[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
Miso Rapajić
misorapajic at gmail.com
Thu May 26 10:41:02 UTC 2016
Can you give me output of testparm and samba service
I had some problems and reverted to 4.4.2
On May 26, 2016 12:34, "Nico Speelman" <nico at speelmanrobben.nl> wrote:
> Try to ping from client to server with its hostname. Sounds like dns
> problem.
>
> ping server
>
> Then try to ping its ip address.
>
> Then try to add server address to host file.
>
> Ex
>
> 192.168.8.30 server.example.com server
>
> Best
>
> M
>
> On May 26, 2016 12:02, "Nico Speelman" <nico at speelmanrobben.nl> wrote:
>
> Hello,
>
> I've been trying to add a new server to my Samba 4 Active directory, but
> I've been failing so far. I'm running the command "net ads join -k" and it
> fails with "Failed to join domain: failed to lookup DC info for domain '<
> EXAMPLE.COM>' over rpc: The object name is not found." The answers I
> found so far imply a problem with the RPC service, but this seems to be
> running as the output of "netstat -plane | grep 135" suggests. I was unable
> to find any hint to the problems origin in my samba logs, but the output of
> "net ads join -k -d10" shows a lot more information. Unfortunately I am
> unable to filter through this all. I hope anyone is able to point me in the
> direction of a solution.
>
> My domain controller and client are running Debian testing with samba
> 4.4.3.
>
> Thank in advance,
> Nico Speelman
>
> output of "netstat -plane | grep 135" on the domain controllers:
> tcp 0 0 10.0.0.2:135 0.0.0.0:*
> LISTEN 0 96682 8639/samba
> tcp 0 0 127.0.0.1:135 0.0.0.0:*
> LISTEN 0 96679 8639/samba
> tcp6 0 0 2001:980:7912:1::2:135 :::*
> LISTEN 0 96681 8639/samba
> tcp6 0 0 ::1:135 :::*
> LISTEN 0 96680 8639/samba
>
> output of "net ads join -k -d10" on the client:
> Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>'
> over rpc: The object name is not found.
>
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> tevent: 10
> lp_load_ex: refreshing parameters
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> tevent: 10
> Processing section "[global]"
> doing parameter security = ADS
> doing parameter workgroup = <EXAMPLE>
> doing parameter realm = <example.com>
> doing parameter log file = /var/log/samba/%m.log
> doing parameter kerberos method = secrets and keytab
> doing parameter client signing = yes
> doing parameter client use spnego = yes
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> messaging_dgm_ref: messaging_dgm_init returned Success
> messaging_dgm_ref: unique = 18102182485556212140
> Registering messaging pointer for type 2 - private_data=(nil)
> Registering messaging pointer for type 9 - private_data=(nil)
> Registered MSG_REQ_POOL_USAGE
> Registering messaging pointer for type 11 - private_data=(nil)
> Registering messaging pointer for type 12 - private_data=(nil)
> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> Registering messaging pointer for type 1 - private_data=(nil)
> Registering messaging pointer for type 5 - private_data=(nil)
> lp_load_ex: refreshing parameters
> Freeing parametrics:
> Initialising global parameters
> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> INFO: Current debug levels:
> all: 10
> tdb: 10
> printdrivers: 10
> lanman: 10
> smb: 10
> rpc_parse: 10
> rpc_srv: 10
> rpc_cli: 10
> passdb: 10
> sam: 10
> auth: 10
> winbind: 10
> vfs: 10
> idmap: 10
> quota: 10
> acls: 10
> locking: 10
> msdfs: 10
> dmapi: 10
> registry: 10
> scavenger: 10
> dns: 10
> ldb: 10
> tevent: 10
> Processing section "[global]"
> doing parameter security = ADS
> doing parameter workgroup = <EXAMPLE>
> doing parameter realm = <example.com>
> doing parameter log file = /var/log/samba/%m.log
> doing parameter kerberos method = secrets and keytab
> doing parameter client signing = yes
> doing parameter client use spnego = yes
> pm_process() returned Yes
> lp_servicenumber: couldn't find homes
> Netbios name list:-
> my_netbios_names[0]="HESTIA"
> added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff::
> added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> in: struct libnet_JoinCtx
> dc_name : NULL
> machine_name : 'HESTIA'
> domain_name : *
> domain_name : '<EXAMPLE.COM>'
> domain_name_type : JoinDomNameTypeDNS (1)
> account_ou : NULL
> admin_account : 'root'
> admin_domain : NULL
> machine_password : NULL
> join_flags : 0x00000023 (35)
> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> os_version : NULL
> os_name : NULL
> os_servicepack : NULL
> create_upn : 0x00 (0)
> upn : NULL
> modify_config : 0x00 (0)
> ads : NULL
> debug : 0x01 (1)
> use_kerberos : 0x01 (1)
> secure_channel_type : SEC_CHAN_WKSTA (2)
> desired_encryption_types : 0x0000001f (31)
> Opening cache file at /var/cache/samba/gencache.tdb
> Opening cache file at /var/run/samba/gencache_notrans.tdb
> sitename_fetch: Returning sitename for <EXAMPLE.COM>:
> "Default-First-Site-Name"
> dsgetdcname_internal: domain_name: <EXAMPLE.COM>, domain_guid: (null),
> site_name: Default-First-Site-Name, flags: 0x40021011
> debug_dsdcinfo_flags: 0x40021011
> DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED
> DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME
> dsgetdcname_rediscover
> ads_dns_lookup_srv: 2 records returned in the answer section.
> ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 389]
> ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 389]
> LDAP ping to hera.<example.com> (10.0.0.3)
> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> sbz : 0x0000 (0)
> server_type : 0x000013fc (5116)
> 0: NBT_SERVER_PDC
> 1: NBT_SERVER_GC
> 1: NBT_SERVER_LDAP
> 1: NBT_SERVER_DS
> 1: NBT_SERVER_KDC
> 1: NBT_SERVER_TIMESERV
> 1: NBT_SERVER_CLOSEST
> 1: NBT_SERVER_WRITABLE
> 1: NBT_SERVER_GOOD_TIMESERV
> 0: NBT_SERVER_NDNC
> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> 0: NBT_SERVER_ADS_WEB_SERVICE
> 0: NBT_SERVER_DS_8
> 0: NBT_SERVER_HAS_DNS_NAME
> 0: NBT_SERVER_IS_DEFAULT_NC
> 0: NBT_SERVER_FOREST_ROOT
> domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
> forest : '<example.com>'
> dns_domain : '<example.com>'
> pdc_dns_name : 'hera.<example.com>'
> domain_name : '<EXAMPLE>'
> pdc_name : 'HERA'
> user_name : ''
> server_site : 'Default-First-Site-Name'
> client_site : 'Default-First-Site-Name'
> sockaddr_size : 0x00 (0)
> sockaddr: struct nbt_sockaddr
> sockaddr_family : 0x00000000 (0)
> pdc_ip : (null)
> remaining : DATA_BLOB length=0
> next_closest_site : NULL
> nt_version : 0x00000005 (5)
> 1: NETLOGON_NT_VERSION_1
> 0: NETLOGON_NT_VERSION_5
> 1: NETLOGON_NT_VERSION_5EX
> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> 0: NETLOGON_NT_VERSION_PDC
> 0: NETLOGON_NT_VERSION_IP
> 0: NETLOGON_NT_VERSION_LOCAL
> 0: NETLOGON_NT_VERSION_GC
> lmnt_token : 0xffff (65535)
> lm20_token : 0xffff (65535)
> Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do
> mei 26 08:31:50 2016 CEST] (900 seconds ahead)
> sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name],
> expire = [2085923199]
> Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got it
> Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM>] and
> timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead)
> sitename_store: realm = [<example.com>], sitename =
> [Default-First-Site-Name], expire = [2085923199]
> Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM>, we already got
> it
> create_local_private_krb5_conf_for_domain: fname =
> /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <EXAMPLE.COM>, domain =
> .JOIN
> saf_fetch: failed to find server for "<EXAMPLE.COM>" domain
> get_dc_list: preferred server list: ", *"
> internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename
> Default-First-Site-Name)
> resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS
> ads_dns_lookup_srv: 2 records returned in the answer section.
> ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88]
> ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88]
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88
> <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88
> 10.0.0.2:88
> Adding 6 DC's from auto lookup
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <hera_ipv6_#1>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <hera_ipv6_#2>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server 10.0.0.3
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <zeus_ipv6_#1>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <zeus_ipv6_#2>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server 10.0.0.2
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> get_dc_list: returning 6 ip addresses in an ordered list
> get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88
> <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88
> got 6 addresses from site Default-First-Site-Name search
> saf_fetch: failed to find server for "<EXAMPLE.COM>" domain
> get_dc_list: preferred server list: ", *"
> internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename (null))
> resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS
> ads_dns_lookup_srv: 2 records returned in the answer section.
> ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88]
> ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88]
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88
> <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88
> 10.0.0.2:88
> Adding 6 DC's from auto lookup
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <hera_ipv6_#1>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <hera_ipv6_#2>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server 10.0.0.3
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <zeus_ipv6_#1>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server <zeus_ipv6_#2>
> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
> server 10.0.0.2
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> get_dc_list: returning 6 ip addresses in an ordered list
> get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88
> <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88
> got 6 addresses from site-less search
> 5 additional KDCs to test
> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> sbz : 0x0000 (0)
> server_type : 0x000013fc (5116)
> 0: NBT_SERVER_PDC
> 1: NBT_SERVER_GC
> 1: NBT_SERVER_LDAP
> 1: NBT_SERVER_DS
> 1: NBT_SERVER_KDC
> 1: NBT_SERVER_TIMESERV
> 1: NBT_SERVER_CLOSEST
> 1: NBT_SERVER_WRITABLE
> 1: NBT_SERVER_GOOD_TIMESERV
> 0: NBT_SERVER_NDNC
> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> 0: NBT_SERVER_ADS_WEB_SERVICE
> 0: NBT_SERVER_DS_8
> 0: NBT_SERVER_HAS_DNS_NAME
> 0: NBT_SERVER_IS_DEFAULT_NC
> 0: NBT_SERVER_FOREST_ROOT
> domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
> forest : '<example.com>'
> dns_domain : '<example.com>'
> pdc_dns_name : 'zeus.<example.com>'
> domain_name : '<EXAMPLE>'
> pdc_name : 'ZEUS'
> user_name : ''
> server_site : 'Default-First-Site-Name'
> client_site : 'Default-First-Site-Name'
> sockaddr_size : 0x00 (0)
> sockaddr: struct nbt_sockaddr
> sockaddr_family : 0x00000000 (0)
> pdc_ip : (null)
> remaining : DATA_BLOB length=0
> next_closest_site : NULL
> nt_version : 0x00000005 (5)
> 1: NETLOGON_NT_VERSION_1
> 0: NETLOGON_NT_VERSION_5
> 1: NETLOGON_NT_VERSION_5EX
> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> 0: NETLOGON_NT_VERSION_PDC
> 0: NETLOGON_NT_VERSION_IP
> 0: NETLOGON_NT_VERSION_LOCAL
> 0: NETLOGON_NT_VERSION_GC
> lmnt_token : 0xffff (65535)
> lm20_token : 0xffff (65535)
> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> sbz : 0x0000 (0)
> server_type : 0x000013fc (5116)
> 0: NBT_SERVER_PDC
> 1: NBT_SERVER_GC
> 1: NBT_SERVER_LDAP
> 1: NBT_SERVER_DS
> 1: NBT_SERVER_KDC
> 1: NBT_SERVER_TIMESERV
> 1: NBT_SERVER_CLOSEST
> 1: NBT_SERVER_WRITABLE
> 1: NBT_SERVER_GOOD_TIMESERV
> 0: NBT_SERVER_NDNC
> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> 0: NBT_SERVER_ADS_WEB_SERVICE
> 0: NBT_SERVER_DS_8
> 0: NBT_SERVER_HAS_DNS_NAME
> 0: NBT_SERVER_IS_DEFAULT_NC
> 0: NBT_SERVER_FOREST_ROOT
> domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
> forest : '<example.com>'
> dns_domain : '<example.com>'
> pdc_dns_name : 'hera.<example.com>'
> domain_name : '<EXAMPLE>'
> pdc_name : 'HERA'
> user_name : ''
> server_site : 'Default-First-Site-Name'
> client_site : 'Default-First-Site-Name'
> sockaddr_size : 0x00 (0)
> sockaddr: struct nbt_sockaddr
> sockaddr_family : 0x00000000 (0)
> pdc_ip : (null)
> remaining : DATA_BLOB length=0
> next_closest_site : NULL
> nt_version : 0x00000005 (5)
> 1: NETLOGON_NT_VERSION_1
> 0: NETLOGON_NT_VERSION_5
> 1: NETLOGON_NT_VERSION_5EX
> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> 0: NETLOGON_NT_VERSION_PDC
> 0: NETLOGON_NT_VERSION_IP
> 0: NETLOGON_NT_VERSION_LOCAL
> 0: NETLOGON_NT_VERSION_GC
> lmnt_token : 0xffff (65535)
> lm20_token : 0xffff (65535)
> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
> command : LOGON_SAM_LOGON_RESPONSE_EX (23)
> sbz : 0x0000 (0)
> server_type : 0x000013fc (5116)
> 0: NBT_SERVER_PDC
> 1: NBT_SERVER_GC
