[Samba] net ads testjoin failed but net rpc testjoin work

Thierry Leurent thierry.leurent at asgardian.be
Wed Apr 21 08:29:27 MDT 2010 

Hello,

I have a very strange trouble with samba 3.0.33 when I integrate a Linux
server in my Windows 2003 AD.
I do :
 - kinit administartor, it's work.
 - klist, it's work too.
 - net join ads -U administrator, it's work. I hev the message that my
computer has join the domain and I see the Linux in my Domain.
 - wbinfo -t give me "checking the trust secret via RPC calls succeeded".
 - wbinfo -u give me all the users of my domain.
 - wbinfo -g give me all the groups of my domain.
 - wbinfo -a NuteGunray%CatoNeimoida return "plaintext password
authentication failed
					     error code was NT_STATUS_NO_SUCH_USER (0xc0000064)
					     error messsage was: No such user
					     Could not authenticate user NuteGunray%CatoNeimoida with
plaintext password
					     challenge/response password authentication succeeded"
   It's normal ? Perhaps, I have "encrypt password = yes" in my smb.conf.

But when I do net ads testjoin, I "have ads_connect: No logon servers
				   Join to domain is not valid: No logon servers"

With a Debug Level 3, I recieve this messages.
[2010/04/21 14:36:21, 3] param/loadparm.c:lp_load(5069)
  lp_load: refreshing parameters
[2010/04/21 14:36:21, 3] param/loadparm.c:init_globals(1440)
  Initialising global parameters
[2010/04/21 14:36:21, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2010/04/21 14:36:21, 3] param/loadparm.c:do_section(3808)
  Processing section "[global]"
[2010/04/21 14:36:21, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0
[2010/04/21 14:36:21, 3] libsmb/namequery.c:get_dc_list(1495)
  get_dc_list: preferred server list: ", *"
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
  Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 192.168.10.116 failed.
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
  Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 192.168.10.110 failed.
[2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247)
  Failed to parse cldap reply
[2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 192.168.50.75 failed.
[2010/04/21 14:36:28, 1] libads/cldap.c:recv_cldap_netlogon(219)
  no reply received to cldap netlogon
[2010/04/21 14:36:28, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 10.10.10.116 failed.
[2010/04/21 14:36:35, 1] libads/cldap.c:recv_cldap_netlogon(219)
  no reply received to cldap netlogon
[2010/04/21 14:36:35, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 10.10.10.110 failed.
[2010/04/21 14:36:35, 0] utils/net_ads.c:ads_startup_int(286)
  ads_connect: No logon servers
Join to domain is not valid: No logon servers
[2010/04/21 14:36:35, 2] utils/net.c:main(1075)
  return code = -1

I see the IP of :
 - My Linux Computer		: 192.168.120.2
 - My First DC general network	: 192.168.10.110
 - My First DC backup network	: 10.10.10.110
 - My Second DC general network	: 192.168.10.116
 - My Second DC backup network	: 10.10.10.116
 - My Third DC general network	: 192.168.50.75 (this don't have a backup
network).


After reading lots of pages on Google, I try a net rpc testjoin -d3
[2010/04/21 15:09:25, 3] param/loadparm.c:lp_load(5069)
  lp_load: refreshing parameters
[2010/04/21 15:09:25, 3] param/loadparm.c:init_globals(1440)
  Initialising global parameters
[2010/04/21 15:09:25, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2010/04/21 15:09:25, 3] param/loadparm.c:do_section(3808)
  Processing section "[global]"
[2010/04/21 15:09:25, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_start_connection(1563)
  Connecting to host=dc001
[2010/04/21 15:09:25, 3] lib/util_sock.c:open_socket_out(866)
  Connecting to 192.168.10.110 at port 445
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(805)
  Doing spnego session setup (blob length=119)
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 2 840 48018 1 2 2
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 2 840 113554 1 2 2
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 2 840 113554 1 2 2 3
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832)
  got OID=1 3 6 1 4 1 311 2 2 10
[2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(840)
  got principal=dc001$@EMPIRE.LOCAL
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018)
  Got challenge flags:
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x62898215
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040)
  NTLMSSP: Set final flags:
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60088215
[2010/04/21 15:09:25, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338)
  NTLMSSP Sign/Seal - Initialising with flags:
[2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63)
  Got NTLMSSP neg_flags=0x60088215
[2010/04/21 15:09:25, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082)
  rpc_pipe_bind: Remote machine dc001 pipe \NETLOGON fnum 0xc00d bind
request returned ok.
[2010/04/21 15:09:25, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082)
  rpc_pipe_bind: Remote machine dc001 pipe \NETLOGON fnum 0xc00e bind
request returned ok.
Join to 'EMPIRE' is OK
[2010/04/21 15:09:25, 2] utils/net.c:main(1075)
  return code = 0

It's work !!!!!!! But why ?
Thanks

Thierry

My krb5.conf
[logging]
default = FILE:/var/log/kerberos/krb5libs.log
kdc = FILE:/var/log/kerberos/krb5kdc.log
admin_server = FILE:/var/log/kerberos/kadmind.log

[libdefaults]
 default_realm = EMPIRE.LOCAL
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 EMPIRE.LOCAL = {
  kdc = dc001.empire.local
  admin_server =  dc001.empire.local
  default_domain = empire.local
 }

[domain_realm]
 .kerberos.server = EMPIRE.LOCAL
 .empire.local = EMPIRE.LOCAL

My smb.conf
# Global parameters
[global]
        workgroup = empire
        server string = OPROD-POX
        netbios name = lsister-l
        preferred master = no

# | Logs
#   ----------------------------------------------------
        log level = 3
        log file = /var/log/samba/%m.log
#max log size = 50

# | Domain Integration
#   -----------------------------------------------------
        security = ads
        realm = EMPIRE
        winbind enum users = yes
        winbind enum groups = yes
        winbind separator = +
        winbind nss info = rfc2307

        encrypt passwords = yes
        socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192
        #socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT
SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192

        idmap uid = 10000-19999
        idmap gid = 20000-29999

More information about the samba mailing list