[Samba] Cannot join Ubuntu12.04 Samba 4.1.17 to domain
ivenhov
iwan.daniel at gmail.com
Fri Apr 17 05:29:55 MDT 2015
Hi all
I'm desperate now.
On one of the sites I cannot connect Ubuntu to Windows AD 2003.
Error below.
On exactly the same setup but on a different network and also on VirtualBox
VMs everything works as expected.
Looks like something on the network then or mission parameter.
Error is about KDC but I can successfully do kinit and get ticket.
I can also successfully run:
sudo net ads info
Failing command:
myuser at myserver:~$ sudo net ads join
createcomputer="MyStructure/Internal/Servers/UnManaged" -S
serverDC1001.dan2003.sample.domain.com -U SUPER-USER -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = DAN2003
doing parameter realm = DAN2003.SAMPLE.DOMAIN.COM
doing parameter server string = MySpecial server %h
doing parameter security = ADS
doing parameter map to guest = Bad User
doing parameter obey pam restrictions = Yes
doing parameter pam password change = Yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter unix password sync = Yes
doing parameter syslog = 0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter server max protocol = SMB2
doing parameter min receivefile size = 13638
doing parameter max xmit = 131072
doing parameter socket options = TCP_NODELAY SO_RCVBUF=262144
SO_SNDBUF=262144 IPTOS_LOWDELAY SO_KEEPALIVE
doing parameter load printers = No
doing parameter printcap name = /dev/null
doing parameter disable spoolss = Yes
doing parameter dns proxy = No
doing parameter usershare allow guests = Yes
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter template homedir = /dev/null
doing parameter template shell = /bin/true
doing parameter winbind enum users = Yes
doing parameter winbind enum groups = Yes
doing parameter winbind use default domain = Yes
doing parameter idmap config * : range = 100000-200000
doing parameter idmap config * : backend = tdb
doing parameter aio read size = 1
doing parameter aio write size = 1
doing parameter aio write behind = true
doing parameter use sendfile = Yes
doing parameter write cache size = 12826144
doing parameter printing = bsd
doing parameter print command = lpr -r -P'%p' %s
doing parameter lpq command = lpq -P'%p'
doing parameter lprm command = lprm -P'%p' %j
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="MYSERVER"
added interface bond0 ip=10.80.100.74 bcast=10.80.100.255
netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Enter SUPER-USER's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name :
'serverDC1001.dan2003.sample.domain.com'
machine_name : 'MYSERVER'
domain_name : *
domain_name : 'DAN2003.SAMPLE.DOMAIN.COM'
account_ou :
'MyStructure/Internal/Servers/UnManaged'
admin_account : 'SUPER-USER'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM
internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20
(sitename (null))
name serverDC1001.dan2003.sample.domain.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 10.80.8.88 at port 445
Socket options:
SO_KEEPALIVE = 1
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 16
IPTOS_THROUGHPUT = 16
SO_SNDBUF = 262142
SO_RCVBUF = 262142
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0008 (8)
DomainNameMaxLen : 0x0008 (8)
DomainName : *
DomainName : 'DAN2003'
WorkstationLen : 0x000e (14)
WorkstationMaxLen : 0x000e (14)
Workstation : *
Workstation : 'MYSERVER'
challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x0010 (16)
TargetNameMaxLen : 0x0010 (16)
TargetName : *
TargetName : 'DAN2003'
NegotiateFlags : 0x62898215 (1653178901)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : d19c394ddd43af69
Reserved : 0000000000000000
TargetInfoLen : 0x00da (218)
TargetNameInfoMaxLen : 0x00da (218)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000007 (7)
pair: ARRAY(7)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName (0x2)
AvLen : 0x0010 (16)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'DAN2003'
pair: struct AV_PAIR
AvId : MsvAvNbComputerName (0x1)
AvLen : 0x0016 (22)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'SERVERDC1001'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName (0x4)
AvLen : 0x002e (46)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName :
'dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvDnsComputerName
(0x3)
AvLen : 0x0046 (70)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName :
'SERVERDC1001.dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvDnsTreeName (0x5)
AvLen : 0x001c (28)
Value : union
ntlmssp_AvValue(case 0x5)
AvDnsTreeName : 'sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvTimestamp (0x7)
AvLen : 0x0008 (8)
Value : union
ntlmssp_AvValue(case 0x7)
AvTimestamp : Tue Apr 14 12:28:04 2015
UTC
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1)
ProductBuild : 0x1db1 (7601)
Reserved : 000000
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF)
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
v1: struct LM_RESPONSE
Response :