> 1: NBT_SERVER_LDAP
> 1: NBT_SERVER_DS
> 1: NBT_SERVER_KDC
> 1: NBT_SERVER_TIMESERV
> 1: NBT_SERVER_CLOSEST
> 1: NBT_SERVER_WRITABLE
> 1: NBT_SERVER_GOOD_TIMESERV
> 0: NBT_SERVER_NDNC
> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
> 1: NBT_SERVER_FULL_SECRET_DOMAIN_6
> 0: NBT_SERVER_ADS_WEB_SERVICE
> 0: NBT_SERVER_DS_8
> 0: NBT_SERVER_HAS_DNS_NAME
> 0: NBT_SERVER_IS_DEFAULT_NC
> 0: NBT_SERVER_FOREST_ROOT
> domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
> forest : '<example.com>'
> dns_domain : '<example.com>'
> pdc_dns_name : 'zeus.<example.com>'
> domain_name : '<EXAMPLE>'
> pdc_name : 'ZEUS'
> user_name : ''
> server_site : 'Default-First-Site-Name'
> client_site : 'Default-First-Site-Name'
> sockaddr_size : 0x00 (0)
> sockaddr: struct nbt_sockaddr
> sockaddr_family : 0x00000000 (0)
> pdc_ip : (null)
> remaining : DATA_BLOB length=0
> next_closest_site : NULL
> nt_version : 0x00000005 (5)
> 1: NETLOGON_NT_VERSION_1
> 0: NETLOGON_NT_VERSION_5
> 1: NETLOGON_NT_VERSION_5EX
> 0: NETLOGON_NT_VERSION_5EX_WITH_IP
> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
> 0: NETLOGON_NT_VERSION_PDC
> 0: NETLOGON_NT_VERSION_IP
> 0: NETLOGON_NT_VERSION_LOCAL
> 0: NETLOGON_NT_VERSION_GC
> lmnt_token : 0xffff (65535)
> lm20_token : 0xffff (65535)
> get_kdc_ip_string: Returning kdc = 10.0.0.3
> kdc = 10.0.0.2
> kdc = [<hera_ipv6_#1>]:88
> kdc = [<zeus_ipv6_#1>]:88
>
> create_local_private_krb5_conf_for_domain: wrote file
> /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM> KDC list
> = kdc = 10.0.0.3
> kdc = 10.0.0.2
> kdc = [<hera_ipv6_#1>]:88
> kdc = [<zeus_ipv6_#1>]:88
>
> sitename_fetch: Returning sitename for <EXAMPLE.COM>:
> "Default-First-Site-Name"
> internal_resolve_name: looking up hera.<example.com>#20 (sitename
> Default-First-Site-Name)
> Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do
> jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past)
> no entry for hera.<example.com>#20 found.
> resolve_hosts: Attempting host lookup for name hera.<example.com><0x20>
> remove_duplicate_addrs2: looking for duplicate address/port pairs
> namecache_store: storing 3 addresses for hera.<example.com>#20:
> [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3
> Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do
> mei 26 08:27:51 2016 CEST] (660 seconds ahead)
> internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0
> <hera_ipv6_#2>:0 10.0.0.3:0
> Connecting to <hera_ipv6_#1> at port 445
> Socket options:
> SO_KEEPALIVE = 0
> SO_REUSEADDR = 0
> SO_BROADCAST = 0
> TCP_NODELAY = 1
> TCP_KEEPCNT = 9
> TCP_KEEPIDLE = 7200
> TCP_KEEPINTVL = 75
> IPTOS_LOWDELAY = 0
> IPTOS_THROUGHPUT = 0
> SO_REUSEPORT = 0
> SO_SNDBUF = 87040
> SO_RCVBUF = 368000
> SO_SNDLOWAT = 1
> SO_RCVLOWAT = 1
> SO_SNDTIMEO = 0
> SO_RCVTIMEO = 0
> TCP_QUICKACK = 1
> TCP_DEFER_ACCEPT = 0
> Doing spnego session setup (blob length=96)
> got OID=1.2.840.48018.1.2.2
> got OID=1.2.840.113554.1.2.2
> got OID=1.3.6.1.4.1.311.2.2.10
> got principal=not_defined_in_RFC4178 at please_ignore
> cli_session_setup_spnego: using target hostname not SPNEGO principal
> cli_session_setup_spnego: guessed server principal=cifs/hera.<example.com
> >@<EXAMPLE.COM>
> GENSEC backend 'gssapi_spnego' registered
> GENSEC backend 'gssapi_krb5' registered
> GENSEC backend 'gssapi_krb5_sasl' registered
> GENSEC backend 'spnego' registered
> GENSEC backend 'schannel' registered
> GENSEC backend 'naclrpc_as_system' registered
> GENSEC backend 'sasl-EXTERNAL' registered
> GENSEC backend 'ntlmssp' registered
> GENSEC backend 'ntlmssp_resume_ccache' registered
> GENSEC backend 'http_basic' registered
> GENSEC backend 'http_ntlm' registered
> GENSEC backend 'krb5' registered
> GENSEC backend 'fake_gssapi_krb5' registered
> Starting GENSEC mechanism spnego
> Starting GENSEC submechanism gse_krb5
> SPNEGO login failed: The object name is not found.
