[Samba] Samba AD member lost domain join after reboot
Alexis RIES
alexis.ries at kinaxia.fr
Tue Jun 7 06:31:44 UTC 2016
Hi, here it attached my smb.conf and Winbind debug log after reboot.
My OS is Debian Jessie and has a fixed ip.
Thank you
On 06/06/2016 22:05, Rowland penny wrote:
> On 06/06/16 14:52, Alexis RIES wrote:
>> Hello,
>>
>> After each reboot, my Samba AD member server lost domain join after
>> reboot, I have to re-enter the server in the domain with the "net ads
>> join -U administrator".
>>
>> I use version 4.4.3 of samba.
>> The domain controller is a Samba AD server.
>>
>> After reboot, when I exectute "net ads testjoin" I have:
>> kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: failed
>> Preauthentication
>> kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: failed
>> Preauthentication
>> Join to domain is not valid: Logon failure
>>
>> And when I execute "wbinfo -t":
>> checking the trust secret for domain SAMDOM via RPC calls failed
>> wbcCheckTrustCredentials (SAMDOM): error code Was
>> NT_STATUS_USER_SESSION_DELETED (0xc0000203)
>> failed to call wbcCheckTrustCredentials: WBC_ERR_AUTH_ERROR
>> Could not check secret
>>
>> Anyone know this problem?
>> How can I make the domain-join to persist reboots?
>>
>
> Hi, can you post your smb.conf from the domain member.
> What OS ?
> Does the domain member have a fixed ip or does it use DHCP ?
>
> Rowland
>
>
--
k
Alexis RIES
Service informatique
Tel : 04.22.32.97.26
Fax : 04.84.25.27.40
Email : alexis.ries at kinaxia.fr
http://www.kinaxia.fr
-------------- next part --------------
[global]
# Enregistrement des logs
log file=/var/log/samba/samba.log
log level=5
#Informations du domaine
netbios name = SMB2
workgroup = SAMDOM
security = ADS
realm = AD.SAMDOM.LOCAL
encrypt passwords = yes
#On utilise la keytab de kerberos pour authentifier ce serveur
dedicated keytab file = /etc/krb5.keytab
kerberos method = secrets and keytab
#Configuration de Winbind (traduction des users Windows en users UNIX)
winbind refresh tickets = yes
winbind trusted domains only = no
winbind use default domain = yes
winbind enum users = yes
winbind enum groups = yes
#Configuration du cluster
clustering = Yes
ctdbd socket = /usr/local/samba/var/run/ctdb/ctdbd.socket
fileid:mapping = fsid
vfs objects = fileid
#Configuration idmap par defaut pour BUILTIN et comptes locaux/groupes
idmap config *:backend = tdb
idmap config *:range = 2000-9999
#Configuration idmap pour le domaine SAMDOM
idmap config SAMDOM:backend = ad
idmap config SAMDOM:schema_mode = rfc2307
idmap config SAMDOM:range = 10000-99999
#On recupere le login shell et le home depuis l'annuaire
winbind nss info = rfc2307
#ACL Unix et activation des audits de securite
vfs objects = acl_xattr full_audit
map acl inherit = Yes
store dos attributes = Yes
#Configuration des audits de securite
full_audit:prefix = %u|%I|%m|%S
full_audit:success = mkdir rename unlink rmdir write
full_audit:failure = read pread mkdir opendir rmdir telldir
full_audit:facility = local7
full_audit:priority = NOTICE
#Partage personnel des utilisateurs
[home]
path = /home/shares/staff/team
valid users = "@SAMDOM\Domain Users"
admin users = "@SAMDOM\Domain Admins"
read only = no
create mask = 0770
directory mask = 0770
browseable = no
#Dossiers de partages
[apps]
comment = Partage apps
path = /home/shares/apps
valid users = "@SAMDOM\smbapps"
guest ok = no
browseable = yes
writable = yes
create mask = 0770
directory mask = 0770
-------------- next part --------------
root at smb2:/home/adminlocal# winbindd -S -d 9 -i
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Maximum core file size limits now 16777216(soft) -1(hard)
winbindd version 4.4.3 started.
