[Samba] net ads join fails
Roman Dilken
rdilken at gmx.de
Tue Mar 10 14:29:23 MDT 2015
Oh, I have a pair of samba-4.1.17-DC's, raspberry-pi and dc2 to which make the domain ad.dilken.eu on site Neuoetting.
resolv.conf points to the two dc's:
search ad.dilken.eu
nameserver 192.168.2.33
nameserver 192.168.2.2
In the output I find some relations to dc2 resp. 192.168.2.2, but perhaps it doesn't work as expected..
Greetings
Am 10.03.2015 um 21:23 schrieb Rowland Penny:
> On 10/03/15 20:14, Roman Dilken wrote:
>> On 10.03.2015 20:20, Rowland Penny wrote:
>>
>>> OK, the first will not work (well not yet), the second should, I
>>> take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before
>>> the join ?
>>>
>>> You could try 'net ads join -U Administrator' and enter the
>>> password when prompted, I personally have never seen the point in
>>> using kerberos during the join, either way you have to enter the
>>> Administrator password :-)
>>>
>>> Rowland
>>>
>> OK, new try... I did kinit Administrator at AD.DILKEN.EU, but I have
>> always to enter the passowrd with or without kerberos.
>>
>> Now I try it without -k:
>>
>> net ads join -UAdministrator -d 10
>>
>> Result:
>>
>> INFO: Current debug levels:
>> all: 10
>> tdb: 10
>> printdrivers: 10
>> lanman: 10
>> smb: 10
>> rpc_parse: 10
>> rpc_srv: 10
>> rpc_cli: 10
>> passdb: 10
>> sam: 10
>> auth: 10
>> winbind: 10
>> vfs: 10
>> idmap: 10
>> quota: 10
>> acls: 10
>> locking: 10
>> msdfs: 10
>> dmapi: 10
>> registry: 10
>> scavenger: 10
>> dns: 10
>> ldb: 10
>> lp_load_ex: refreshing parameters
>> Initialising global parameters
>> INFO: Current debug levels:
>> all: 10
>> tdb: 10
>> printdrivers: 10
>> lanman: 10
>> smb: 10
>> rpc_parse: 10
>> rpc_srv: 10
>> rpc_cli: 10
>> passdb: 10
>> sam: 10
>> auth: 10
>> winbind: 10
>> vfs: 10
>> idmap: 10
>> quota: 10
>> acls: 10
>> locking: 10
>> msdfs: 10
>> dmapi: 10
>> registry: 10
>> scavenger: 10
>> dns: 10
>> ldb: 10
>> params.c:pm_process() - Processing configuration file
>> "/usr/local/etc/smb4.conf"
>> Processing section "[global]"
>> doing parameter netbios name = fileserver
>> doing parameter workgroup = AD
>> doing parameter security = ADS
>> doing parameter realm = AD.DILKEN.EU
>> doing parameter dedicated keytab file = /usr/local/etc/krb5.keytab
>> doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g
>> doing parameter server role = member server
>> doing parameter winbind refresh tickets = yes
>> doing parameter use sendfile = true
>> doing parameter idmap config *:backend = tdb
>> doing parameter idmap config *:range = 2000-9999
>> doing parameter idmap config AD:backend = ad
>> doing parameter idmap config AD:schema_mode = rfc2307
>> doing parameter idmap config AD:range = 10000-99999
>> doing parameter winbind nss info = rfc2307
>> doing parameter winbind trusted domains only = no
>> doing parameter winbind use default domain = yes
>> doing parameter winbind enum users = yes
>> doing parameter winbind enum groups = yes
>> doing parameter log level = 10
>> doing parameter read only = no
>> doing parameter inherit permissions = No
>> doing parameter inherit acls = No
>> doing parameter inherit owner = No
>> doing parameter force unknown acl user = No
>> doing parameter store dos attributes = Yes
>> doing parameter map read only = No
>> doing parameter vfs objects = zfsacl
>> doing parameter nfs4:mode = special
>> doing parameter nfs4:acedup = merge
>> doing parameter nfs4:chown = yes
>> pm_process() returned Yes
>> lp_servicenumber: couldn't find homes
>> Netbios name list:-
>> my_netbios_names[0]="FILESERVER"
>> added interface nfe0 ip=192.168.2.87 bcast=192.168.2.255
>> netmask=255.255.255.0
>> Registering messaging pointer for type 2 - private_data=0x0
>> Registering messaging pointer for type 9 - private_data=0x0
>> Registered MSG_REQ_POOL_USAGE
>> Registering messaging pointer for type 11 - private_data=0x0
