[Samba] Samba 4.17 Cannot join Win7 clients to domain
Davor Vusir
davortvusir at gmail.com
Tue May 19 10:13:09 MDT 2015
Timo Altun skrev den 2015-05-19 08:12:
> Hi Davor,
>
> thanks for the answer. They were actually part of a NT4 domain called
> mayweg.net <http://mayweg.net> (the new realm name). But I did join
> workgroup "WORKGROUP" before I tried to join the new domain.
> If it's possible that they're sending the information the wrong way
> because they were part of a workgroup named after the new realm, is
> there any way to clear the old data (apart from a new install)?
>
> Greetings,
> Timo
>
Hi Timo!
I'm not sure. Was all the accountnames you mentioned earlier accounts of
the NT4-domain and recreated in the new domain? It's possible that part
of the (old) domain info is also present in the NTUSER.DAT*-files and is
reused. Try join the new domain with a fresh account that was not
present in the old domain or delete a profile and try again.
Regards
Davor
> On 18 May 2015 at 17:49, Davor Vusir <davortvusir at gmail.com
> <mailto:davortvusir at gmail.com>> wrote:
>
> Hi Timo!
>
> Timo Altun skrev den 2015-05-16 17:29:
>
> >
> > Hi,
> >
> > I encountered a strange problem...some of my windows machines
> cannot be
> > joined to an Samba 4.17 AD domain (8 of ~90 clients). These are
> 7 Win7
> > clients and one WinXP client.
> > The message I receive in windows is: "Logon failure: unknown
> user name or
> > bad password".
> > All other Win7 and XP machines could be joined...the same OS
> image has
> been
> > used to install both the machines that could be joined and those
> that
> > couldn't.
> >
> > The AD DC is on Debian Jessie with Samba 4.17 from debian
> sources. Win 7
> > clients are Win7 Ultimate SP1, XP is SP3.
> >
> > If I'm interpreting the logs correctly, it seems the clients are
> trying to
> > join as anonymous, even though I enter the administrators account
> > information. I tried using workgroup and realm name, and other
> domain
> admin
> > accounts to join the computers, but get the same error over and
> over.
> >
> > Does somebody have a hint where to look? I'd of course like to avoid
> > reinstalling these machines.
> > I attached the smb.conf and the log file of a Win7 PC while I
> was trying
> to
> > join.
>
> Maybe the computers are already joined to a workgroup named
> MAYWEG and
> sendning the authentication request the "wrong" way..? :-)
>
> [2015/05/16 17:04:23.085136, 3]
> ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
> auth_check_password_send: Checking password for unmapped user
> []\[]@[PC65]
> auth_check_password_send: mapped user is: [MAYWEG]\[]@[PC65]
>
> >
> > Greetings,
> > Timo
> >
> > *smb.conf:*
> > # Global parameters
> > [global]
> > workgroup = MAYWEG
> > realm = MAYWEG.NET <http://MAYWEG.NET>
> > netbios name = SERVER27
> > interfaces = lo, eth0
> > bind interfaces only = Yes
> > server role = active directory domain controller
> > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc,
> drepl, winbind,
> > ntp_signd, kcc, dnsupdate
> > idmap_ldb:use rfc2307 = yes
> >
> > log file = /var/log/samba/log.%m
> > log level = 3
> > max log size = 1000
> >
> > [netlogon]
> > path = /var/lib/samba/sysvol/mayweg.net/scripts
> <http://mayweg.net/scripts>
> > read only = No
> >
> > [sysvol]
> > path = /var/lib/samba/sysvol
> > read only = No
> >
> >
> > *Samba-log of a Win7 machine while trying to join:*
> > [2015/05/16 17:04:22.607986, 3]
> ../source3/lib/access.c:338(allow_access)
> > Allowed connection from 192.168.111.236 (192.168.111.236)
> > [2015/05/16 17:04:22.608616, 3]
> ../source3/smbd/oplock.c:873(init_oplocks)
> > init_oplocks: initializing messages.