de06e6edc8275e8aa58a9e95067f4cbc5bb6ac5b0279a515
NtChallengeResponseLen : 0x0106 (262)
NtChallengeResponseMaxLen: 0x0106 (262)
NtChallengeResponse : *
NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 262)
v2: struct NTLMv2_RESPONSE
Response : a5e98b1ba196aa8513fdbecb1a53a3ac
Challenge: struct NTLMv2_CLIENT_CHALLENGE
RespType : 0x01 (1)
HiRespType : 0x01 (1)
Reserved1 : 0x0000 (0)
Reserved2 : 0x00000000 (0)
TimeStamp : Tue Apr 14 12:28:03 2015 UTC
ChallengeFromClient : 1ca419ea47cceec3
Reserved3 : 0x00000000 (0)
AvPairs: struct AV_PAIR_LIST
count : 0x00000007 (7)
pair: ARRAY(7)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName
(0x2)
AvLen : 0x0010 (16)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'DAN2003'
pair: struct AV_PAIR
AvId :
MsvAvNbComputerName (0x1)
AvLen : 0x0016 (22)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'SERVERDC1001'
pair: struct AV_PAIR
AvId :
MsvAvDnsDomainName (0x4)
AvLen : 0x002e (46)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName :
'dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId :
MsvAvDnsComputerName (0x3)
AvLen : 0x0046 (70)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName :
'SERVERDC1001.dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvDnsTreeName
(0x5)
AvLen : 0x001c (28)
Value : union
ntlmssp_AvValue(case 0x5)
AvDnsTreeName :
'sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvTimestamp
(0x7)
AvLen : 0x0008 (8)
Value : union
ntlmssp_AvValue(case 0x7)
AvTimestamp : Tue Apr 14
12:28:04 2015 UTC
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
UserNameLen : 0x0012 (18)
UserNameMaxLen : 0x0012 (18)
UserName : *
UserName : 'SUPER-USER'
WorkstationLen : 0x001c (28)
WorkstationMaxLen : 0x001c (28)
Workstation : *
Workstation : 'MYSERVER'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[0000] 48 09 D4 57 08 FC AD F2 DD B7 FB 1D 65 28 BC 8A H..W.... ....e(..
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
cli_init_creds: user SUPER-USER domain
Bind RPC Pipe: host serverDC1001.dan2003.sample.domain.com auth_type 0,
auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid :
12345778-1234-abcd-ef00-0123456789ab
if_version : 0x00000000 (0)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid :
8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00069674 (431732)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 71 71 qq
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : 0x0000 (0)
reason : 0x0000 (0)
syntax: struct ndr_syntax_id
uuid :
8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine
serverDC1001.dan2003.sample.domain.com and bound anonymously.
lsa_OpenPolicy: struct lsa_OpenPolicy
in: struct lsa_OpenPolicy
system_name : *
system_name : 0x005c (92)
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000018 (24)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x0000000c (12)
impersonation_level : 0x0002 (2)
context_mode : 0x01 (1)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x0000002c (44)
context_id : 0x0000 (0)
opnum : 0x0006 (6)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 7E 29 EA FB 47 80 8A 49 9C 2F 88 A6 ....~).. G..I./..
[0010] 65 A8 5D 72 00 00 00 00 e.]r....
Got pdu len 48, data_len 24, ss_len 0
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes.
lsa_OpenPolicy: struct lsa_OpenPolicy
out: struct lsa_OpenPolicy
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
fbea297e-8047-498a-9c2f-88a665a85d72
result : NT_STATUS_OK
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
fbea297e-8047-498a-9c2f-88a665a85d72
level : LSA_POLICY_INFO_DNS (12)
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000016 (22)
context_id : 0x0000 (0)
opnum : 0x002e (46)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 220
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x00ec (236)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x000000d4 (212)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=212
[0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........
[0010] 2E 00 30 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ..0..... ........
[0020] 72 C5 DE 51 A1 3A D6 45 AA C3 E3 27 E8 31 0B 54 r..Q.:.E ...'.1.T
[0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........
[0040] 4E 00 41 00 54 00 49 00 4F 00 4E 00 41 00 4C 00 N.A.T.I. O.N.A.L.
[0050] 18 00 00 00 00 00 00 00 17 00 00 00 6E 00 61 00 ........ ....n.a.
[0060] 74 00 69 00 6F 00 6E 00 61 00 6C 00 2E 00 63 00 t.i.o.n. a.l...c.
[0070] 6F 00 72 00 65 00 2E 00 62 00 62 00 63 00 2E 00 o.r.e... b.b.c...
[0080] 63 00 6F 00 2E 00 75 00 6B 00 00 00 0F 00 00 00 c.o...u. k.......
[0090] 00 00 00 00 0E 00 00 00 63 00 6F 00 72 00 65 00 ........ c.o.r.e.
[00A0] 2E 00 62 00 62 00 63 00 2E 00 63 00 6F 00 2E 00 ..b.b.c. ..c.o...
[00B0] 75 00 6B 00 04 00 00 00 01 04 00 00 00 00 00 05 u.k..... ........
[00C0] 15 00 00 00 6B D6 62 04 16 C0 EA 32 82 8B A6 28 ....k.b. ...2...(
[00D0] 00 00 00 00 ....
Got pdu len 236, data_len 212, ss_len 0
rpc_api_pipe: got frag len of 236 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 212
bytes.
