[Samba] I can't join the new AD server with Samba4
Rowland Penny
rowlandpenny at googlemail.com
Sat Apr 25 07:17:57 MDT 2015
On 25/04/15 14:02, Daniel Carrasco Marín wrote:
> Sorry, I forgot to revert another test i did, but the result is the same:
>
> ---------------------------------------------------------------------------------------------------------------------------------------
> ---------------------------------------------------------------------------------------------------------------------------------------
> sudo net ads join -U "Administrator" -d 5
> INFO: Current debug levels:
> all: 5
> tdb: 5
> printdrivers: 5
> lanman: 5
> smb: 5
> rpc_parse: 5
> rpc_srv: 5
> rpc_cli: 5
> passdb: 5
> sam: 5
> auth: 5
> winbind: 5
> vfs: 5
> idmap: 5
> quota: 5
> acls: 5
> locking: 5
> msdfs: 5
> dmapi: 5
> registry: 5
> scavenger: 5
> dns: 5
> ldb: 5
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
> all: 5
> tdb: 5
> printdrivers: 5
> lanman: 5
> smb: 5
> rpc_parse: 5
> rpc_srv: 5
> rpc_cli: 5
> passdb: 5
> sam: 5
> auth: 5
> winbind: 5
> vfs: 5
> idmap: 5
> quota: 5
> acls: 5
> locking: 5
> msdfs: 5
> dmapi: 5
> registry: 5
> scavenger: 5
> dns: 5
> ldb: 5
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> Processing section "[global]"
> doing parameter workgroup = TTU
> doing parameter security = ADS
> doing parameter realm = TTU.RED
> doing parameter dedicated keytab file = /etc/krb5.keytab
> doing parameter kerberos method = secrets and keytab
> doing parameter idmap config *:backend = tdb
> doing parameter idmap config *:range = 2000-9999
> doing parameter idmap config TTU:backend = ad
> doing parameter idmap config TTU:schema_mode = rfc2307
> doing parameter idmap config TTU:range = 10000-99999
> doing parameter winbind nss info = rfc2307
> doing parameter winbind trusted domains only = no
> doing parameter winbind use default domain = yes
> doing parameter winbind enum users = yes
> doing parameter winbind enum groups = yes
> doing parameter winbind refresh tickets = Yes
> doing parameter winbind expand groups = 4
> doing parameter winbind normalize names = Yes
> doing parameter domain master = no
> doing parameter local master = no
> doing parameter vfs objects = acl_xattr
> doing parameter map acl inherit = Yes
> doing parameter store dos attributes = Yes
> pm_process() returned Yes
> Netbios name list:-
> my_netbios_names[0]="GLOTON"
> added interface eth1 ip=172.30.0.230 bcast=172.30.0.255
> netmask=255.255.255.0
> added interface eth0 ip=192.168.2.230 bcast=192.168.2.255
> netmask=255.255.255.0
> Registering messaging pointer for type 2 - private_data=(nil)
> Registering messaging pointer for type 9 - private_data=(nil)
> Registered MSG_REQ_POOL_USAGE
> Registering messaging pointer for type 11 - private_data=(nil)
> Registering messaging pointer for type 12 - private_data=(nil)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Registering messaging pointer for type 1 - private_data=(nil)
> Registering messaging pointer for type 5 - private_data=(nil)
> Enter Administrator's password:
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> in: struct libnet_JoinCtx
> dc_name : NULL
> machine_name : 'GLOTON'
> domain_name : *
> domain_name : 'TTU.RED'
> account_ou : NULL
> admin_account : 'Administrator'
> machine_password : NULL
> join_flags : 0x00000023 (35)
> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> os_version : NULL
> os_name : NULL
> create_upn : 0x00 (0)
> upn : NULL
> modify_config : 0x00 (0)
> ads : NULL
> debug : 0x01 (1)
> use_kerberos : 0x00 (0)
> secure_channel_type : SEC_CHAN_WKSTA (2)
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name"
> ads_dns_lookup_srv: 1 records returned in the answer section.
> sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name"
> name pdc.ttu.red#20 found.