Copyright Andrew Tridgell and the Samba Team 1992-2016
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Processing section "[global]"
doing parameter log file = /var/log/samba/samba.log
doing parameter log level = 5
doing parameter netbios name = SMB2
doing parameter workgroup = SAMDOM
doing parameter security = ADS
doing parameter realm = AD.SAMDOM.LOCAL
doing parameter encrypt passwords = yes
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter clustering = Yes
doing parameter ctdbd socket = /usr/local/samba/var/run/ctdb/ctdbd.socket
doing parameter fileid:mapping = fsid
doing parameter vfs objects = fileid
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config SAMDOM:backend = ad
doing parameter idmap config SAMDOM:schema_mode = rfc2307
doing parameter idmap config SAMDOM:range = 10000-99999
doing parameter winbind nss info = rfc2307
doing parameter vfs objects = acl_xattr full_audit
doing parameter map acl inherit = Yes
doing parameter store dos attributes = Yes
doing parameter full_audit:prefix = %u|%I|%m|%S
doing parameter full_audit:success = mkdir rename unlink rmdir write
doing parameter full_audit:failure = read pread mkdir opendir rmdir telldir
doing parameter full_audit:facility = local7
doing parameter full_audit:priority = NOTICE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Maximum core file size limits now 16777216(soft) -1(hard)
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Processing section "[global]"
doing parameter log file = /var/log/samba/samba.log
doing parameter log level = 5
doing parameter netbios name = SMB2
doing parameter workgroup = SAMDOM
doing parameter security = ADS
doing parameter realm = AD.SAMDOM.LOCAL
doing parameter encrypt passwords = yes
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter winbind refresh tickets = yes
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter clustering = Yes
doing parameter ctdbd socket = /usr/local/samba/var/run/ctdb/ctdbd.socket
doing parameter fileid:mapping = fsid
doing parameter vfs objects = fileid
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config SAMDOM:backend = ad
doing parameter idmap config SAMDOM:schema_mode = rfc2307
doing parameter idmap config SAMDOM:range = 10000-99999
doing parameter winbind nss info = rfc2307
doing parameter vfs objects = acl_xattr full_audit
doing parameter map acl inherit = Yes
doing parameter store dos attributes = Yes
doing parameter full_audit:prefix = %u|%I|%m|%S
doing parameter full_audit:success = mkdir rename unlink rmdir write
doing parameter full_audit:failure = read pread mkdir opendir rmdir telldir
doing parameter full_audit:facility = local7
doing parameter full_audit:priority = NOTICE
pm_process() returned Yes
lp_servicenumber: couldn't find homes
added interface eth1 ip=10.10.10.2 bcast=10.10.255.255 netmask=255.255.0.0
added interface eth0 ip=192.168.254.4 bcast=192.168.254.255 netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="SMB2"
added interface eth1 ip=10.10.10.2 bcast=10.10.255.255 netmask=255.255.0.0
added interface eth0 ip=192.168.254.4 bcast=192.168.254.255 netmask=255.255.255.0
db_open_ctdb: opened database 'g_lock.tdb' with dbid 0x4d2a432b
db_open_ctdb: opened database 'secrets.tdb' with dbid 0x7132c184
db_open_ctdb: opened database 'netlogon_creds_cli.tdb' with dbid 0x2d608c16
fcntl_lock 13 6 0 1 1
fcntl_lock: Lock call successful
TimeInit: Serverzone is -7200
initialize_winbindd_cache: clearing cache and re-creating with version number 2
db_open_ctdb: opened database 'serverid.tdb' with dbid 0x9ec2a880
check lock order 2 for serverid.tdb
release lock order 2 for serverid.tdb
Registering messaging pointer for type 33 - private_data=(nil)
Registering messaging pointer for type 13 - private_data=(nil)
Registering messaging pointer for type 1028 - private_data=(nil)
Registering messaging pointer for type 1027 - private_data=(nil)
Registering messaging pointer for type 1029 - private_data=(nil)
Registering messaging pointer for type 1036 - private_data=(nil)
Registering messaging pointer for type 1035 - private_data=(nil)
