[Samba] 3.6.5 and "not_defined_in_RFC4178 at please_ignore" error
Jim McDonough
jmcd at samba.org
Wed May 23 05:59:22 MDT 2012
On Mon, May 21, 2012 at 12:17 PM, <alex.ranskis at free.fr> wrote:
> We're having trouble joining an AD domain with 3.6.5
>
> This message when running net join looks fishy :
> "got principal=not_defined_in_RFC4178 at please_ignore"
I'm sure it looks fishy, but it's not. This is normal for newer
versions of windows (windows is sending it back).
>
> OS : Solaris 10 x64
> Kerberos : MIT krb5 1.10.1
> DC servers are running Windows 2008
>
> The error message is :
> ./net join -U aranskis
> Enter aranskis's password:
> Failed to join domain: failed to lookup DC info for domain 'CORP.NET'
> over rpc: Logon failure
> ADS join did not work, falling back to RPC...
> Unable to find a suitable server for domain CORP
> Unable to find a suitable server for domain CORP
>
> with -d9, here's the hopefully relevant output :
>
> ads_dns_lookup_srv: 18 records returned in the answer section.
> namecache_store: storing 18 addresses for CORP.NET#1c: 10.219.244.253, [List of
> DCs IP follows]
> [..]
> Successfully contacted LDAP server 10.219.244.253
> [..]
> got principal=not_defined_in_RFC4178 at please_ignore
> [..]
What's cut out here might be more helpful. However, please see below
and try that first.
> SPNEGO login failed: Logon failure
> failed session setup with NT_STATUS_LOGON_FAILURE
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : NULL
> dns_domain_name : NULL
> forest_name : NULL
> dn : NULL
> domain_sid : NULL
> domain_sid : (NULL SID)
> modified_config : 0x00 (0)
> error_string : 'failed to lookup DC info for domain
> 'CIB.NET' over rpc: Logon failure'
> domain_is_ad : 0x00 (0)
> result : WERR_LOGON_FAILURE
>
>
> relevant configuration options :
>
> [global]
> realm=CORP.NET
> workgroup=CORP.NET
Please try changing this to just CORP (or whatever the "short" netbios
name is for the domain...not the dns name).
> security=ADS
> encrypt passwords = yes
> bind interfaces only = true
> interfaces = msusersncs
>
>
>
> Any hints on the best way to try and figure out what is wrong when
> trying to register in the AD ?
> (the same config worked with samba 3.4.x, but the DCs were running Windows 2003)
--
Jim McDonough
Samba Team
SUSE labs
jmcd at samba dot org
jmcd at themcdonoughs dot org
More information about the samba
mailing list