[Samba] unable to join a SAMBA linux box to MSWindows 2012 AD

tsmafts tsmafts at afts.com
Sun May 31 17:53:01 MDT 2015 

 

Linux debian1 3.2.0-4-686-pae #1 SMP Debian 3.2.68-1+deb7u1 i686
GNU/Linux
it is serving as file server for a few windows pcs in a satellite
office.
I am trying to join the machine to a AD Domain in our main office.
tried[b] net join -U duper%5HaveLefT -d5[/b]

debug results:[code]INFO: Current debug levels:
 all: 5
 tdb: 5
 printdrivers: 5
 lanman: 5
 smb: 5
 rpc_parse: 5
 rpc_srv: 5
 rpc_cli: 5
 passdb: 5
 sam: 5
 auth: 5
 winbind: 5
 vfs: 5
 idmap: 5
 quota: 5
 acls: 5
 locking: 5
 msdfs: 5
 dmapi: 5
 registry: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384)
INFO: Current debug levels:
 all: 5
 tdb: 5
 printdrivers: 5
 lanman: 5
 smb: 5
 rpc_parse: 5
 rpc_srv: 5
 rpc_cli: 5
 passdb: 5
 sam: 5
 auth: 5
 winbind: 5
 vfs: 5
 idmap: 5
 quota: 5
 acls: 5
 locking: 5
 msdfs: 5
 dmapi: 5
 registry: 5
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
doing parameter idmap gid = 16777216-33554431
WARNING: The "idmap gid" option is deprecated
doing parameter passwd chat = *New*password* %nn *ReType*new*password*
%nn *passwd*changed*n
doing parameter obey pam restrictions = yes
doing parameter preserve case = yes
doing parameter delete user from group script = /usr/sbin/userdel '%u'
'%g'
doing parameter time server = no
doing parameter dns proxy = no
doing parameter netbios name = CCSOO
handle_netbios_name: set global_myname to: CCSOO
doing parameter cups options = raw
doing parameter printing = lprng
doing parameter idmap uid = 16777216-33554431
WARNING: The "idmap uid" option is deprecated
doing parameter disable netbios = no
doing parameter logon script = %G.bat
doing parameter winbind refresh tickets = no
doing parameter security = ADS
doing parameter machine password timeout = 120
doing parameter add machine script = /usr/sbin/useradd -d /dev/null -g
sambamachines -c 'Samba Machine Account' -s /dev/null -M '%u'
doing parameter short preserve case = yes
doing parameter delete user script = /usr/sbin/userdel '%u'
doing parameter server schannel = no
doing parameter max log size = 1000
doing parameter winbind nss info = no
doing parameter log file = /var/log/samba/samba.log
doing parameter printer = Aficio-MP-4500
doing parameter load printers = yes
doing parameter guest account = smbguest
doing parameter passwd chat timeout = 120
doing parameter delete group script = /usr/sbin/groupdel '%g'
doing parameter username level = 6
doing parameter socket options = TCP_NODELAY SO_RCVBUF=8192
SO_SNDBUF=8192
doing parameter wins server = 192.168.1.218
doing parameter client use spnego = no
doing parameter follow symlinks = no
doing parameter null passwords = no
WARNING: The "null passwords" option is deprecated
doing parameter domain master = no
doing parameter winbind trusted domains only = yes
doing parameter winbind use default domain = yes
doing parameter passdb backend = tdbsam
doing parameter template shell = /dev/null
doing parameter client plaintext auth = no
doing parameter bind interfaces only = yes
doing parameter pam password change = no
doing parameter enable spoolss = yes
doing parameter domain logons = yes
doing parameter name resolve order = wins lmhosts bcast
doing parameter client signing = yes
doing parameter hostname lookups = no
doing parameter remote browse sync = 192.168.102.255
doing parameter client schannel = no
doing parameter passwd program = /usr/bin/passwd '%u'
doing parameter allow hosts = 127. 192.168.102. 192.168.1.
doing parameter remote announce = 192.168.102.255 192.168.1.255
doing parameter local master = no
doing parameter realm = fask.COM
doing parameter workgroup = fask
doing parameter os level = 33
doing parameter server signing = no
doing parameter printcap name = cups
doing parameter winbind separator = @
doing parameter winbind offline logon = yes
doing parameter allow trusted domains = yes
doing parameter add group script = /usr/sbin/groupadd '%g'
doing parameter nt pipe support = yes
doing parameter add user to group script = /usr/sbin/useradd -d
/dev/null -c 'Samba User Account' -s /dev/null -g '%g' '%u'
doing parameter nt status support = yes
doing parameter logon drive = m:
doing parameter interfaces = 127.0.0.1/8 192.168.102.0/24
doing parameter username map = /etc/samba/smbusers
doing parameter encrypt passwords = yes
doing parameter public = yes
doing parameter logon home = \%Lhomes%u
doing parameter wins proxy = no
doing parameter password level = 6
WARNING: The "password level" option is deprecated
doing parameter server string = Occidentel server
doing parameter winbind nested groups = no
doing parameter unix password sync = yes
doing parameter logon path = \%Lprofiles%u
doing parameter add user script = /usr/sbin/useradd -d /dev/null -c
'Samba User Account' -s /dev/null '%u'
doing parameter preferred master = no
doing parameter winbind cache time = 360
pm_process() returned Yes
Substituting charset 'UTF-8' for LOCALE
Netbios name list:-
my_netbios_names[0]="CCSOO"
interpret_interface: Adding interface 127.0.0.1/8
added interface 127.0.0.1/8 ip=127.0.0.1 bcast=127.255.255.255
netmask=255.0.0.0
interpret_interface: using netmask value 24 from config file on
interface eth0
added interface eth0 ip=192.168.102.251 bcast=192.168.102.255
netmask=255.255.255.0
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Opening cache file at /var/run/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for fask.COM:
"Default-First-Site-Name"
saf_fetch: failed to find server for "fask.COM" domain
get_dc_list: preferred server list: ", *"
name fask.COM#1C found.
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 192.168.1.218:389
ads_try_connect: sending CLDAP request to 192.168.1.218 (realm:
fask.COM)
Successfully contacted LDAP server 192.168.1.218
Invalid configuration. Exiting....
ADS join did not work, falling back to RPC...
name fask#1B found.
namecache_status_fetch: key NBT/fask#1B.20.192.168.1.218 ->
fask-SERVER01
Connecting to host=fask-SERVER01
Connecting to 192.168.1.218 at port 445
Connecting to 192.168.1.218 at port 139
Socket options:
 SO_KEEPALIVE = 0
 SO_REUSEADDR = 0
 SO_BROADCAST = 0
 TCP_NODELAY = 1
 TCP_KEEPCNT = 9
 TCP_KEEPIDLE = 7200
 TCP_KEEPINTVL = 75
 IPTOS_LOWDELAY = 0
 IPTOS_THROUGHPUT = 0
 SO_SNDBUF = 16384
 SO_RCVBUF = 16384
 SO_SNDLOWAT = 1
 SO_RCVLOWAT = 1
 SO_SNDTIMEO = 0
 SO_RCVTIMEO = 0
 TCP_QUICKACK = 1
Substituting charset 'UTF-8' for LOCALE
Bind RPC Pipe: host fask-SERVER01 auth_type 0, auth_level 1
rpc_api_pipe: host fask-SERVER01
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host fask-SERVER01
rpc_read_send: data_to_read: 32
rpc_api_pipe: host fask-SERVER01
rpc_read_send: data_to_read: 80
rpc_api_pipe: host fask-SERVER01
rpc_read_send: data_to_read: 32
Bind RPC Pipe: host fask-SERVER01 auth_type 0, auth_level 1
rpc_api_pipe: host fask-SERVER01
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc command function failed! (NT_STATUS_NOT_SUPPORTED)
name fask#1B found.
namecache_status_fetch: key NBT/fask#1B.20.192.168.1.218 ->
fask-SERVER01
Connecting to host=fask-SERVER01
Connecting to 192.168.1.218 at port 445
Connecting to 192.168.1.218 at port 139
Socket options:
 SO_KEEPALIVE = 0
 SO_REUSEADDR = 0
 SO_BROADCAST = 0
 TCP_NODELAY = 1
 TCP_KEEPCNT = 9
 TCP_KEEPIDLE = 7200
 TCP_KEEPINTVL = 75
 IPTOS_LOWDELAY = 0
 IPTOS_THROUGHPUT = 0
 SO_SNDBUF = 16384
 SO_RCVBUF = 16384
 SO_SNDLOWAT = 1
 SO_RCVLOWAT = 1
 SO_SNDTIMEO = 0
 SO_RCVTIMEO = 0
 TCP_QUICKACK = 1
cli_session_setup: NT1 session setup failed: NT_STATUS_INVALID_PARAMETER
failed session setup with NT_STATUS_INVALID_PARAMETER
Could not connect to server fask-SERVER01
Connection failed: NT_STATUS_INVALID_PARAMETER
return code = 1 [/code]

