[Samba] samba 4 alpha 19 cannot join existing AD

Greg Dickie greg at justaguy.ca
Wed Feb 29 11:52:13 MST 2012


Hi,

  My apologies if this is a FAQ that I missed. This is my first attempt
at setting up samba4. Following the howto instructions:

kinit administrator seems to work fine.

samba is latest git (alpha19).

however the join fails (as below):


[root at ads bin]# ./samba-tool domain join  tribalnova.local DC
-Uadministrator --realm=tribalnova.local -d4
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Finding a writeable DC for domain 'tribalnova.local'
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain tribalnova.local
finddcs: looking for SRV records for _ldap._tcp.tribalnova.local
finddcs: DNS SRV response 0 at '192.168.169.11'
finddcs: performing CLDAP query on 192.168.169.11
finddcs: Found matching DC 192.168.169.11 with server_type=0x000001fc
Found DC orage2.tribalnova.local
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Password for [WORKGROUP\administrator]:
Received smb_krb5 packet of length 158
Received smb_krb5 packet of length 1436
workgroup is TRIBALNOVA
realm is tribalnova.local
checking sAMAccountName
Adding CN=ADS,OU=Domain Controllers,DC=tribalnova,DC=local
Adding
CN=ADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tribalnova,DC=local
Adding CN=NTDS
Settings,CN=ADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tribalnova,DC=local
Using binding ncacn_ip_tcp:orage2.tribalnova.local[,seal,print]
Mapped to DCERPC endpoint 135
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Mapped to DCERPC endpoint 1025
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Received smb_krb5 packet of length 158
Received smb_krb5 packet of length 1436
     drsuapi_DsBind: struct drsuapi_DsBind
        in: struct drsuapi_DsBind
            bind_guid                : *
                bind_guid                :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
            bind_info                : *
                bind_info: struct drsuapi_DsBindInfoCtr
                    length                   : 0x0000001c (28)
                    info                     : union
drsuapi_DsBindInfo(case 28)
                    info28: struct drsuapi_DsBindInfo28
                        supported_extensions     : 0x0fefff7f
(267386751)
                               1: DRSUAPI_SUPPORTED_EXTENSION_BASE
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
                               1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
                               1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
                               1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
                               0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
                               1:
DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
                               1:
DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
                               1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
                               1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
                               1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
                               1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
                               0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
                               1:
DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
                               1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
                               1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
                               1:
DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
                               0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
                               0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
                               0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
                               0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
                        site_guid                :
00000000-0000-0000-0000-000000000000
                        pid                      : 0x00000000 (0)
                        repl_epoch               : 0x00000000 (0)
Join failed - cleaning up
checking sAMAccountName
Deleted CN=ADS,OU=Domain Controllers,DC=tribalnova,DC=local
Deleted
CN=ADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tribalnova,DC=local
ERROR(runtime): uncaught exception - (-1073741790, 'Access denied')
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py", line 162, in _run
    return self.run(*args, **kwargs)
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 180, in run
    machinepass=machinepass)
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 966, in join_DC
    ctx.do_join()
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 871, in do_join
    ctx.join_add_objects()
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 467, in join_add_objects
    ctx.join_add_ntdsdsa()
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 416, in join_add_ntdsdsa
    ctx.DsAddEntry([rec])
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 326, in DsAddEntry
    ctx.drsuapi_connect()
  File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 305, in drsuapi_connect
    (ctx.drsuapi_handle, ctx.bind_supported_extensions) =
drs_utils.drs_DsBind(ctx.drsuapi)
  File
"/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
line 144, in drs_DsBind
    (info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID),
bind_info)

Any idea what I'm doing wrong or where to look?

Thanks,
Greg


-- 
Greg Dickie
just a guy
514-983-5400



More information about the samba mailing list