[Samba] Problem to join Win20900 ADS realm

JAP javier.debian.bb.ar at gmail.com
Mon Sep 7 12:14:49 MDT 2009


Javier Argentina escribió:

Please, I need some help.
Don't ignore me.


> 2009/9/2, JAP <javier.debian.bb.ar at gmail.com>:
>> Dear samba team:
>>
>> I've some troubles to join a GNU/Linux Debian “squeeze” machine to a
>> Windows 2000 ADS realm. I've studied everything about samba, but this
>> problem cause that I cant print in the Windows servers and I've other
>> problems.
>> I've joined machines in this domain before ( I made a recipe at
>> http://wiki.debian.org/SAMBAclienteWindows)
>> But in the last days, I've a problem with the disk, and was necessary to
>> set up all the system again.
>> And it's impossible to me join the domain!
>> I'd tracked everything in the web about this problem, but I did not find
>> the solution.
>> Attaches all the information about the net / samba configuration and the
>> errors.
>>
>> Please, if you can help me.
>>
>> Javier
>>
>> -------------------------------------------------------------------------
>>
>> My host: station91
>> My user: win-user5
>> My password: win-pass
>> My domain: company
>> My realm: local.company
>> My KDC administrative server: serverpdc1
>> My KDC secondary server: serverbdc7
>>
>> -------------------------------------------------------------------------
>>
>>
>> # /etc/network/interfaces
>> #
>> # This file describes the network interfaces available on your system
>> # and how to activate them. For more information, see interfaces(5).
>>
>> # The loopback network interface
>> auto lo
>> iface lo inet loopback
>>
>> # LOCAL
>>   allow-hotplug eth0
>>   auto eth0
>>   iface eth0 inet dhcp
>>   post-up route del default gw 10.111.1.254
>>   post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0
>>   post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0
>>   post-up net time set -S serverpdc1
>>
>> -------------------------------------------------------------------------
>>
>> # /etc/krb5.conf
>>
>> [libdefaults]
>> default_realm = LOCAL.COMPANY
>>
>> # The following krb5.conf variables are only for MIT Kerberos.
>>      krb4_config = /etc/krb.conf
>>      krb4_realms = /etc/krb.realms
>>      kdc_timesync = 1
>>      ccache_type = 4
>>      forwardable = true
>>      proxiable = true
>>
>> [realms]
>> LOCAL.COMPANY = {
>> 		kdc = serverbdc7
>> 		kdc = serverpdc1
>> 		kdc = serverbdc2
>> 		kdc = serverbdc5
>> 		admin_server = serverpdc1
>> }
>>
>> [domain_realm]
>>       .local.company = LOCAL.COMPANY
>>       local.company = LOCAL.COMPANY
>>
>> [login]
>> 	krb4_convert = true
>> 	krb4_get_tickets = false
>>
>> -------------------------------------------------------------------------
>>
>>
>> # /etc/nsswitch.conf
>> #
>> # Example configuration of GNU Name Service Switch functionality.
>> # If you have the `glibc-doc-reference' and `info' packages installed, try:
>> # `info libc "Name Service Switch"' for information about this file.
>>
>> passwd:      files winbind ldap
>> group:       files winbind ldap
>> shadow:      files
>>
>> hosts:       files wins mdns4_minimal [NOTFOUND=return] dns mdns4
>> networks:    files
>>
>> protocols:   db files
>> services:    db files
>> ethers:      db files
>> rpc:         db files
>>
>> netgroup:    nis
>>
>> -------------------------------------------------------------------------
>>
>>
>> # /etc/samba/smb.conf
>> # Samba config file created using SWAT
>> # from UNKNOWN (��t)
>> # Date: 2009/09/02 08:30:38
>>
>> [global]
>> 	ldap ssl ads = Yes
>> 	idmap gid = 10000-20000
>> 	passwd chat = *Enter\snew\s*\spassword:* %n\n
>> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
>> 	obey pam restrictions = Yes
>> 	browse list = No
>> 	dns proxy = No
>> 	idmap uid = 10000-20000
>> 	local master = No
>> 	workgroup = COMPANY
>> 	os level = 0
>> 	winbind refresh tickets = Yes
>> 	update encrypted = Yes
>> 	printcap name = cups
>> 	security = ADS
>> 	winbind separator = +
>> 	max log size = 1000
>> 	lanman auth = Yes
>> 	log file = /var/log/samba/log.%m
>> 	include = /etc/samba/dhcp.conf
>> 	wins server = eth0:10.111.1.201
>> 	auth methods = winbind, krb5, ldap, guest, sam
>> 	interfaces = eth0
>> 	username map = /etc/samba/smbusers
>> 	domain master = No
>> 	winbind trusted domains only = yes
>> 	realm = LOCAL.COMPANY
>> 	winbind use default domain = Yes
>> 	server string = %h - Jefe Almacenaje (13-6922)
>> 	password server = serverbdc7, serverpdc1, *
>> 	unix password sync = Yes
>> 	template homedir = /home/%U
>> 	syslog = 0
>> 	panic action = /usr/share/samba/panic-action %d
>> 	pam password change = Yes
>>
>> [homes]
>> 	comment = Home Directories
>> 	valid users = %S
>> 	create mask = 0700
>> 	directory mask = 0700
>> 	browseable = No
>>
>> [printers]
>> 	comment = All Printers
>> 	path = /var/spool/samba
>> 	create mask = 0700
>> 	printable = Yes
>> 	browseable = No
>>
>> [print$]
>> 	comment = Printer Drivers
>> 	path = /var/lib/samba/printers
>> [homes]
>> 	comment = Home Directories
>> 	valid users = %S
>> 	create mask = 0700
>> 	directory mask = 0700
>> 	browseable = No
>>
>> -------------------------------------------------------------------------
>>
>>
>>
>> station91:~# wbinfo -m --verbose
>> Domain Name     DNS Domain              Trust Type  Transitive  In   Out
>> BUILTIN                                 None        Yes         Yes  Yes
>> IBPBW91                                 None        Yes         Yes  Yes
>> COMPANY         LOCAL.COMPANY           None        Yes         Yes  Yes
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# wbinfo -u –verbose
>> (do nothing!!)