hmm. so ran [b]net ads lookup dc[/b] and that resulted in:
[code]Information for Domain Controller: 192.168.1.218

Response Type: LOGON_SAM_LOGON_RESPONSE_EX
GUID: 242bf0ef-bb6a-46a3-b220-f709d9bc897a
Flags:
 Is a PDC: yes
 Is a GC of the forest: yes
 Is an LDAP server: yes
 Supports DS: yes
 Is running a KDC: yes
 Is running time services: yes
 Is the closest DC: yes
 Is writable: yes
 Has a hardware clock: yes
 Is a non-domain NC serviced by LDAP server: no
 Is NT6 DC that has some secrets: no
 Is NT6 DC that has all secrets: yes
Forest: fask.com
Domain: fask.com
Domain Controller: fask-SERVER01.fask.com
Pre-Win2k Domain: fask
Pre-Win2k Hostname: fask-SERVER01
Server Site Name : Default-First-Site-Name
Client Site Name : Default-First-Site-Name
NT Version: 5
LMNT Token: ffff
LM20 Token: ffff
 [/code]
and for good measure ran [b]net ads info[/b] which at least gave back an
error of some sort:
[code]Failed to get server's current time!
LDAP server: 192.168.1.218
LDAP server name: fask-SERVER01.fask.com
Realm: fask.COM
Bind Path: dc=fask,dc=COM
LDAP port: 389
Server time: Wed, 31 Dec 1969 16:00:00 PST
KDC server: 192.168.1.218
Server time offset: 0
[/code]
and just to make sure i'm not being really klutzy about this, the User
to be used in the net join is a user on the existing Windows AD that I
want to join that has administrative rights and not the local debian
super user.

Help please, i need to get the Debian machine on the domain so that an
ftp server can use it.

More information about the samba mailing list