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union
lsa_PolicyInformation(case 12)
dns: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'DAN2003'
dns_domain: struct lsa_StringLarge
length : 0x002e (46)
size : 0x0030 (48)
string : *
string :
'dan2003.sample.domain.com'
dns_forest: struct lsa_StringLarge
length : 0x001c (28)
size : 0x001e (30)
string : *
string :
'sample.domain.com'
domain_guid :
51dec572-3aa1-45d6-aac3-e327e8310b54
sid : *
sid :
S-1-5-21-73586283-854245398-682003330
result : NT_STATUS_OK
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
fbea297e-8047-498a-9c2f-88a665a85d72
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0000 (0)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24, ss_len 0
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes.
lsa_Close: struct lsa_Close
out: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
create_local_private_krb5_conf_for_domain: fname =
/var/cache/samba/smb_krb5/krb5.conf.DAN2003, realm =
dan2003.sample.domain.com, domain = DAN2003
saf_fetch: Returning "SERVERDC1001.dan2003.sample.domain.com" for
"dan2003.sample.domain.com" domain
get_dc_list: preferred server list: "SERVERDC1001.dan2003.sample.domain.com,
*"
internal_resolve_name: looking up dan2003.sample.domain.com#1c (sitename
(null))
name dan2003.sample.domain.com#1C found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Adding 11 DC's from auto lookup
sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM
internal_resolve_name: looking up SERVERDC1001.dan2003.sample.domain.com#20
(sitename (null))
name SERVERDC1001.dan2003.sample.domain.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.80.8.88
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.124.23.5
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.184.32.187
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.161.8.2
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.184.32.58
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.84.136.29
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.80.8.88
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.52.69.202
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.76.8.118
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.94.76.240
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.72.136.53
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.68.140.2
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 11 ip addresses in an ordered list
get_dc_list: 10.80.8.88:389 10.124.23.5:389 10.184.32.187:389 10.161.8.2:389
10.184.32.58:389 10.84.136.29:389 10.52.69.202:389 10.76.8.118:389
10.94.76.240:389 10.72.136.53:389 10.68.140.2:389
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000317c (12668)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
0: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
0: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54
forest : 'sample.domain.com'
dns_domain : 'dan2003.sample.domain.com'
pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com'
domain_name : 'DAN2003'
pdc_name : 'SERVERDC1001'
user_name : ''
server_site : 'UK-Lanc-BH-LAN-Main'
client_site : ''
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
get_kdc_ip_string: Returning kdc = 10.80.8.88
create_local_private_krb5_conf_for_domain: wrote file
/var/cache/samba/smb_krb5/krb5.conf.DAN2003 with realm
DAN2003.SAMPLE.DOMAIN.COM KDC list = kdc = 10.80.8.88
sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM
internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20
(sitename (null))
name serverDC1001.dan2003.sample.domain.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
ads_try_connect: sending CLDAP request to 10.80.8.88 (realm:
dan2003.sample.domain.com)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000317c (12668)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
0: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
0: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54
forest : 'sample.domain.com'
dns_domain : 'dan2003.sample.domain.com'
pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com'
domain_name : 'DAN2003'
pdc_name : 'SERVERDC1001'
user_name : ''
server_site : 'UK-Lanc-BH-LAN-Main'
client_site : ''
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
sitename_store: deleting empty sitename!
Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003])
sitename_store: deleting empty sitename!
Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM])
Successfully contacted LDAP server 10.80.8.88
Opening connection to LDAP server
'SERVERDC1001.dan2003.sample.domain.com:389', timeout 15 seconds
Connected to LDAP server 'SERVERDC1001.dan2003.sample.domain.com:389'
Connected to LDAP server SERVERDC1001.dan2003.sample.domain.com
ads_sitename_match: no match between server: UK-Lanc-BH-LAN-Main and client:
NULL
ads_closest_dc: client belongs to no site
saf_store: domain = [DAN2003], server =
[SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386]
Did not store value for SAF/DOMAIN/DAN2003, we already got it
saf_store: domain = [dan2003.sample.domain.com], server =
[SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386]
Did not store value for SAF/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM, we already got
it
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name =
not_defined_in_RFC4178 at please_ignore
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling
kinit
kerberos_kinit_password: as SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM using
[MEMORY:net_ads] as ccache and config
[/var/cache/samba/smb_krb5/krb5.conf.DAN2003]
kerberos_kinit_password SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM failed: Cannot
contact any KDC for requested realm
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'DAN2003'
dns_domain_name : 'dan2003.sample.domain.com'
forest_name : 'sample.domain.com'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-73586283-854245398-682003330
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: Cannot
contact any KDC for requested realm'
domain_is_ad : 0x01 (1)
result : WERR_DEFAULT_JOIN_REQUIRED
Failed to join domain: failed to connect to AD: Cannot contact any KDC for
requested realm
return code = -1
myuser at myserver:~$
myuser at myserver:~$
myuser at myserver:~$
myuser at myserver:~$
--
View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555.html
Sent from the Samba - General mailing list archive at Nabble.com.
More information about the samba
mailing list