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# wbinfo -g --verbose
>> BUILTIN+administrators
>> BUILTIN+users
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# wbinfo -u --verbose -K win-user5%win-pass
>> plaintext kerberos password authentication for [win-user5%win-pass]
>> failed (requesting cctype: FILE)
>> error code was NT_STATUS_LOGON_FAILURE (0xc000006d)
>> error messsage was: Logon failure
>> Could not authenticate user [win-user5%win-pass] with Kerberos (ccache:
>> FILE)
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# kinit win-user5
>> Password for win-user5 at LOCAL.COMPANY:
>>
>> station91:~# klist
>> Ticket cache: FILE:/tmp/krb5cc_0
>> Default principal: win-user5 at LOCAL.COMPANY
>> Valid starting     Expires            Service principal
>> 09/02/09 10:07:00  09/02/09 20:07:17  krbtgt/LOCAL.COMPANY at LOCAL.COMPANY
>>          renew until 09/03/09 10:07:00
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# net rpc oldjoin -U win-user5%win-pass -S serverpdc1 -d 3
>>
>> [2009/09/02 10:36:21,  3] param/loadparm.c:lp_load_ex(8818)
>>
>>    lp_load_ex: refreshing parameters
>>
>> [2009/09/02 10:36:21,  3] param/loadparm.c:init_globals(4653)
>>
>>    Initialising global parameters
>>
>> [2009/09/02 10:36:21,  3] param/params.c:pm_process(569)
>>
>>    params.c:pm_process() - Processing configuration file
>> "/etc/samba/smb.conf"
>> [2009/09/02 10:36:21,  3] param/loadparm.c:do_section(7481)
>>
>>    Processing section "[global]"
>>
>> [2009/09/02 10:36:21,  3] param/params.c:pm_process(569)
>>
>>    params.c:pm_process() - Processing configuration file
>> "/etc/samba/dhcp.conf"
>> [2009/09/02 10:36:21,  2] lib/interface.c:add_interface(340)
>>
>>    added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>
>>
>> [2009/09/02 10:36:21,  2] lib/interface.c:add_interface(340)
>>    added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
>> netmask=255.255.255.0
>> [2009/09/02 10:36:21,  3] libsmb/cliconnect.c:cli_start_connection(1649)
>>    Connecting to host=serverpdc1
>> [2009/09/02 10:36:21,  3] lib/util_sock.c:open_socket_out(1400)
>>    Connecting to 10.1.0.231 at port 445
>> [2009/09/02 10:36:21,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>>    rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
>> request returned ok.
>> [2009/09/02 10:36:21,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>>    rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
>> request returned ok.
>> [2009/09/02 10:36:21,  3]
>> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
>>    rpccli_netlogon_set_trust_password: unable to setup creds
>> (NT_STATUS_ACCESS_DENIED)!
