[Samba] 3.6.5 and "not_defined_in_RFC4178 at please_ignore" error
alex.ranskis at free.fr
alex.ranskis at free.fr
Fri Jun 1 09:54:59 MDT 2012
Selon Jim McDonough <jmcd at samba.org>:
> On Mon, May 21, 2012 at 12:17 PM, <alex.ranskis at free.fr> wrote:
> > We're having trouble joining an AD domain with 3.6.5
> >
> > This message when running net join looks fishy :
> > "got principal=not_defined_in_RFC4178 at please_ignore"
> I'm sure it looks fishy, but it's not. This is normal for newer
> versions of windows (windows is sending it back).
>
> >
> > OS : Solaris 10 x64
> > Kerberos : MIT krb5 1.10.1
> > DC servers are running Windows 2008
> >
> > The error message is :
> > ./net join -U aranskis
> > Enter aranskis's password:
> > Failed to join domain: failed to lookup DC info for domain 'CORP.NET'
> > over rpc: Logon failure
> > ADS join did not work, falling back to RPC...
> > Unable to find a suitable server for domain CORP
> > Unable to find a suitable server for domain CORP
> >
> > with -d9, here's the hopefully relevant output :
> >
> > ads_dns_lookup_srv: 18 records returned in the answer section.
> > namecache_store: storing 18 addresses for CORP.NET#1c: 10.219.244.253,
> [List of
> > DCs IP follows]
> > [..]
> > Successfully contacted LDAP server 10.219.244.253
> > [..]
> > got principal=not_defined_in_RFC4178 at please_ignore
> > [..]
> What's cut out here might be more helpful. However, please see below
> and try that first.
>
> > SPNEGO login failed: Logon failure
> > failed session setup with NT_STATUS_LOGON_FAILURE
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > out: struct libnet_JoinCtx
> > account_name : NULL
> > netbios_domain_name : NULL
> > dns_domain_name : NULL
> > forest_name : NULL
> > dn : NULL
> > domain_sid : NULL
> > domain_sid : (NULL SID)
> > modified_config : 0x00 (0)
> > error_string : 'failed to lookup DC info for domain
> > 'CIB.NET' over rpc: Logon failure'
> > domain_is_ad : 0x00 (0)
> > result : WERR_LOGON_FAILURE
> >
> >
> > relevant configuration options :
> >
> > [global]
> > realm=CORP.NET
> > workgroup=CORP.NET
> Please try changing this to just CORP (or whatever the "short" netbios
> name is for the domain...not the dns name).
>
> > security=ADS
> > encrypt passwords = yes
> > bind interfaces only = true
> > interfaces = msusersncs
> >
> >
> >
> > Any hints on the best way to try and figure out what is wrong when
> > trying to register in the AD ?
> > (the same config worked with samba 3.4.x, but the DCs were running Windows
> 2003)
>
Still stuck, if anyone can help me find what looks wrong in the log below when
trying to join the domain, I'd be most grateful !
(In addition to Jim's suggestion I have also tried reverting to the previouse
security default : client ntlmv2 auth, client use spnego, send spnego principal
- which didn't help either)
check_negative_conn_cache returning result 0 for domain CORP.NET server
10.220.244.253
ads_try_connect: sending CLDAP request to 10.220.244.253 (realm: CORP.NET)
Successfully contacted LDAP server 10.220.244.253
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'MSUSERSNCS'
domain_name : *
domain_name : 'CORP.NET'
account_ou : NULL
admin_account : 'aranskis'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
...skipping...
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for domain
'CORP.NET' over rpc: Logon failure'
domain_is_ad : 0x00 (0)
result : WERR_LOGON_FAILURE
ADS join did not work, falling back to RPC...
no entry for CORP#1B found.
resolve_ads: Attempting to resolve PDC for CORP using DNS
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.pdc._msdcs.CORP (Connection
timed out)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_IO_TIMEOUT)
no entry for CORP#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
startlmhosts: Can't open lmhosts file
/local/users_ncs/product/samba-3.6.5/lib/lmhosts. Error was No such file or
directory
resolve_wins: Attempting wins lookup for name CORP<0x1b>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name CORP<0x1b>
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 4
SO_BROADCAST = 32
Could not test socket option TCP_NODELAY.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 57344
SO_RCVBUF = 57344
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
Unable to resolve PDC server address
Unable to find a suitable server for domain CORP
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
no entry for CORP#1B found.
resolve_ads: Attempting to resolve PDC for CORP using DNS
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_IO_TIMEOUT)
no entry for CORP#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
startlmhosts: Can't open lmhosts file
/local/users_ncs/product/samba-3.6.5/lib/lmhosts. Error was No such file or
directory
resolve_wins: Attempting wins lookup for name CORP<0x1b>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name CORP<0x1b>
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 4
SO_BROADCAST = 32
Could not test socket option TCP_NODELAY.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 57344
SO_RCVBUF = 57344
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
Unable to resolve PDC server address
Unable to find a suitable server for domain CORP
return code = 1
Failed to join domain: failed to lookup DC info for domain 'CORP.NET' over rpc:
Logon failure
Cheers,
Alex
>
> --
> Jim McDonough
> Samba Team
> SUSE labs
> jmcd at samba dot org
> jmcd at themcdonoughs dot org
>
More information about the samba
mailing list