> Connecting to 192.168.2.251 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_SNDBUF = 24040
> SO_RCVBUF = 87380
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 52
> check_bind_response: accepted!
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 168
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> saf_fetch[join]: Returning "pdc.ttu.red" for "ttu.red" domain
> get_dc_list: preferred server list: "pdc.ttu.red, *"
> name ttu.red#1C found.
> sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name"
> name pdc.ttu.red#20 found.
> get_dc_list: returning 1 ip addresses in an ordered list
> get_dc_list: 192.168.2.251:389 <http://192.168.2.251:389>
> create_local_private_krb5_conf_for_domain: wrote file
> /var/run/samba/smb_krb5/krb5.conf.TTU with realm TTU.RED KDC list
> = kdc = 192.168.2.251
>
> Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 52
> check_bind_response: accepted!
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 40
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 44
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 12
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 12
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name"
> name pdc.ttu.red#20 found.
> ads_try_connect: sending CLDAP request to 192.168.2.251 (realm: ttu.red)
> Successfully contacted LDAP server 192.168.2.251
> Connected to LDAP server pdc.ttu.red
> KDC time offset is 0 seconds
> Found SASL mechanism GSS-SPNEGO
> ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
> ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
> ads_sasl_spnego_bind: got server principal name =
> not_defined_in_RFC4178 at please_ignore
> ads_krb5_mk_req: krb5_cc_get_principal failed (No existe el fichero o
> el directorio)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
> dom, 26 abr 2015 00:59:09 CEST
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : 'TTU'
> dns_domain_name : 'ttu.red'
> forest_name : 'ttu.red'
> dn : NULL
> domain_sid : *
> domain_sid :
> S-1-5-21-127850397-371183867-665961664
> modified_config : 0x00 (0)
> error_string : 'failed to connect to AD:
> Invalid credentials'
> domain_is_ad : 0x01 (1)
> result : WERR_GENERAL_FAILURE
> Failed to join domain: failed to connect to AD: Invalid credentials
> return code = -1
> ---------------------------------------------------------------------------------------------------------------------------------------
> ---------------------------------------------------------------------------------------------------------------------------------------
>
> Greetings!!
>
> 2015-04-25 14:52 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com
> <mailto:rowlandpenny at googlemail.com>>:
>
> On 25/04/15 13:27, Daniel Carrasco Marín wrote:
>
> Hi, I'm sorry for my english.
>
> i've migrated an old 3.6 samba domain to Samba 4.1 and the
> windows part is
> working fine (i can join and manage the server from a Windows
> Machine), but
> when I try to join the domain from another linux server it fails.
>
> I've followed this guide to migrate:
> https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
>
> and this for join:
> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>
> Mi config file looks like the guide
>
>
> From what you have posted, your smb.conf doesn't seem to look
> anything like the one on the member server page:
>
> [global]
> security = domain
> workgroup = TTU
> realm = ttu.red
> wins server = 192.168.2.251
> server role = standalone server
> passdb backend = tdbsam
> domain master = no
> server string = Print Server
> encrypt passwords = yes
> winbind nss info = rfc2307
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> winbind normalize names = yes
> idmap config TTU : backend = ad
> idmap config * : backend = tdb
> idmap config * : range = 1000-20000000
>
> There is also this:
>
> params.c:Parameter() - Ignoring badly formed line in configuration
> file: rfc2307
>
> Rowland
>
>
> and the join command shows:
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> # net ads join -UAdministrator -d 5
> INFO: Current debug levels:
> all: 5
> tdb: 5
> printdrivers: 5
> lanman: 5
> smb: 5
> rpc_parse: 5
> rpc_srv: 5
> rpc_cli: 5
> passdb: 5
> sam: 5
> auth: 5
> winbind: 5
> vfs: 5
> idmap: 5
> quota: 5
> acls: 5
> locking: 5
> msdfs: 5
> dmapi: 5
> registry: 5
> scavenger: 5
> dns: 5
> ldb: 5
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows
> limit (16384)
