[Samba] net ads testjoin failed but net rpc testjoin work
Thierry Leurent
thierry.leurent at asgardian.be
Wed Apr 21 08:29:27 MDT 2010
Hello,
I have a very strange trouble with samba 3.0.33 when I integrate a Linux
server in my Windows 2003 AD.
I do :
- kinit administartor, it's work.
- klist, it's work too.
- net join ads -U administrator, it's work. I hev the message that my
computer has join the domain and I see the Linux in my Domain.
- wbinfo -t give me "checking the trust secret via RPC calls succeeded".
- wbinfo -u give me all the users of my domain.
- wbinfo -g give me all the groups of my domain.
- wbinfo -a NuteGunray%CatoNeimoida return "plaintext password
authentication failed
error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
error messsage was: No such user
Could not authenticate user NuteGunray%CatoNeimoida with
plaintext password
challenge/response password authentication succeeded"
It's normal ? Perhaps, I have "encrypt password = yes" in my smb.conf.
But when I do net ads testjoin, I "have ads_connect: No logon servers
Join to domain is not valid: No logon servers"
With a Debug Level 3, I recieve this messages.
[2010/04/21 14:36:21, 3] param/loadparm.c:lp_load(5069)
lp_load: refreshing parameters
[2010/04/21 14:36:21, 3] param/loadparm.c:init_globals(1440)
Initialising global parameters
[2010/04/21 14:36:21, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2010/04/21 14:36:21, 3] param/loadparm.c:do_section(3808)
Processing section "[global]"
[2010/04/21 14:36:21, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0
[2010/04/21 14:36:21, 3] libsmb/namequery.c:get_dc_list(1495)
get_dc_list: preferred server list: ", *"
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request 192.168.10.116 failed.
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request 192.168.10.110 failed.
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request 192.168.50.75 failed.
[2010/04/21 14:36:28, 1] libads/cldap.c:recv_cldap_netlogon(219)
no reply received to cldap netlogon
[2010/04/21 14:36:28, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request 10.10.10.116 failed.
[2010/04/21 14:36:35, 1] libads/cldap.c:recv_cldap_netlogon(219)
no reply received to cldap netlogon
[2010/04/21 14:36:35, 3] libads/ldap.c:ads_try_connect(189)
ads_try_connect: CLDAP request 10.10.10.110 failed.
[2010/04/21 14:36:35, 0] utils/net_ads.c:ads_startup_int(286)
ads_connect: No logon servers
Join to domain is not valid: No logon servers
[2010/04/21 14:36:35, 2] utils/net.c:main(1075)
return code = -1
I see the IP of :
- My Linux Computer : 192.168.120.2
- My First DC general network : 192.168.10.110
- My First DC backup network : 10.10.10.110
- My Second DC general network : 192.168.10.116
- My Second DC backup network : 10.10.10.116
- My Third DC general network : 192.168.50.75 (this don't have a backup
network).
After reading lots of pages on Google, I try a net rpc testjoin -d3
[2010/04/21 15:09:25, 3] param/loadparm.c:lp_load(5069)
lp_load: refreshing parameters
[2010/04/21 15:09:25, 3] param/loadparm.c:init_globals(1440)
Initialising global parameters
[2010/04/21 15:09:25, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2010/04/21 15:09:25, 3] param/loadparm.c:do_section(3808)
Processing section "[global]"
[2010/04/21 15:09:25, 2] lib/interface.c:add_interface(81)
added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_start_connection(1563)
Connecting to host=dc001
[2010/04/21 15:09:25, 3] lib/util_sock.c:open_socket_out(866)
Connecting to 192.168.10.110 at port 445
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(805)
Doing spnego session setup (blob length=119)
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
got OID=1 2 840 48018 1 2 2
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
got OID=1 2 840 113554 1 2 2
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
got OID=1 2 840 113554 1 2 2 3
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
got OID=1 3 6 1 4 1 311 2 2 10
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(840)
got principal=dc001$@EMPIRE.LOCAL
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018)
Got challenge flags:
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x62898215
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040)
NTLMSSP: Set final flags:
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2010/04/21 15:09:25, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
NTLMSSP Sign/Seal - Initialising with flags:
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
Got NTLMSSP neg_flags=0x60088215
[2010/04/21 15:09:25, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082)
rpc_pipe_bind: Remote machine dc001 pipe \NETLOGON fnum 0xc00d bind
request returned ok.
[2010/04/21 15:09:25, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082)
rpc_pipe_bind: Remote machine dc001 pipe \NETLOGON fnum 0xc00e bind
request returned ok.
Join to 'EMPIRE' is OK
[2010/04/21 15:09:25, 2] utils/net.c:main(1075)
return code = 0
It's work !!!!!!! But why ?
Thanks
Thierry
My krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log
[libdefaults]
default_realm = EMPIRE.LOCAL
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
forwardable = yes
[realms]
EMPIRE.LOCAL = {
kdc = dc001.empire.local
admin_server = dc001.empire.local
default_domain = empire.local
}
[domain_realm]
.kerberos.server = EMPIRE.LOCAL
.empire.local = EMPIRE.LOCAL
My smb.conf
# Global parameters
[global]
workgroup = empire
server string = OPROD-POX
netbios name = lsister-l
preferred master = no
# | Logs
# ----------------------------------------------------
log level = 3
log file = /var/log/samba/%m.log
#max log size = 50
# | Domain Integration
# -----------------------------------------------------
security = ads
realm = EMPIRE
winbind enum users = yes
winbind enum groups = yes
winbind separator = +
winbind nss info = rfc2307
encrypt passwords = yes
socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
#socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192
idmap uid = 10000-19999
idmap gid = 20000-29999
More information about the samba
mailing list