> > [2015/05/16 17:04:22.609217, 3]
> ../source3/smbd/process.c:1802(process_smb)
> > Transaction 0 of length 159 (0 toread)
> > [2015/05/16 17:04:22.609385, 3]
> > ../source3/smbd/process.c:1405(switch_message)
> > switch message SMBnegprot (pid 4587) conn 0x0
> > [2015/05/16 17:04:22.611816, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [PC NETWORK PROGRAM 1.0]
> > [2015/05/16 17:04:22.612015, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [LANMAN1.0]
> > [2015/05/16 17:04:22.612176, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [Windows for Workgroups 3.1a]
> > [2015/05/16 17:04:22.612272, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [LM1.2X002]
> > [2015/05/16 17:04:22.612397, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [LANMAN2.1]
> > [2015/05/16 17:04:22.612520, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [NT LM 0.12]
> > [2015/05/16 17:04:22.612643, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [SMB 2.002]
> > [2015/05/16 17:04:22.612989, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [SMB 2.???]
> > [2015/05/16 17:04:22.613738, 3]
> >
> ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
> > Selected protocol SMB2_FF
> > [2015/05/16 17:04:22.622803, 2]
> > ../lib/util/modules.c:191(do_smb_load_module)
> > Module 'samba4' loaded
> > [2015/05/16 17:04:22.626230, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_spnego' registered
> > [2015/05/16 17:04:22.626428, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_krb5' registered
> > [2015/05/16 17:04:22.626515, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > [2015/05/16 17:04:22.626591, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'schannel' registered
> > [2015/05/16 17:04:22.626657, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'spnego' registered
> > [2015/05/16 17:04:22.626752, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'ntlmssp' registered
> > [2015/05/16 17:04:22.626841, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'krb5' registered
> > [2015/05/16 17:04:22.626911, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'fake_gssapi_krb5' registered
> > [2015/05/16 17:04:22.632051, 3]
> > ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> > ldb_wrap open of secrets.ldb
> > [2015/05/16 17:04:22.638717, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'sam' registered
> > [2015/05/16 17:04:22.638915, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'sam_ignoredomain' registered
> > [2015/05/16 17:04:22.639031, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'anonymous' registered
> > [2015/05/16 17:04:22.639194, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'winbind' registered
> > [2015/05/16 17:04:22.639277, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'winbind_wbclient' registered
> > [2015/05/16 17:04:22.639379, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'name_to_ntstatus' registered
> > [2015/05/16 17:04:22.639460, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'unix' registered
> > [2015/05/16 17:04:22.662528, 3]
> > ../source3/smbd/negprot.c:672(reply_negprot)
> > Selected protocol SMB 2.???
> > [2015/05/16 17:04:22.663344, 3]
> >
> ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
> > Selected protocol SMB2_10
> > [2015/05/16 17:04:22.664437, 3]
> > ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> > ldb_wrap open of secrets.ldb
> > [2015/05/16 17:04:22.690034, 3]
> > ../source3/smbd/server_exit.c:221(exit_server_common)
> > Server exit (NT_STATUS_CONNECTION_RESET)
> > [2015/05/16 17:04:22.999939, 3]
> ../source3/lib/access.c:338(allow_access)
> > Allowed connection from 192.168.111.236 (192.168.111.236)
> > [2015/05/16 17:04:23.000705, 3]
> ../source3/smbd/oplock.c:873(init_oplocks)
> > init_oplocks: initializing messages.