Registering messaging pointer for type 1280 - private_data=(nil)
Registering messaging pointer for type 1032 - private_data=(nil)
Registering messaging pointer for type 1033 - private_data=(nil)
Registering messaging pointer for type 1034 - private_data=(nil)
Registering messaging pointer for type 1 - private_data=(nil)
Overriding messaging pointer for type 1 - private_data=(nil)
check lock order 2 for g_lock.tdb
db_open_ctdb: opened database 'dbwrap_watchers.tdb' with dbid 0x6afb8c09
dbwrap_watch_record_stored: dbwrap_parse_record failed: NT_STATUS_OBJECT_NAME_NOT_FOUND
release lock order 2 for g_lock.tdb
../source3/lib/dbwrap/dbwrap_ctdb.c:346 transaction started on db 0x7132c184
check lock order 2 for g_lock.tdb
release lock order 2 for g_lock.tdb
Added domain BUILTIN (null) S-1-5-32
Added domain SMB2 (null) S-1-5-21-3615789182-3690751189-1119034414
Added domain SAMDOM AD.SAMDOM.LOCAL S-1-5-21-1301114508-1723401605-1384196533
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Deregistering messaging pointer for type 33 - private_data=(nil)
Deregistering messaging pointer for type 13 - private_data=(nil)
Deregistering messaging pointer for type 1028 - private_data=(nil)
Deregistering messaging pointer for type 1027 - private_data=(nil)
Deregistering messaging pointer for type 1029 - private_data=(nil)
Deregistering messaging pointer for type 1280 - private_data=(nil)
Deregistering messaging pointer for type 1033 - private_data=(nil)
Deregistering messaging pointer for type 1 - private_data=(nil)
Deregistering messaging pointer for type 1036 - private_data=(nil)
Deregistering messaging pointer for type 1035 - private_data=(nil)
Registering messaging pointer for type 1028 - private_data=(nil)
Registering messaging pointer for type 1027 - private_data=(nil)
Registering messaging pointer for type 1280 - private_data=(nil)
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 1034 - private_data=(nil)
Overriding messaging pointer for type 1034 - private_data=(nil)
child daemon request 51
connection_ok: Connection to (null) for domain SAMDOM is not connected
Opening cache file at /usr/local/samba/var/cache/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
saf_fetch: Returning "dc2.ad.SAMDOM.local" for "SAMDOM" domain
check_negative_conn_cache returning result 0 for domain SAMDOM server dc2.ad.SAMDOM.local
check_negative_conn_cache returning result 0 for domain SAMDOM server dc2.ad.SAMDOM.local
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
Connecting to 192.168.254.2 at port 445
Module 'tombstone_reanimate' is disabled. Skip registration.ldb_wrap open of secrets.ldb
connecting to dc2.ad.SAMDOM.local from SMB2 with kerberos principal [SMB2$@AD.SAMDOM.LOCAL] and realm [AD.SAMDOM.LOCAL]
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server principal=cifs/dc2.ad.SAMDOM.local at AD.SAMDOM.LOCAL
Kinit for SMB2$@AD.SAMDOM.LOCAL to access cifs/dc2.ad.SAMDOM.local at AD.SAMDOM.LOCAL failed: Preauthentication failed
SPNEGO login failed: Preauthentication failed
failed kerberos session setup with NT_STATUS_LOGON_FAILURE
connecting to dc2.ad.SAMDOM.local from SMB2 using NTLMSSP with username [SAMDOM]\[SMB2$]
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
cm_get_ipc_userpass: No auth-user defined
cm_get_ipc_userpass: No auth-user defined
check_negative_conn_cache returning result 0 for domain SAMDOM server dc2.ad.SAMDOM.local
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
Connecting to 192.168.254.2 at port 445
ldb_wrap open of secrets.ldb
connecting to dc2.ad.SAMDOM.local from SMB2 with kerberos principal [SMB2$@AD.SAMDOM.LOCAL] and realm [AD.SAMDOM.LOCAL]
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server principal=cifs/dc2.ad.SAMDOM.local at AD.SAMDOM.LOCAL
Kinit for SMB2$@AD.SAMDOM.LOCAL to access cifs/dc2.ad.SAMDOM.local at AD.SAMDOM.LOCAL failed: Preauthentication failed
SPNEGO login failed: Preauthentication failed
failed kerberos session setup with NT_STATUS_LOGON_FAILURE
connecting to dc2.ad.SAMDOM.local from SMB2 using NTLMSSP with username [SAMDOM]\[SMB2$]