>> [2009/09/02 10:36:21,  1] utils/net_rpc.c:run_rpc_command(193)
>>    rpc command function failed! (NT_STATUS_ACCESS_DENIED)
>> Failed to join domain
>> [2009/09/02 10:36:21,  2] utils/net.c:main(770)
>>    return code = -1
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# net ads join -U win-user5%win-pass -S serverpdc1 -d 3
>>
>> [2009/09/02 10:38:12,  3] param/loadparm.c:lp_load_ex(8818)
>>
>>    lp_load_ex: refreshing parameters
>>
>> [2009/09/02 10:38:12,  3] param/loadparm.c:init_globals(4653)
>>
>>    Initialising global parameters
>>
>> [2009/09/02 10:38:12,  3] param/params.c:pm_process(569)
>>
>>    params.c:pm_process() - Processing configuration file
>> "/etc/samba/smb.conf"
>> [2009/09/02 10:38:12,  3] param/loadparm.c:do_section(7481)
>>
>>    Processing section "[global]"
>>
>> [2009/09/02 10:38:12,  3] param/params.c:pm_process(569)
>>
>>    params.c:pm_process() - Processing configuration file
>> "/etc/samba/dhcp.conf"
>> [2009/09/02 10:38:12,  2] lib/interface.c:add_interface(340)
>>
>>    added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>
>>
>> [2009/09/02 10:38:12,  2] lib/interface.c:add_interface(340)
>>
>>    added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
>> netmask=255.255.255.0
>> [2009/09/02 10:38:12,  1] libnet/libnet_join.c:libnet_Join(1871)
>>
>>    libnet_Join:
>>
>>        libnet_JoinCtx: struct libnet_JoinCtx
>>
>>            in: struct libnet_JoinCtx
>>
>>                dc_name                  : 'serverpdc1'
>>
>>                machine_name             : 'IBPBW91'
>>
>>                domain_name              : *
>>
>>                    domain_name              : 'LOCAL.COMPANY'
>>
>>                account_ou               : NULL
>>
>>                admin_account            : 'win-user5'
>>
>>                admin_password           : *
>>
>>                machine_password         : NULL
>>
>>                join_flags               : 0x00000023 (35)
>>
>>                       0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>>
>>                       0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>>
>>                       0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>>
>>                       0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>>
>>                       0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>>
>>                       1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>>
>>                       0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>>
>>                       0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>>
>>                       1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>>
>>                       1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>>
>>                os_version               : NULL
>>
>>                os_name                  : NULL
>>
>>                create_upn               : 0x00 (0)
>>
>>                upn                      : NULL
>>
>>                modify_config            : 0x00 (0)
>>
>>                ads                      : NULL
>>
>>                debug                    : 0x01 (1)
>>
>>                use_kerberos             : 0x00 (0)
>>
>>                secure_channel_type      : SEC_CHAN_WKSTA (2)
>>
>> [2009/09/02 10:38:12,  3] libsmb/cliconnect.c:cli_start_connection(1649)
>>
>>    Connecting to host=serverpdc1
>>
>> [2009/09/02 10:38:12,  3] lib/util_sock.c:open_socket_out(1400)
>>
>>    Connecting to 10.1.0.231 at port 445
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(823)
>>
>>    Doing spnego session setup (blob length=108)
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 2 840 48018 1 2 2
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 2 840 113554 1 2 2
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 2 840 113554 1 2 2 3
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 3 6 1 4 1 311 2 2 10
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(858)
>>
>>    got principal=serverpdc1$@LOCAL.COMPANY
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
>>
>>    Got challenge flags:
>>
>> [2009/09/02 10:38:12,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>>    Got NTLMSSP neg_flags=0x62898215
>>
>> [2009/09/02 10:38:12,  3]
>> libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
>>
>>    NTLMSSP: Set final flags:
>>
>> [2009/09/02 10:38:12,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>>    Got NTLMSSP neg_flags=0x60088215
>>
>> [2009/09/02 10:38:12,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
>>
>>    NTLMSSP Sign/Seal - Initialising with flags:
>>
>> [2009/09/02 10:38:12,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>>    Got NTLMSSP neg_flags=0x60088215
>>
>> [2009/09/02 10:38:12,  3] libsmb/cliconnect.c:cli_session_setup(1055)
>>
>>    SPNEGO login failed: Logon failure
>>
>> [2009/09/02 10:38:12,  1] libsmb/cliconnect.c:cli_full_connection(1754)
>>
>>    failed session setup with NT_STATUS_LOGON_FAILURE
>>
>> [2009/09/02 10:38:12,  1] libnet/libnet_join.c:libnet_Join(1902)
>>
>>    libnet_Join:
>>
