[Samba] net ads join fails
Roman Dilken
rdilken at gmx.de
Tue Mar 10 14:14:53 MDT 2015
On 10.03.2015 20:20, Rowland Penny wrote:
>
> OK, the first will not work (well not yet), the second should, I
> take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before
> the join ?
>
> You could try 'net ads join -U Administrator' and enter the
> password when prompted, I personally have never seen the point in
> using kerberos during the join, either way you have to enter the
> Administrator password :-)
>
> Rowland
>
OK, new try... I did kinit Administrator at AD.DILKEN.EU, but I have
always to enter the passowrd with or without kerberos.
Now I try it without -k:
net ads join -UAdministrator -d 10
Result:
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
params.c:pm_process() - Processing configuration file
"/usr/local/etc/smb4.conf"
Processing section "[global]"
doing parameter netbios name = fileserver
doing parameter workgroup = AD
doing parameter security = ADS
doing parameter realm = AD.DILKEN.EU
doing parameter dedicated keytab file = /usr/local/etc/krb5.keytab
doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g
doing parameter server role = member server
doing parameter winbind refresh tickets = yes
doing parameter use sendfile = true
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config AD:backend = ad
doing parameter idmap config AD:schema_mode = rfc2307
doing parameter idmap config AD:range = 10000-99999
doing parameter winbind nss info = rfc2307
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter log level = 10
doing parameter read only = no
doing parameter inherit permissions = No
doing parameter inherit acls = No
doing parameter inherit owner = No
doing parameter force unknown acl user = No
doing parameter store dos attributes = Yes
doing parameter map read only = No
doing parameter vfs objects = zfsacl
doing parameter nfs4:mode = special
doing parameter nfs4:acedup = merge
doing parameter nfs4:chown = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="FILESERVER"
added interface nfe0 ip=192.168.2.87 bcast=192.168.2.255
netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=0x0
Registering messaging pointer for type 9 - private_data=0x0
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=0x0
Registering messaging pointer for type 12 - private_data=0x0
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=0x0
Registering messaging pointer for type 5 - private_data=0x0
Enter Administrator's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'FILESERVER'
domain_name : *
domain_name : 'AD.DILKEN.EU'
account_ou : NULL
admin_account : 'Administrator'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/db/samba4/gencache.tdb
Opening cache file at /var/db/samba4/gencache_notrans.tdb
sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting"
dsgetdcname_internal: domain_name: AD.DILKEN.EU, domain_guid: (null),
site_name: Neuoetting, flags: 0x40001011
debug_dsdcinfo_flags: 0x40001011
DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED
DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
dsgetdcname_rediscover
ads_dns_lookup_srv: 1 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed dc2.ad.dilken.eu [0, 100, 389]
LDAP ping to dc2.ad.dilken.eu
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000003fc (1020)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
0: NBT_SERVER_FULL_SECRET_DOMAIN_6
0: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 56b6b4e7-d3f5-448d-ae4b-5b68a3662b2f
forest : 'ad.dilken.eu'
dns_domain : 'ad.dilken.eu'
pdc_dns_name : 'dc2.ad.dilken.eu'
domain_name : 'AD'
pdc_name : 'DC2'
user_name : ''
server_site : 'Neuoetting'
client_site : 'Neuoetting'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
Did not store value for DSGETDCNAME/DOMAIN/AD, we already got it
sitename_store: realm = [AD], sitename = [Neuoetting], expire =
[2147483647]
Did not store value for AD_SITENAME/DOMAIN/AD, we already got it
Adding cache entry with key=[DSGETDCNAME/DOMAIN/AD.DILKEN.EU] and
timeout=[Di Mär 10 21:25:28 2015 CET] (900 seconds ahead)
sitename_store: realm = [ad.dilken.eu], sitename = [Neuoetting],
expire = [2147483647]
Did not store value for AD_SITENAME/DOMAIN/AD.DILKEN.EU, we already got it
sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting"
internal_resolve_name: looking up dc2.ad.dilken.eu#20 (sitename
Neuoetting)
Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Do
Jan 1 01:00:00 1970 CET] (-1426018228 seconds in the past)
no entry for dc2.ad.dilken.eu#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20>
startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error
was No such file or directory
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name dc2.ad.dilken.eu<0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 1 address for dc2.ad.dilken.eu#20: 192.168.2.2
Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Di
Mär 10 21:21:28 2015 CET] (660 seconds ahead)
internal_resolve_name: returning 1 addresses: 192.168.2.2:0
Connecting to 192.168.2.2 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 4
TCP_KEEPCNT = 0
TCP_KEEPIDLE = 0
TCP_KEEPINTVL = 0
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 66608
SO_RCVBUF = 66608
SO_SNDLOWAT = 2048
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0002 (2)
DomainNameMaxLen : 0x0002 (2)
DomainName : *
DomainName : 'AD'
WorkstationLen : 0x000a (10)
WorkstationMaxLen : 0x000a (10)
Workstation : *
Workstation : 'FILESERVER'
challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x0004 (4)
TargetNameMaxLen : 0x0004 (4)
TargetName : *
TargetName : 'AD'
NegotiateFlags : 0x60898215 (1619624469)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : 5de2f6f04d891106
Reserved : 0000000000000000
TargetInfoLen : 0x0056 (86)
TargetNameInfoMaxLen : 0x0056 (86)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000005 (5)
pair: ARRAY(5)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName (0x2)
AvLen : 0x0004 (4)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'AD'
pair: struct AV_PAIR
AvId : MsvAvNbComputerName
(0x1)
AvLen : 0x0006 (6)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'DC2'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName
(0x4)
AvLen : 0x0018 (24)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName : 'ad.dilken.eu'
pair: struct AV_PAIR
AvId :
MsvAvDnsComputerName (0x3)
AvLen : 0x0020 (32)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName : 'dc2.ad.dilken.eu'
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Bus error (Speicherabzug geschrieben)
The final result is the same as above.
Greetings,
Roman
More information about the samba
mailing list