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
cm_get_ipc_userpass: No auth-user defined
cm_get_ipc_userpass: No auth-user defined
check_negative_conn_cache returning result 0 for domain SAMDOM server dc2.ad.SAMDOM.local
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
Connecting to 192.168.254.2 at port 445
ldb_wrap open of secrets.ldb
connecting to dc2.ad.SAMDOM.local from SMB2 with kerberos principal [SMB2$@AD.SAMDOM.LOCAL] and realm [AD.SAMDOM.LOCAL]
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server principal=cifs/dc2.ad.SAMDOM.local at AD.SAMDOM.LOCAL
Kinit for SMB2$@AD.SAMDOM.LOCAL to access cifs/dc2.ad.SAMDOM.local at AD.SAMDOM.LOCAL failed: Preauthentication failed
SPNEGO login failed: Preauthentication failed
failed kerberos session setup with NT_STATUS_LOGON_FAILURE
connecting to dc2.ad.SAMDOM.local from SMB2 using NTLMSSP with username [SAMDOM]\[SMB2$]
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
cm_get_ipc_userpass: No auth-user defined
cm_get_ipc_userpass: No auth-user defined
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
winbindd_dual_init_connection: SAMDOM returning without initialization online = 1
Finished processing child request 51
child daemon request 20
[ 7503]: list trusted domains
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
get_cache: Setting ADS methods for domain SAMDOM
ads: trusted_domains
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
ldb_wrap open of secrets.ldb
db_open_ctdb: opened database 'g_lock.tdb' with dbid 0x4d2a432b
rpccli_setup_netlogon_creds: failed to open noauth netlogon connection to dc2.ad.SAMDOM.local - NT_STATUS_USER_SESSION_DELETED
rpccli_setup_netlogon_creds failed for SAMDOM, unable to setup NETLOGON credentials: NT_STATUS_USER_SESSION_DELETED
trusted_domains: Could not open a connection to SAMDOM for PIPE_NETLOGON (NT_STATUS_USER_SESSION_DELETED)
ads: trusted_domains
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
ldb_wrap open of secrets.ldb
db_open_ctdb: opened database 'g_lock.tdb' with dbid 0x4d2a432b
ndr_pull_error(11): Pull bytes 4 (../librpc/ndr/ndr_basic.c:152)
rpccli_setup_netlogon_creds: failed to open noauth netlogon connection to dc2.ad.SAMDOM.local - NT_STATUS_USER_SESSION_DELETED
rpccli_setup_netlogon_creds failed for SAMDOM, unable to setup NETLOGON credentials: NT_STATUS_USER_SESSION_DELETED
trusted_domains: Could not open a connection to SAMDOM for PIPE_NETLOGON (NT_STATUS_USER_SESSION_DELETED)
winbindd_dual_list_trusted_domains: trusted_domains returned NT_STATUS_UNSUCCESSFUL
Finished processing child request 20
trustdom_list_done: Could not receive trustdoms
accepted socket 26
[ 7575]: request interface version (version = 27)
[ 7575]: request location of privileged pipe
accepted socket 28
closing socket 26, client exited
closing socket 28, client exited
Registering messaging pointer for type 1030 - private_data=(nil)
Registering messaging pointer for type 1031 - private_data=(nil)
Deregistering messaging pointer for type 33 - private_data=(nil)
Deregistering messaging pointer for type 13 - private_data=(nil)
Deregistering messaging pointer for type 1028 - private_data=(nil)
Deregistering messaging pointer for type 1027 - private_data=(nil)
Deregistering messaging pointer for type 1029 - private_data=(nil)
Deregistering messaging pointer for type 1280 - private_data=(nil)
Deregistering messaging pointer for type 1033 - private_data=(nil)
Deregistering messaging pointer for type 1 - private_data=(nil)
Deregistering messaging pointer for type 1036 - private_data=(nil)
Deregistering messaging pointer for type 1035 - private_data=(nil)
Opening cache file at /usr/local/samba/var/cache/gencache.tdb
Opening cache file at /usr/local/samba/var/lock/gencache_notrans.tdb
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
ads_dc_name: domain=SAMDOM
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
resolve_and_ping_dns: (cldap) looking for realm 'AD.SAMDOM.LOCAL'
get_sorted_dc_list: attempting lookup for name AD.SAMDOM.LOCAL (sitename Default-First-Site-Name)
