[Samba] 3.6.5 and "not_defined_in_RFC4178 at please_ignore" error

Jim McDonough jmcd at samba.org
Wed May 23 05:59:22 MDT 2012 

On Mon, May 21, 2012 at 12:17 PM,  <alex.ranskis at free.fr> wrote:
> We're having trouble joining an AD domain with 3.6.5
>
> This message when running net join looks fishy :
> "got principal=not_defined_in_RFC4178 at please_ignore"
I'm sure it looks fishy, but it's not.  This is normal for newer
versions of windows (windows is sending it back).

>
> OS : Solaris 10 x64
> Kerberos : MIT krb5 1.10.1
> DC servers are running Windows 2008
>
> The error message is :
> ./net join -U aranskis
> Enter aranskis's password:
> Failed to join domain: failed to lookup DC info for domain 'CORP.NET'
> over rpc: Logon failure
> ADS join did not work, falling back to RPC...
> Unable to find a suitable server for domain CORP
> Unable to find a suitable server for domain CORP
>
> with -d9, here's the hopefully relevant output :
>
> ads_dns_lookup_srv: 18 records returned in the answer section.
> namecache_store: storing 18 addresses for CORP.NET#1c: 10.219.244.253, [List of
> DCs IP follows]
> [..]
> Successfully contacted LDAP server 10.219.244.253
> [..]
> got principal=not_defined_in_RFC4178 at please_ignore
> [..]
What's cut out here might be more helpful.  However, please see below
and try that first.

> SPNEGO login failed: Logon failure
> failed session setup with NT_STATUS_LOGON_FAILURE
> libnet_Join:
>    libnet_JoinCtx: struct libnet_JoinCtx
>        out: struct libnet_JoinCtx
>            account_name             : NULL
>            netbios_domain_name      : NULL
>            dns_domain_name          : NULL
>            forest_name              : NULL
>            dn                       : NULL
>            domain_sid               : NULL
>                domain_sid               : (NULL SID)
>            modified_config          : 0x00 (0)
>            error_string             : 'failed to lookup DC info for domain
> 'CIB.NET' over rpc: Logon failure'
>            domain_is_ad             : 0x00 (0)
>            result                   : WERR_LOGON_FAILURE
>
>
> relevant configuration options :
>
> [global]
>        realm=CORP.NET
>        workgroup=CORP.NET
Please try changing this to just CORP (or whatever the "short" netbios
name is for the domain...not the dns name).

>        security=ADS
>        encrypt passwords = yes
>        bind interfaces only = true
>        interfaces = msusersncs
>
>
>
> Any hints on the best way to try and figure out what is wrong when
> trying to register in the AD ?
> (the same config worked with samba 3.4.x, but the DCs were running Windows 2003)


-- 
Jim McDonough
Samba Team
SUSE labs
jmcd at samba dot org
jmcd at themcdonoughs dot org

More information about the samba mailing list