[Samba] 3.6.5 and "not_defined_in_RFC4178 at please_ignore" error
Alex Still
alex.ranskis at gmail.com
Wed May 23 07:59:21 MDT 2012
Hello,
On Wed, May 23, 2012 at 1:59 PM, Jim McDonough <jmcd at samba.org> wrote:
> On Mon, May 21, 2012 at 12:17 PM, <alex.ranskis at free.fr> wrote:
>> We're having trouble joining an AD domain with 3.6.5
>>
>> This message when running net join looks fishy :
>> "got principal=not_defined_in_RFC4178 at please_ignore"
> I'm sure it looks fishy, but it's not. This is normal for newer
> versions of windows (windows is sending it back).
Thanks for the explanation, sorry about the misdiagnosis then :-)
>>
>> OS : Solaris 10 x64
>> Kerberos : MIT krb5 1.10.1
>> DC servers are running Windows 2008
>>
>> The error message is :
>> ./net join -U aranskis
>> Enter aranskis's password:
[...]
>> [..]
> What's cut out here might be more helpful. However, please see below
> and try that first.
>> relevant configuration options :
>>
>> [global]
>> realm=CORP.NET
>> workgroup=CORP.NET
> Please try changing this to just CORP (or whatever the "short" netbios
> name is for the domain...not the dns name).
OK, did that (workgroup = CORP instead of workgroup = CORP.NET), the
join still fails, here's more of the log below.
I hope it is enough, if not the whole output is available here :
http://pastebin.com/r3LTaXCx
Now, what seems suspicious (to me, at least !) is the line :
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.pdc._msdcs.CORP
(Connection timed out)
Shouldn't it try to resolve "_ldap._tcp.pdc._msdcs.CORP.NET" instead ?
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
params.c:pm_process() - Processing configuration file
"/local/users_ncs/product/samba-3.6.5/lib/smb.conf"
Processing section "[global]"
doing parameter realm = CORP.NET
doing parameter workgroup = CORP
doing parameter security = ADS
doing parameter encrypt passwords = yes
doing parameter bind interfaces only = true
doing parameter interfaces = msusersncs
doing parameter lock dir = /local/users_ncs/product/samba/lock
doing parameter netbios name = msusersncs
handle_netbios_name: set global_myname to: MSUSERSNCS
doing parameter pid directory = /local/users_ncs/product/samba/pid
doing parameter log file = /local/users_ncs/product/samba/log/samba.log
doing parameter username map = /local/users_ncs/product/samba/lib/users.map
...skipping...
domain_is_ad : 0x00 (0)
result : WERR_LOGON_FAILURE
ADS join did not work, falling back to RPC...
no entry for CORP#1B found.
resolve_ads: Attempting to resolve PDC for CORP using DNS
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.pdc._msdcs.CORP
(Connection timed out)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_IO_TIMEOUT)
no entry for CORP#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
startlmhosts: Can't open lmhosts file
/local/users_ncs/product/samba-3.6.5/lib/lmhosts. Error was No such
file or directory
resolve_wins: Attempting wins lookup for name CORP<0x1b>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name CORP<0x1b>
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 4
SO_BROADCAST = 32
Could not test socket option TCP_NODELAY.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 57344
SO_RCVBUF = 57344
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
Unable to resolve PDC server address
Unable to find a suitable server for domain CORP
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
no entry for CORP#1B found.
resolve_ads: Attempting to resolve PDC for CORP using DNS
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_IO_TIMEOUT)
no entry for CORP#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
startlmhosts: Can't open lmhosts file
/local/users_ncs/product/samba-3.6.5/lib/lmhosts. Error was No such
file or directory
resolve_wins: Attempting wins lookup for name CORP<0x1b>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name CORP<0x1b>
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 4
SO_BROADCAST = 32
Could not test socket option TCP_NODELAY.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 57344
SO_RCVBUF = 57344
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
Unable to resolve PDC server address
Unable to find a suitable server for domain CORP
return code = 1
Failed to join domain: failed to lookup DC info for domain 'CORP.NET'
over rpc: Logon failure
[root at msnfsmut03]:/local/users_ncs/product/samba/bin # ls -ltr /var/tmp/log8.txt
-rw-r--r-- 1 root root 12195 May 23 14:54 /var/tmp/log8.txt
[root at msnfsmut03]:/local/users_ncs/product/samba/bin # less /var/tmp/log8.txt
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (256) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
params.c:pm_process() - Processing configuration file
"/local/users_ncs/product/samba-3.6.5/lib/smb.conf"
Processing section "[global]"
doing parameter realm = CORP.NET
doing parameter workgroup = CORP
doing parameter security = ADS
doing parameter encrypt passwords = yes
doing parameter bind interfaces only = true
doing parameter interfaces = msusersncs
doing parameter lock dir = /local/users_ncs/product/samba/lock
doing parameter netbios name = msusersncs
handle_netbios_name: set global_myname to: MSUSERSNCS
doing parameter pid directory = /local/users_ncs/product/samba/pid
doing parameter log file = /local/users_ncs/product/samba/log/samba.log
doing parameter username map = /local/users_ncs/product/samba/lib/users.map
doing parameter guest account = nobody
doing parameter invalid users = root bin
doing parameter server string = Serveur NCS Users
doing parameter log level = 2
doing parameter max log size = 800000
doing parameter msdfs root = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Substituting charset '646' for LOCALE
Netbios name list:-
my_netbios_names[0]="MSUSERSNCS"
added interface e1000g4:4 ip=10.20.198.67 bcast=10.20.198.255
netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Opening cache file at /local/users_ncs/product/samba/lock/gencache.tdb
Opening cache file at /local/users_ncs/product/samba/lock/gencache_notrans.tdb
sitename_fetch: Returning sitename for CORP.NET: "Site-Paris"
lp_servicenumber: couldn't find homes
Substituting charset '646' for LOCALE
Netbios name list:-
my_netbios_names[0]="MSUSERSNCS"
added interface e1000g4:4 ip=10.20.198.67 bcast=10.20.198.255
netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Opening cache file at /local/users_ncs/product/samba/lock/gencache.tdb
Opening cache file at /local/users_ncs/product/samba/lock/gencache_notrans.tdb
sitename_fetch: Returning sitename for CORP.NET: "Site-Paris"
ads_find_dc: (cldap) looking for realm 'CORP.NET'
get_sorted_dc_list: attempting lookup for name CORP.NET (sitename
Site-Paris) using [ads]
saf_fetch: failed to find server for "CORP.NET" domain
get_dc_list: preferred server list: ", *"
no entry for CORP.NET#1C found.