> > [2015/05/16 17:04:23.001398, 3]
> ../source3/smbd/process.c:1802(process_smb)
> > Transaction 0 of length 108 (0 toread)
> > [2015/05/16 17:04:23.001849, 3]
> >
> ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
> > Selected protocol SMB2_10
> > [2015/05/16 17:04:23.013135, 2]
> > ../lib/util/modules.c:191(do_smb_load_module)
> > Module 'samba4' loaded
> > [2015/05/16 17:04:23.016389, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_spnego' registered
> > [2015/05/16 17:04:23.016571, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_krb5' registered
> > [2015/05/16 17:04:23.016671, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > [2015/05/16 17:04:23.016750, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'schannel' registered
> > [2015/05/16 17:04:23.016882, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'spnego' registered
> > [2015/05/16 17:04:23.016985, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'ntlmssp' registered
> > [2015/05/16 17:04:23.017066, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'krb5' registered
> > [2015/05/16 17:04:23.017156, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'fake_gssapi_krb5' registered
> > [2015/05/16 17:04:23.022258, 3]
> > ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> > ldb_wrap open of secrets.ldb
> > [2015/05/16 17:04:23.028125, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'sam' registered
> > [2015/05/16 17:04:23.028321, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'sam_ignoredomain' registered
> > [2015/05/16 17:04:23.028421, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'anonymous' registered
> > [2015/05/16 17:04:23.028499, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'winbind' registered
> > [2015/05/16 17:04:23.028593, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'winbind_wbclient' registered
> > [2015/05/16 17:04:23.028677, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'name_to_ntstatus' registered
> > [2015/05/16 17:04:23.028774, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'unix' registered
> > [2015/05/16 17:04:23.054566, 3]
> > ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> > ldb_wrap open of secrets.ldb
> > [2015/05/16 17:04:23.082930, 3]
> > ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
> > Got NTLMSSP neg_flags=0xe2088297
> > [2015/05/16 17:04:23.084961, 3]
> > ../auth/ntlmssp/ntlmssp_server.c:358(ntlmssp_server_preauth)
> > Got user=[] domain=[] workstation=[PC65] len1=1 len2=0
> > [2015/05/16 17:04:23.085136, 3]
> > ../source4/auth/ntlm/auth.c:270(auth_check_password_send)
> > auth_check_password_send: Checking password for unmapped user
> []\[]@[PC65]
> > auth_check_password_send: mapped user is: [MAYWEG]\[]@[PC65]
> > [2015/05/16 17:04:23.085396, 3]
> > ../auth/ntlmssp/ntlmssp_sign.c:547(ntlmssp_sign_init)
> > NTLMSSP Sign/Seal - Initialising with flags:
> > [2015/05/16 17:04:23.085480, 3]
> > ../auth/ntlmssp/ntlmssp_util.c:34(debug_ntlmssp_flags)
> > Got NTLMSSP neg_flags=0xe2088215
> > [2015/05/16 17:04:23.089748, 3]
> ../source3/lib/access.c:338(allow_access)
> > Allowed connection from 192.168.111.236 (192.168.111.236)
> > [2015/05/16 17:04:23.090331, 3]
> > ../source3/smbd/service.c:612(make_connection_snum)
> > Connect path is '/tmp' for service [IPC$]
> > [2015/05/16 17:04:23.090587, 3]
> ../source3/smbd/vfs.c:113(vfs_init_default)
> > Initialising default vfs hooks
> > [2015/05/16 17:04:23.090745, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> > Initialising custom vfs hooks from [/[Default VFS]/]
> > [2015/05/16 17:04:23.090851, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> > Initialising custom vfs hooks from [acl_xattr]
> > [2015/05/16 17:04:23.095703, 2]
> > ../lib/util/modules.c:191(do_smb_load_module)
> > Module 'acl_xattr' loaded
> > [2015/05/16 17:04:23.095910, 3]
> ../source3/smbd/vfs.c:139(vfs_init_custom)
> > Initialising custom vfs hooks from [dfs_samba4]
> > [2015/05/16 17:04:23.100971, 2]
> > ../lib/util/modules.c:191(do_smb_load_module)
> > Module 'dfs_samba4' loaded
> > [2015/05/16 17:04:23.101172, 2]
> > ../source3/modules/vfs_acl_xattr.c:193(connect_acl_xattr)
> > connect_acl_xattr: setting 'inherit acls = true' 'dos filemode
> = true'
> > and 'force unknown acl user = true' for service IPC$
> > [2015/05/16 17:04:23.109088, 3]
> > ../source3/smbd/service.c:856(make_connection_snum)
> > 192.168.111.236 (ipv4:192.168.111.236:1174
> <http://192.168.111.236:1174>) connect to service IPC$
> > initially as user NT AUTHORITY\ANONYMOUS LOGON (uid=65534,
> gid=3000008)
> > (pid 4588)
> > [2015/05/16 17:04:31.383878, 3]
> ../source3/smbd/service.c:1130(close_cnum)
> > 192.168.111.236 (ipv4:192.168.111.236:1174
> <http://192.168.111.236:1174>) closed connection to service
> > IPC$
> > [2015/05/16 17:04:31.387550, 3]
> > ../source3/smbd/server_exit.c:221(exit_server_common)
> > Server exit (NT_STATUS_CONNECTION_RESET)
> > [2015/05/16 17:04:31.704078, 3]
> ../source3/lib/access.c:338(allow_access)
> > Allowed connection from 192.168.111.236 (192.168.111.236)
> > [2015/05/16 17:04:31.704942, 3]
> ../source3/smbd/oplock.c:873(init_oplocks)
> > init_oplocks: initializing messages.