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
name AD.SAMDOM.LOCAL#1C found.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:389 192.168.254.1:389
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
ads_try_connect: sending CLDAP request to 192.168.254.2 (realm: AD.SAMDOM.LOCAL)
Successfully contacted LDAP server 192.168.254.2
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf.SAMDOM with realm AD.SAMDOM.LOCAL KDC list = kdc = 192.168.254.2
kdc = 192.168.254.1
ads_dc_name: using server='DC2.AD.SAMDOM.LOCAL' IP=192.168.254.2
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
get_sorted_dc_list: attempting lookup for name AD.SAMDOM.LOCAL (sitename Default-First-Site-Name)
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
name AD.SAMDOM.LOCAL#1C found.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:389 192.168.254.1:389
check_negative_conn_cache returning result 0 for domain SAMDOM server 192.168.254.2
check_negative_conn_cache returning result 0 for domain SAMDOM server 192.168.254.1
get_sorted_dc_list: attempting lookup for name AD.SAMDOM.LOCAL (sitename NULL)
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
name AD.SAMDOM.LOCAL#1C found.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:389 192.168.254.1:389
check_negative_conn_cache returning result 0 for domain SAMDOM server 192.168.254.2
check_negative_conn_cache returning result 0 for domain SAMDOM server 192.168.254.1
msg_try_to_go_online: received for domain SAMDOM.
msg_try_to_go_online: domain SAMDOM already online.
Already reaped child 7696 died
accepted socket 26
[ 7698]: request interface version (version = 27)
[ 7698]: request location of privileged pipe
accepted socket 28
closing socket 26, client exited
getgroups tunnelssh
child daemon request 59
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
ads: fetch sequence_number for SAMDOM
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
ads_dc_name: domain=SAMDOM
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
resolve_and_ping_dns: (cldap) looking for realm 'AD.SAMDOM.LOCAL'
get_sorted_dc_list: attempting lookup for name AD.SAMDOM.LOCAL (sitename Default-First-Site-Name)
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
name AD.SAMDOM.LOCAL#1C found.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:389 192.168.254.1:389
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
ads_try_connect: sending CLDAP request to 192.168.254.2 (realm: AD.SAMDOM.LOCAL)
Successfully contacted LDAP server 192.168.254.2
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf.SAMDOM with realm AD.SAMDOM.LOCAL KDC list = kdc = 192.168.254.2
kdc = 192.168.254.1
ads_dc_name: using server='DC2.AD.SAMDOM.LOCAL' IP=192.168.254.2
ads_find_dc: (ldap) looking for realm 'AD.SAMDOM.LOCAL' and falling back to domain 'SAMDOM'
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
ads_dc_name: domain=SAMDOM
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
resolve_and_ping_dns: (cldap) looking for realm 'AD.SAMDOM.LOCAL'
get_sorted_dc_list: attempting lookup for name AD.SAMDOM.LOCAL (sitename Default-First-Site-Name)
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
name AD.SAMDOM.LOCAL#1C found.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:389 192.168.254.1:389
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
ads_try_connect: sending CLDAP request to 192.168.254.2 (realm: AD.SAMDOM.LOCAL)
Successfully contacted LDAP server 192.168.254.2
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf.SAMDOM with realm AD.SAMDOM.LOCAL KDC list = kdc = 192.168.254.2
kdc = 192.168.254.1
ads_dc_name: using server='DC2.AD.SAMDOM.LOCAL' IP=192.168.254.2
ads_try_connect: sending CLDAP request to 192.168.254.2 (realm: AD.SAMDOM.LOCAL)
Successfully contacted LDAP server 192.168.254.2
Connected to LDAP server dc2.ad.SAMDOM.local
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: Preauthentication failed
ads_connect for domain SAMDOM failed: Preauthentication failed
ads: fetch sequence_number for SAMDOM