>> Registering messaging pointer for type 12 - private_data=0x0
>> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
>> Registering messaging pointer for type 1 - private_data=0x0
>> Registering messaging pointer for type 5 - private_data=0x0
>> Enter Administrator's password:
>> libnet_Join:
>> libnet_JoinCtx: struct libnet_JoinCtx
>> in: struct libnet_JoinCtx
>> dc_name : NULL
>> machine_name : 'FILESERVER'
>> domain_name : *
>> domain_name : 'AD.DILKEN.EU'
>> account_ou : NULL
>> admin_account : 'Administrator'
>> machine_password : NULL
>> join_flags : 0x00000023 (35)
>> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>> os_version : NULL
>> os_name : NULL
>> create_upn : 0x00 (0)
>> upn : NULL
>> modify_config : 0x00 (0)
>> ads : NULL
>> debug : 0x01 (1)
>> use_kerberos : 0x00 (0)
>> secure_channel_type : SEC_CHAN_WKSTA (2)
>> Opening cache file at /var/db/samba4/gencache.tdb
>> Opening cache file at /var/db/samba4/gencache_notrans.tdb
>> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting"
>> dsgetdcname_internal: domain_name: AD.DILKEN.EU, domain_guid: (null),
>> site_name: Neuoetting, flags: 0x40001011
>> debug_dsdcinfo_flags: 0x40001011
>> DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED
>> DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME
>> dsgetdcname_rediscover
>> ads_dns_lookup_srv: 1 records returned in the answer section.
>> ads_dns_parse_rr_srv: Parsed dc2.ad.dilken.eu [0, 100, 389]
>> LDAP ping to dc2.ad.dilken.eu
>> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
>> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
>> sbz : 0x0000 (0)
>> server_type : 0x000003fc (1020)
>> 0: NBT_SERVER_PDC
>> 1: NBT_SERVER_GC
>> 1: NBT_SERVER_LDAP
>> 1: NBT_SERVER_DS
>> 1: NBT_SERVER_KDC
>> 1: NBT_SERVER_TIMESERV
>> 1: NBT_SERVER_CLOSEST
>> 1: NBT_SERVER_WRITABLE
>> 1: NBT_SERVER_GOOD_TIMESERV
>> 0: NBT_SERVER_NDNC
>> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
>> 0: NBT_SERVER_FULL_SECRET_DOMAIN_6
>> 0: NBT_SERVER_ADS_WEB_SERVICE
>> 0: NBT_SERVER_HAS_DNS_NAME
>> 0: NBT_SERVER_IS_DEFAULT_NC
>> 0: NBT_SERVER_FOREST_ROOT
>> domain_uuid : 56b6b4e7-d3f5-448d-ae4b-5b68a3662b2f
>> forest : 'ad.dilken.eu'
>> dns_domain : 'ad.dilken.eu'
>> pdc_dns_name : 'dc2.ad.dilken.eu'
>> domain_name : 'AD'
>> pdc_name : 'DC2'
>> user_name : ''
>> server_site : 'Neuoetting'
>> client_site : 'Neuoetting'
>> sockaddr_size : 0x00 (0)
>> sockaddr: struct nbt_sockaddr
>> sockaddr_family : 0x00000000 (0)
>> pdc_ip : (null)
>> remaining : DATA_BLOB length=0
>> next_closest_site : NULL
>> nt_version : 0x00000005 (5)
>> 1: NETLOGON_NT_VERSION_1
>> 0: NETLOGON_NT_VERSION_5
>> 1: NETLOGON_NT_VERSION_5EX
>> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
>> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
>> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
>> 0: NETLOGON_NT_VERSION_PDC
>> 0: NETLOGON_NT_VERSION_IP
>> 0: NETLOGON_NT_VERSION_LOCAL
>> 0: NETLOGON_NT_VERSION_GC
>> lmnt_token : 0xffff (65535)
>> lm20_token : 0xffff (65535)
>> Did not store value for DSGETDCNAME/DOMAIN/AD, we already got it
>> sitename_store: realm = [AD], sitename = [Neuoetting], expire =
>> [2147483647]
>> Did not store value for AD_SITENAME/DOMAIN/AD, we already got it
>> Adding cache entry with key=[DSGETDCNAME/DOMAIN/AD.DILKEN.EU] and
>> timeout=[Di Mär 10 21:25:28 2015 CET] (900 seconds ahead)
>> sitename_store: realm = [ad.dilken.eu], sitename = [Neuoetting],
>> expire = [2147483647]
>> Did not store value for AD_SITENAME/DOMAIN/AD.DILKEN.EU, we already got it
>> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting"
>> internal_resolve_name: looking up dc2.ad.dilken.eu#20 (sitename
>> Neuoetting)
>> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Do
>> Jan 1 01:00:00 1970 CET] (-1426018228 seconds in the past)
>> no entry for dc2.ad.dilken.eu#20 found.
>> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20>
>> startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error
>> was No such file or directory
>> resolve_wins: WINS server resolution selected and no WINS servers listed.
>> resolve_hosts: Attempting host lookup for name dc2.ad.dilken.eu<0x20>
>> remove_duplicate_addrs2: looking for duplicate address/port pairs
>> namecache_store: storing 1 address for dc2.ad.dilken.eu#20: 192.168.2.2
>> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Di
>> Mär 10 21:21:28 2015 CET] (660 seconds ahead)
>> internal_resolve_name: returning 1 addresses: 192.168.2.2:0
>> Connecting to 192.168.2.2 at port 445
>> Socket options:
>> SO_KEEPALIVE = 0
>> SO_REUSEADDR = 0
>> SO_BROADCAST = 0
>> TCP_NODELAY = 4
>> TCP_KEEPCNT = 0
>> TCP_KEEPIDLE = 0
>> TCP_KEEPINTVL = 0
>> IPTOS_LOWDELAY = 0
>> IPTOS_THROUGHPUT = 0
>> SO_REUSEPORT = 0
>> SO_SNDBUF = 66608
>> SO_RCVBUF = 66608
>> SO_SNDLOWAT = 2048
>> SO_RCVLOWAT = 1
>> SO_SNDTIMEO = 0
>> SO_RCVTIMEO = 0
>> Doing spnego session setup (blob length=96)
>> got OID=1.2.840.48018.1.2.2
>> got OID=1.2.840.113554.1.2.2
>> got OID=1.3.6.1.4.1.311.2.2.10
>> got principal=not_defined_in_RFC4178 at please_ignore
>> negotiate: struct NEGOTIATE_MESSAGE
>> Signature : 'NTLMSSP'
>> MessageType : NtLmNegotiate (1)
>> NegotiateFlags : 0x60088215 (1611170325)
>> 1: NTLMSSP_NEGOTIATE_UNICODE
>> 0: NTLMSSP_NEGOTIATE_OEM
>> 1: NTLMSSP_REQUEST_TARGET
>> 1: NTLMSSP_NEGOTIATE_SIGN
>> 0: NTLMSSP_NEGOTIATE_SEAL
>> 0: NTLMSSP_NEGOTIATE_DATAGRAM
>> 0: NTLMSSP_NEGOTIATE_LM_KEY
>> 0: NTLMSSP_NEGOTIATE_NETWARE
>> 1: NTLMSSP_NEGOTIATE_NTLM
>> 0: NTLMSSP_NEGOTIATE_NT_ONLY
>> 0: NTLMSSP_ANONYMOUS
>> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
>> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
>> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
>> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> 0: NTLMSSP_TARGET_TYPE_DOMAIN
>> 0: NTLMSSP_TARGET_TYPE_SERVER
>> 0: NTLMSSP_TARGET_TYPE_SHARE
>> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> 0: NTLMSSP_NEGOTIATE_IDENTIFY
>> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
>> 0: NTLMSSP_NEGOTIATE_TARGET_INFO
>> 0: NTLMSSP_NEGOTIATE_VERSION
>> 1: NTLMSSP_NEGOTIATE_128
>> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
>> 0: NTLMSSP_NEGOTIATE_56
>> DomainNameLen : 0x0002 (2)
>> DomainNameMaxLen : 0x0002 (2)
>> DomainName : *
>> DomainName : 'AD'
>> WorkstationLen : 0x000a (10)
>> WorkstationMaxLen : 0x000a (10)
>> Workstation : *
>> Workstation : 'FILESERVER'
>> challenge: struct CHALLENGE_MESSAGE
>> Signature : 'NTLMSSP'
>> MessageType : NtLmChallenge (0x2)
>> TargetNameLen : 0x0004 (4)
>> TargetNameMaxLen : 0x0004 (4)
>> TargetName : *
>> TargetName : 'AD'