> > [2015/05/16 17:04:31.705594, 3]
> ../source3/smbd/process.c:1802(process_smb)
> > Transaction 0 of length 159 (0 toread)
> > [2015/05/16 17:04:31.705775, 3]
> > ../source3/smbd/process.c:1405(switch_message)
> > switch message SMBnegprot (pid 4589) conn 0x0
> > [2015/05/16 17:04:31.708376, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [PC NETWORK PROGRAM 1.0]
> > [2015/05/16 17:04:31.708616, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [LANMAN1.0]
> > [2015/05/16 17:04:31.708763, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [Windows for Workgroups 3.1a]
> > [2015/05/16 17:04:31.708887, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [LM1.2X002]
> > [2015/05/16 17:04:31.709044, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [LANMAN2.1]
> > [2015/05/16 17:04:31.709181, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [NT LM 0.12]
> > [2015/05/16 17:04:31.709309, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [SMB 2.002]
> > [2015/05/16 17:04:31.709438, 3]
> > ../source3/smbd/negprot.c:564(reply_negprot)
> > Requested protocol [SMB 2.???]
> > [2015/05/16 17:04:31.710062, 3]
> >
> ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
> > Selected protocol SMB2_FF
> > [2015/05/16 17:04:31.719910, 2]
> > ../lib/util/modules.c:191(do_smb_load_module)
> > Module 'samba4' loaded
> > [2015/05/16 17:04:31.723681, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_spnego' registered
> > [2015/05/16 17:04:31.723880, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_krb5' registered
> > [2015/05/16 17:04:31.723978, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > [2015/05/16 17:04:31.724079, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'schannel' registered
> > [2015/05/16 17:04:31.724173, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'spnego' registered
> > [2015/05/16 17:04:31.724263, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'ntlmssp' registered
> > [2015/05/16 17:04:31.724360, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'krb5' registered
> > [2015/05/16 17:04:31.724449, 3]
> > ../auth/gensec/gensec_start.c:870(gensec_register)
> > GENSEC backend 'fake_gssapi_krb5' registered
> > [2015/05/16 17:04:31.730008, 3]
> > ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> > ldb_wrap open of secrets.ldb
> > [2015/05/16 17:04:31.736065, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'sam' registered
> > [2015/05/16 17:04:31.736216, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'sam_ignoredomain' registered
> > [2015/05/16 17:04:31.736307, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'anonymous' registered
> > [2015/05/16 17:04:31.736427, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'winbind' registered
> > [2015/05/16 17:04:31.736491, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'winbind_wbclient' registered
> > [2015/05/16 17:04:31.736576, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'name_to_ntstatus' registered
> > [2015/05/16 17:04:31.736668, 3]
> > ../source4/auth/ntlm/auth.c:673(auth_register)
> > AUTH backend 'unix' registered
> > [2015/05/16 17:04:31.757056, 3]
> > ../source3/smbd/negprot.c:672(reply_negprot)
> > Selected protocol SMB 2.???
> > [2015/05/16 17:04:31.757823, 3]
> >
> ../source3/smbd/smb2_negprot.c:243(smbd_smb2_request_process_negprot)
> > Selected protocol SMB2_10
> > [2015/05/16 17:04:31.759042, 3]
> > ../lib/ldb-samba/ldb_wrap.c:320(ldb_wrap_connect)
> > ldb_wrap open of secrets.ldb
> > [2015/05/16 17:04:31.786446, 3]
> > ../source3/smbd/server_exit.c:221(exit_server_common)
> > Server exit (NT_STATUS_CONNECTION_RESET)
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
More information about the samba
mailing list