>>        libnet_JoinCtx: struct libnet_JoinCtx
>>            out: struct libnet_JoinCtx
>>                account_name             : NULL
>>                netbios_domain_name      : NULL
>>                dns_domain_name          : NULL
>>                forest_name              : NULL
>>                dn                       : NULL
>>                domain_sid               : NULL
>>                    domain_sid               : (NULL SID)
>>                modified_config          : 0x00 (0)
>>                error_string             : 'failed to lookup DC info for
>> domain 'LOCAL.COMPANY' over rpc: Logon failure'
>>                domain_is_ad             : 0x00 (0)
>>                result                   : WERR_LOGON_FAILURE
>> Failed to join domain: failed to lookup DC info for domain
>> 'LOCAL.COMPANY' over rpc: Logon failure
>> [2009/09/02 10:38:12,  2] utils/net.c:main(770)
>>    return code = -1
>>
>>
>> -------------------------------------------------------------------------
>>
>>
>> station91:~# net rpc join -U win-user5%win-pass -S serverpdc1 -d 3
>> [2009/09/02 10:40:30,  3] param/loadparm.c:lp_load_ex(8818)
>>    lp_load_ex: refreshing parameters
>> [2009/09/02 10:40:30,  3] param/loadparm.c:init_globals(4653)
>>    Initialising global parameters
>> [2009/09/02 10:40:30,  3] param/params.c:pm_process(569)
>>    params.c:pm_process() - Processing configuration file
>> "/etc/samba/smb.conf"
>> [2009/09/02 10:40:30,  3] param/loadparm.c:do_section(7481)
>>
>>    Processing section "[global]"
>>
>> [2009/09/02 10:40:30,  3] param/params.c:pm_process(569)
>>
>>    params.c:pm_process() - Processing configuration file
>> "/etc/samba/dhcp.conf"
>> [2009/09/02 10:40:30,  2] lib/interface.c:add_interface(340)
>>
>>    added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0
>> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
>>
>>
>> [2009/09/02 10:40:30,  2] lib/interface.c:add_interface(340)
>>
>>    added interface eth0 ip=10.111.1.192 bcast=10.111.1.255
>> netmask=255.255.255.0
>> [2009/09/02 10:40:30,  3] libsmb/cliconnect.c:cli_start_connection(1649)
>>
>>    Connecting to host=serverpdc1
>>
>> [2009/09/02 10:40:30,  3] lib/util_sock.c:open_socket_out(1400)
>>
>>    Connecting to 10.1.0.231 at port 445
>>
>> [2009/09/02 10:40:31,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>>
>>    rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind
>> request returned ok.
>> [2009/09/02 10:40:31,  3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234)
>>
>>    rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind
>> request returned ok.
>> [2009/09/02 10:40:31,  3]
>> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573)
>>
>>    rpccli_netlogon_set_trust_password: unable to setup creds
>> (NT_STATUS_ACCESS_DENIED)!
>> [2009/09/02 10:40:31,  1] utils/net_rpc.c:run_rpc_command(193)
>>
>>    rpc command function failed! (NT_STATUS_ACCESS_DENIED)
>>
>> [2009/09/02 10:40:31,  3] libsmb/cliconnect.c:cli_start_connection(1649)
>>
>>    Connecting to host=serverpdc1
>>
>> [2009/09/02 10:40:31,  3] lib/util_sock.c:open_socket_out(1400)
>>
>>    Connecting to 10.1.0.231 at port 445
>>
>> [2009/09/02 10:40:31,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(823)
>>
>>    Doing spnego session setup (blob length=108)
>>
>> [2009/09/02 10:40:31,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 2 840 48018 1 2 2
>>
>> [2009/09/02 10:40:31,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 2 840 113554 1 2 2
>>
>> [2009/09/02 10:40:31,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 2 840 113554 1 2 2 3
>>
>> [2009/09/02 10:40:31,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(850)
>>
>>    got OID=1 3 6 1 4 1 311 2 2 10
>>
>> [2009/09/02 10:40:31,  3]
>> libsmb/cliconnect.c:cli_session_setup_spnego(858)
>>
>>    got principal=serverpdc1$@LOCAL.COMPANY
>>
>> [2009/09/02 10:40:31,  3]
>> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027)
>>
>>    Got challenge flags:
>>
>> [2009/09/02 10:40:31,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>
>>    Got NTLMSSP neg_flags=0x62898215
>>
>> [2009/09/02 10:40:31,  3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049)
>>    NTLMSSP: Set final flags:
>> [2009/09/02 10:40:31,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>    Got NTLMSSP neg_flags=0x60088215
>> [2009/09/02 10:40:31,  3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337)
>>    NTLMSSP Sign/Seal - Initialising with flags:
>> [2009/09/02 10:40:31,  3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62)
>>    Got NTLMSSP neg_flags=0x60088215
>> [2009/09/02 10:40:31,  3] libsmb/cliconnect.c:cli_session_setup(1055)
>>    SPNEGO login failed: Logon failure
>> [2009/09/02 10:40:31,  1] libsmb/cliconnect.c:cli_full_connection(1754)
>>    failed session setup with NT_STATUS_LOGON_FAILURE
>> Could not connect to server serverpdc1
>> The username or password was not correct.
>> Connection failed: NT_STATUS_LOGON_FAILURE
>> [2009/09/02 10:40:31,  2] utils/net.c:main(770)
>>    return code = 1
>>
>>
> 



More information about the samba mailing list