
> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
> netmask=255.255.255.0
> [2009/09/02 10:40:30, 3] libsmb/cliconnect.c:cli_start_connection(1649)
>
> Connecting to host=serverpdc1
>
> [2009/09/02 10:40:30, 3] lib/util_sock.c:open_socket_out(1400)
>
> Connecting to 10.1.0.231 at port 445
>
> [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>
> rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
> request returned ok.
> [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>
> rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
> request returned ok.
> [2009/09/02 10:40:31, 3]
> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
>
> rpccli_netlogon_set_trust_password: unable to setup creds
> (NT_STATUS_ACCESS_DENIED)!
> [2009/09/02 10:40:31, 1] utils/net_rpc.c:run_rpc_command(193)
>
> rpc command function failed! (NT_STATUS_ACCESS_DENIED)
>
> [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_start_connection(1649)
>
> Connecting to host=serverpdc1
>
> [2009/09/02 10:40:31, 3] lib/util_sock.c:open_socket_out(1400)
>
> Connecting to 10.1.0.231 at port 445
>
> [2009/09/02 10:40:31, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(823)
>
> Doing spnego session setup (blob length=108)
>
> [2009/09/02 10:40:31, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 2 840 48018 1 2 2
>
> [2009/09/02 10:40:31, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 2 840 113554 1 2 2
>
> [2009/09/02 10:40:31, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 2 840 113554 1 2 2 3
>
> [2009/09/02 10:40:31, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>
> got OID=1 3 6 1 4 1 311 2 2 10
>
> [2009/09/02 10:40:31, 3]
> libsmb/cliconnect.c:cli_session_setup_spnego(858)
>
> got principal=serverpdc1$@LOCAL.COMPANY
>
> [2009/09/02 10:40:31, 3]
> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
>
> Got challenge flags:
>
> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>
> Got NTLMSSP neg_flags=0x62898215
>
> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
> NTLMSSP: Set final flags:
> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x60088215
> [2009/09/02 10:40:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
> NTLMSSP Sign/Seal - Initialising with flags:
> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
> Got NTLMSSP neg_flags=0x60088215
> [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_session_setup(1055)
> SPNEGO login failed: Logon failure
> [2009/09/02 10:40:31, 1] libsmb/cliconnect.c:cli_full_connection(1754)
> failed session setup with NT_STATUS_LOGON_FAILURE
> Could not connect to server serverpdc1
> The username or password was not correct.
> Connection failed: NT_STATUS_LOGON_FAILURE
> [2009/09/02 10:40:31, 2] utils/net.c:main(770)
> return code = 1
>
>
More information about the samba
mailing list