> INFO: Current debug levels:
> all: 5
> tdb: 5
> printdrivers: 5
> lanman: 5
> smb: 5
> rpc_parse: 5
> rpc_srv: 5
> rpc_cli: 5
> passdb: 5
> sam: 5
> auth: 5
> winbind: 5
> vfs: 5
> idmap: 5
> quota: 5
> acls: 5
> locking: 5
> msdfs: 5
> dmapi: 5
> registry: 5
> scavenger: 5
> dns: 5
> ldb: 5
> params.c:pm_process() - Processing configuration file
> "/etc/samba/smb.conf"
> params.c:Parameter() - Ignoring badly formed line in
> configuration file:
> rfc2307[global]
> doing parameter security = domain
> doing parameter workgroup = TTU
> doing parameter realm = ttu.red
> doing parameter wins server = 192.168.2.251
> doing parameter server role = standalone server
> doing parameter passdb backend = tdbsam
> doing parameter domain master = no
> doing parameter server string = Print Server
> doing parameter encrypt passwords = yes
> doing parameter winbind nss info = rfc2307
> doing parameter winbind enum users = Yes
> doing parameter winbind enum groups = Yes
> doing parameter winbind use default domain = Yes
> doing parameter winbind refresh tickets = Yes
> doing parameter winbind normalize names = yes
> doing parameter idmap config TTU : backend = ad
> doing parameter idmap config * : backend = tdb
> doing parameter idmap config * : range = 1000-20000000
> pm_process() returned Yes
> Netbios name list:-
> my_netbios_names[0]="GLOTON"
> added interface eth1 ip=172.30.0.230 bcast=172.30.0.255
> netmask=255.255.255.0
> added interface eth0 ip=192.168.2.230 bcast=192.168.2.255
> netmask=255.255.255.0
> Registering messaging pointer for type 2 - private_data=(nil)
> Registering messaging pointer for type 9 - private_data=(nil)
> Registered MSG_REQ_POOL_USAGE
> Registering messaging pointer for type 11 - private_data=(nil)
> Registering messaging pointer for type 12 - private_data=(nil)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Registering messaging pointer for type 1 - private_data=(nil)
> Registering messaging pointer for type 5 - private_data=(nil)
> Enter Administrator's password:
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> in: struct libnet_JoinCtx
> dc_name : NULL
> machine_name : 'GLOTON'
> domain_name : *
> domain_name : 'TTU.RED'
> account_ou : NULL
> admin_account : 'Administrator'
> machine_password : NULL
> join_flags : 0x00000023 (35)
> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> os_version : NULL
> os_name : NULL
> create_upn : 0x00 (0)
> upn : NULL
> modify_config : 0x00 (0)
> ads : NULL
> debug : 0x01 (1)
> use_kerberos : 0x00 (0)
> secure_channel_type : SEC_CHAN_WKSTA (2)
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: Returning sitename for TTU.RED:
> "Default-First-Site-Name"
> ads_dns_lookup_srv: 1 records returned in the answer section.
> sitename_fetch: Returning sitename for TTU.RED:
> "Default-First-Site-Name"
> no entry for pdc.ttu.red#20 found.
> resolve_lmhosts: Attempting lmhosts lookup for name
> pdc.ttu.red<0x20>
> resolve_lmhosts: Attempting lmhosts lookup for name
> pdc.ttu.red<0x20>
> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts.
> Error was No
> existe el fichero o el directorio
> wins_srv_is_dead: 192.168.2.251 is alive
> resolve_wins: using WINS server 192.168.2.251 and tag '*'
> samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fcb85f853b0]
> mpx_fde[(nil)]
> fd[13] - disabling
> wins_srv_is_dead: 192.168.2.251 is alive
> Marking wins server 192.168.2.251 dead for 600 seconds from source
> 192.168.2.251
> resolve_hosts: Attempting host lookup for name pdc.ttu.red<0x20>
> namecache_store: storing 1 address for pdc.ttu.red#20:
> 192.168.2.251
> Connecting to 192.168.2.251 at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_SNDBUF = 24040
> SO_RCVBUF = 87380
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> Got challenge flags:
> Got NTLMSSP neg_flags=0x60898215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_TARGET_INFO
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP: Set final flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> NTLMSSP Sign/Seal - Initialising with flags:
> Got NTLMSSP neg_flags=0x60088215
> NTLMSSP_NEGOTIATE_UNICODE
> NTLMSSP_REQUEST_TARGET
> NTLMSSP_NEGOTIATE_SIGN
> NTLMSSP_NEGOTIATE_NTLM
> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
> NTLMSSP_NEGOTIATE_NTLM2
> NTLMSSP_NEGOTIATE_128
> NTLMSSP_NEGOTIATE_KEY_EXCH
> Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 52
> check_bind_response: accepted!