resolve_ads: Attempting to resolve DCs for CORP.NET using DNS
ads_dns_lookup_srv: 18 records returned in the answer section.
namecache_store: storing 18 addresses for CORP.NET#1c:
10.220.244.253,10.9.62.70,10.219.244.29,10.219.244.38,10.219.244.21,10.220.244.254,10.219.216.13,10.220.245.254,10.220.245.253,10.219.244.253,10.14.12.40,10.219.245.51,10.14.12.32,10.9.62.74,10.15.48.204,10.9.192.133,10.219.244.28,10.14.11.134
Adding 18 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.220.244.253
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.9.62.70
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.219.244.29
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.219.244.38
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.219.244.21
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.220.244.254
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.219.216.13
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.220.245.254
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.220.245.253
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.219.244.253
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.14.12.40
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.219.245.51
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.14.12.32
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.9.62.74
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.15.48.204
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.9.192.133
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.219.244.28
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.14.11.134
get_dc_list: returning 18 ip addresses in an ordered list
get_dc_list: 10.220.244.253:389 10.9.62.70:389 10.219.244.29:389
10.219.244.38:389 10.219.244.21:389 10.220.244.254:389
10.219.216.13:389 10.220.245.254:389 10.220.245.253:389
10.219.244.253:389 10.14.12.40:389 10.219.245.51:389 10.14.12.32:389
10.9.62.74:389 10.15.48.204:389 10.9.192.133:389 10.219.244.28:389
10.14.11.134:389
check_negative_conn_cache returning result 0 for domain CORP.NET
server 10.220.244.253
ads_try_connect: sending CLDAP request to 10.220.244.253 (realm: CORP.NET)
Successfully contacted LDAP server 10.220.244.253
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'MSUSERSNCS'
domain_name : *
domain_name : 'CORP.NET'
account_ou : NULL
admin_account : 'aranskis'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
...skipping...
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for
domain 'CORP.NET' over rpc: Logon failure'
domain_is_ad : 0x00 (0)
result : WERR_LOGON_FAILURE
ADS join did not work, falling back to RPC...
no entry for CORP#1B found.
resolve_ads: Attempting to resolve PDC for CORP using DNS
ads_dns_lookup_srv: Failed to resolve _ldap._tcp.pdc._msdcs.CORP
(Connection timed out)
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_IO_TIMEOUT)
no entry for CORP#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
startlmhosts: Can't open lmhosts file
/local/users_ncs/product/samba-3.6.5/lib/lmhosts. Error was No such
file or directory
resolve_wins: Attempting wins lookup for name CORP<0x1b>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name CORP<0x1b>
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 4
SO_BROADCAST = 32
Could not test socket option TCP_NODELAY.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 57344
SO_RCVBUF = 57344
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
Unable to resolve PDC server address
Unable to find a suitable server for domain CORP
failed to make ipc connection: NT_STATUS_UNSUCCESSFUL
no entry for CORP#1B found.
resolve_ads: Attempting to resolve PDC for CORP using DNS
ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_IO_TIMEOUT)
no entry for CORP#1B found.
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
resolve_lmhosts: Attempting lmhosts lookup for name CORP<0x1b>
startlmhosts: Can't open lmhosts file
/local/users_ncs/product/samba-3.6.5/lib/lmhosts. Error was No such
file or directory
resolve_wins: Attempting wins lookup for name CORP<0x1b>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: not appropriate for name type <0x1b>
name_resolve_bcast: Attempting broadcast lookup for name CORP<0x1b>
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 4
SO_BROADCAST = 32
Could not test socket option TCP_NODELAY.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 57344
SO_RCVBUF = 57344
Could not test socket option SO_SNDLOWAT.
Could not test socket option SO_RCVLOWAT.
Could not test socket option SO_SNDTIMEO.
Could not test socket option SO_RCVTIMEO.
Unable to resolve PDC server address
Unable to find a suitable server for domain CORP
return code = 1
Failed to join domain: failed to lookup DC info for domain 'CORP.NET'
over rpc: Logon failure
>
>> security=ADS
>> encrypt passwords = yes
>> bind interfaces only = true
>> interfaces = msusersncs
>>
>>
>>
>> Any hints on the best way to try and figure out what is wrong when
>> trying to register in the AD ?
>> (the same config worked with samba 3.4.x, but the DCs were running Windows 2003)
>
>
> --
> Jim McDonough
> Samba Team
> SUSE labs
> jmcd at samba dot org
> jmcd at themcdonoughs dot org
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list