>> NegotiateFlags : 0x60898215 (1619624469)
>> 1: NTLMSSP_NEGOTIATE_UNICODE
>> 0: NTLMSSP_NEGOTIATE_OEM
>> 1: NTLMSSP_REQUEST_TARGET
>> 1: NTLMSSP_NEGOTIATE_SIGN
>> 0: NTLMSSP_NEGOTIATE_SEAL
>> 0: NTLMSSP_NEGOTIATE_DATAGRAM
>> 0: NTLMSSP_NEGOTIATE_LM_KEY
>> 0: NTLMSSP_NEGOTIATE_NETWARE
>> 1: NTLMSSP_NEGOTIATE_NTLM
>> 0: NTLMSSP_NEGOTIATE_NT_ONLY
>> 0: NTLMSSP_ANONYMOUS
>> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
>> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
>> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
>> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> 1: NTLMSSP_TARGET_TYPE_DOMAIN
>> 0: NTLMSSP_TARGET_TYPE_SERVER
>> 0: NTLMSSP_TARGET_TYPE_SHARE
>> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
>> 0: NTLMSSP_NEGOTIATE_IDENTIFY
>> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
>> 1: NTLMSSP_NEGOTIATE_TARGET_INFO
>> 0: NTLMSSP_NEGOTIATE_VERSION
>> 1: NTLMSSP_NEGOTIATE_128
>> 1: NTLMSSP_NEGOTIATE_KEY_EXCH
>> 0: NTLMSSP_NEGOTIATE_56
>> ServerChallenge : 5de2f6f04d891106
>> Reserved : 0000000000000000
>> TargetInfoLen : 0x0056 (86)
>> TargetNameInfoMaxLen : 0x0056 (86)
>> TargetInfo : *
>> TargetInfo: struct AV_PAIR_LIST
>> count : 0x00000005 (5)
>> pair: ARRAY(5)
>> pair: struct AV_PAIR
>> AvId : MsvAvNbDomainName (0x2)
>> AvLen : 0x0004 (4)
>> Value : union
>> ntlmssp_AvValue(case 0x2)
>> AvNbDomainName : 'AD'
>> pair: struct AV_PAIR
>> AvId : MsvAvNbComputerName
>> (0x1)
>> AvLen : 0x0006 (6)
>> Value : union
>> ntlmssp_AvValue(case 0x1)
>> AvNbComputerName : 'DC2'
>> pair: struct AV_PAIR
>> AvId : MsvAvDnsDomainName
>> (0x4)
>> AvLen : 0x0018 (24)
>> Value : union
>> ntlmssp_AvValue(case 0x4)
>> AvDnsDomainName : 'ad.dilken.eu'
>> pair: struct AV_PAIR
>> AvId :
>> MsvAvDnsComputerName (0x3)
>> AvLen : 0x0020 (32)
>> Value : union
>> ntlmssp_AvValue(case 0x3)
>> AvDnsComputerName : 'dc2.ad.dilken.eu'
>> pair: struct AV_PAIR
>> AvId : MsvAvEOL (0x0)
>> AvLen : 0x0000 (0)
>> Value : union
>> ntlmssp_AvValue(case 0x0)
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x60898215
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_NTLM2
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x60088215
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_NTLM2
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> Bus error (Speicherabzug geschrieben)
>>
>> The final result is the same as above.
>>
>> Greetings,
>>
>> Roman
>
> It looks like it cannot find a DC.
>
> You never did say what you are trying to join to, Samba 4 AD server, windows AD server or what ?
>
> What does /etc.resolv.conf point to ??
>
> Is it your AD DC server ?
>
> Rowland
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
More information about the samba
mailing list