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 168
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> saf_fetch[join]: Returning "pdc.ttu.red" for "ttu.red" domain
> get_dc_list: preferred server list: "pdc.ttu.red, *"
> no entry for ttu.red#1C found.
> resolve_ads: Attempting to resolve KDCs for ttu.red using DNS
> ads_dns_lookup_srv: 1 records returned in the answer section.
> sitename_fetch: Returning sitename for TTU.RED:
> "Default-First-Site-Name"
> name pdc.ttu.red#20 found.
> get_dc_list: returning 2 ip addresses in an ordered list
> get_dc_list: 192.168.2.251:0 <http://192.168.2.251:0>
> 192.168.2.251:88 <http://192.168.2.251:88>
> create_local_private_krb5_conf_for_domain: wrote file
> /var/run/samba/smb_krb5/krb5.conf.TTU with realm TTU.RED KDC
> list =
> kdc = 192.168.2.251
>
> Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 52
> check_bind_response: accepted!
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 40
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 44
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 12
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 12
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> rpc_api_pipe: host pdc.ttu.red
> rpc_read_send: data_to_read: 32
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> check lock order 1 for /var/lib/samba/private/secrets.tdb
> release lock order 1 for /var/lib/samba/private/secrets.tdb
> sitename_fetch: Returning sitename for TTU.RED:
> "Default-First-Site-Name"
> name pdc.ttu.red#20 found.
> ads_try_connect: sending CLDAP request to 192.168.2.251
> (realm: ttu.red)
> Successfully contacted LDAP server 192.168.2.251
> Connected to LDAP server pdc.ttu.red
> KDC time offset is 0 seconds
> Found SASL mechanism GSS-SPNEGO
> ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
> ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
> ads_sasl_spnego_bind: got server principal name =
> not_defined_in_RFC4178 at please_ignore
> ads_krb5_mk_req: krb5_cc_get_principal failed (No existe el
> fichero o el
> directorio)
> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads]
> expiration dom,
> 26 abr 2015 00:04:50 CEST
> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid
> credentials
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : 'TTU'
> dns_domain_name : 'ttu.red'
> forest_name : 'ttu.red'
> dn : NULL
> domain_sid : *
> domain_sid :
> S-1-5-21-127850397-371183867-665961664 <tel:665961664>
> modified_config : 0x00 (0)
> error_string : 'failed to connect to
> AD: Invalid
> credentials'
> domain_is_ad : 0x01 (1)
> result : WERR_GENERAL_FAILURE
> Failed to join domain: failed to connect to AD: Invalid
> credentials
> return code = -1
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
>
> I've tried commands like:
> smbclient -L 192.168.2.251 -U%
> kinit administrator@ <administrator at CASA.RED>TTU.RED
> klist -c
>
> All are workign.
> I've tried to create a test domain instead upgrade, with same
> config and
> join ads is working... ¿can be the upgrade progress?
>
> Thanks!!
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
OK, there is this:
ads_krb5_mk_req: krb5_cc_get_principal failed (No existe el fichero o el
directorio)
The last part seems to translate to: There is no such file or directory,
so what have you got in /etc/krb5.conf ?
Does /etc/krb5.keytab exist, if it does, remove it.
Does /etc/resolv.conf point to the DC ?
Are you sure that you are using the correct password for Administrator ?
Rowland
More information about the samba
mailing list