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
ads_dc_name: domain=SAMDOM
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
resolve_and_ping_dns: (cldap) looking for realm 'AD.SAMDOM.LOCAL'
get_sorted_dc_list: attempting lookup for name AD.SAMDOM.LOCAL (sitename Default-First-Site-Name)
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
name AD.SAMDOM.LOCAL#1C found.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:389 192.168.254.1:389
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
ads_try_connect: sending CLDAP request to 192.168.254.2 (realm: AD.SAMDOM.LOCAL)
Successfully contacted LDAP server 192.168.254.2
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf.SAMDOM with realm AD.SAMDOM.LOCAL KDC list = kdc = 192.168.254.2
kdc = 192.168.254.1
ads_dc_name: using server='DC2.AD.SAMDOM.LOCAL' IP=192.168.254.2
ads_find_dc: (ldap) looking for realm 'AD.SAMDOM.LOCAL' and falling back to domain 'SAMDOM'
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
ads_dc_name: domain=SAMDOM
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
resolve_and_ping_dns: (cldap) looking for realm 'AD.SAMDOM.LOCAL'
get_sorted_dc_list: attempting lookup for name AD.SAMDOM.LOCAL (sitename Default-First-Site-Name)
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
name AD.SAMDOM.LOCAL#1C found.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:389 192.168.254.1:389
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
ads_try_connect: sending CLDAP request to 192.168.254.2 (realm: AD.SAMDOM.LOCAL)
Successfully contacted LDAP server 192.168.254.2
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
saf_fetch[join]: Returning "dc2.ad.SAMDOM.local" for "AD.SAMDOM.LOCAL" domain
get_dc_list: preferred server list: "dc2.ad.SAMDOM.local, *"
resolve_ads: Attempting to resolve KDCs for AD.SAMDOM.LOCAL using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
Adding 2 DC's from auto lookup
sitename_fetch: Returning sitename for AD.SAMDOM.LOCAL: "Default-First-Site-Name"
name dc2.ad.SAMDOM.local#20 found.
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.1
check_negative_conn_cache returning result 0 for domain AD.SAMDOM.LOCAL server 192.168.254.2
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.254.2:88 192.168.254.1:88
create_local_private_krb5_conf_for_domain: wrote file /usr/local/samba/var/lock/smb_krb5/krb5.conf.SAMDOM with realm AD.SAMDOM.LOCAL KDC list = kdc = 192.168.254.2
kdc = 192.168.254.1
ads_dc_name: using server='DC2.AD.SAMDOM.LOCAL' IP=192.168.254.2
ads_try_connect: sending CLDAP request to 192.168.254.2 (realm: AD.SAMDOM.LOCAL)
Successfully contacted LDAP server 192.168.254.2
Connected to LDAP server dc2.ad.SAMDOM.local
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gss_acquire_creds failed for GSS_C_NO_NAME with [ No credentials were supplied, or the credentials were unavailable or inaccessible.: unknown mech-code 0 for mech 1 2 840 113554 1 2 2] -the caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
kerberos_kinit_password SMB2$@AD.SAMDOM.LOCAL failed: Preauthentication failed
ads_connect for domain SAMDOM failed: Preauthentication failed
set_dc_type_and_flags_connect: domain SAMDOM
set_dc_type_and_flags_connect: Could not bind to PI_DSSETUP on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
set_dc_type_and_flags_connect: Could not bind to PI_LSARPC on domain SAMDOM: (NT_STATUS_USER_SESSION_DELETED)
Finished processing child request 59
Could not convert sid S-0-0: NT_STATUS_UNSUCCESSFUL
accepted socket 26
[ 7700]: request interface version (version = 27)
[ 7700]: request location of privileged pipe
accepted socket 29
closing socket 26, client exited
getgroups tunnelssh
Could not convert sid S-0-0: NT_STATUS_UNSUCCESSFUL
closing socket 29, client exited
closing socket 28, client exited
accepted socket 26
[ 7769]: request interface version (version = 27)
[ 7769]: request location of privileged pipe
accepted socket 28
closing socket 26, client exited
closing socket 28, client exited
More information about the samba
mailing list