> libnet_Join:
> libnet_JoinCtx: struct libnet_JoinCtx
> out: struct libnet_JoinCtx
> account_name : NULL
> netbios_domain_name : NULL
> dns_domain_name : NULL
> forest_name : NULL
> dn : NULL
> domain_sid : NULL
> domain_sid : (NULL SID)
> modified_config : 0x00 (0)
> error_string : 'failed to lookup DC info for
> domain '<EXAMPLE.COM>' over rpc: The object name is not found.'
> domain_is_ad : 0x00 (0)
> set_encryption_types : 0x00000000 (0)
> result : WERR_BADFILE
> return code = -1
> msg_dgm_ref_destructor: refs=(nil)
>
> HERA smb.conf:
> [global]
> workgroup = SPEELMANROBBEN
> realm = speelmanrobben.nl
> netbios name = HERA
> server role = active directory domain controller
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
>
> [netlogon]
> path = /mnt/netlogon
> read only = No
> guest ok = Yes
>
> [sysvol]
> path = /var/lib/samba/sysvol
> read only = No
>
> ZEUS smb.conf:
> [global]
> workgroup = SPEELMANROBBEN
> realm = speelmanrobben.nl
> netbios name = ZEUS
> server string = %h PDC (Debian Testing, Samba4)
> interfaces = 127.0.0.0/8, ::1/128, eth0, lo
> bind interfaces only = Yes
> server role = active directory domain controller
> map to guest = Bad User
> private dir = /var/lib/samba/private
> pam password change = Yes
> unix password sync = Yes
> syslog = 0
> log file = /var/log/samba/log.samba
> max log size = 1000
> logon path =
> domain logons = Yes
> preferred master = Yes
> domain master = Yes
> dns proxy = No
> lock directory = /var/lib/samba/
> state directory = /var/lib/samba/state
> cache directory = /var/cache/samba
> usershare allow guests = Yes
> panic action = /usr/share/samba/panic-action %d
> server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
> winbind, ntp_signd, kcc, dnsupdate
> idmap_ldb:use rfc2307 = yes
> idmap config * : backend = tdb
> invalid users = root
> admin users = administrator
> tls enabled = yes
> tls keyfile = tls/sambakey.pem
> tls certfile = tls/zeus.<example.com>.crt
> tls cafile = /etc/ssl/certs/cacert.pem
>
> [netlogon]
> comment = Network Logon Service
> path = /mnt/netlogon
> read only = No
> guest ok = Yes
>
> [sysvol]
> comment = System Volume
> path = /var/lib/samba/state/sysvol
> read only = No
> guest ok = Yes
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
>
>
> This is probably not a DNS issue, because I can ping both Domain
> controllers with their hostname and ip addresses. See below.
>
>
>
> root at hestia:~# ping -c4 zeus.<example.com>
>
> PING zeus.<example.com>(zeus.<example.com> (<zeus_ipv6>)) 56 data bytes
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=1 ttl=255
> time=0.255 ms
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=2 ttl=255
> time=0.470 ms
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=3 ttl=255
> time=0.448 ms
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=4 ttl=255
> time=0.632 ms
>
>
>
> --- zeus.<example.com> ping statistics ---
>
> 4 packets transmitted, 4 received, 0% packet loss, time 3000ms
>
> rtt min/avg/max/mdev = 0.255/0.451/0.632/0.134 ms
>
> root at hestia:~# ping -c4 hera.<example.com>
>
> PING hera.<example.com>(hera.<example.com> (<hera_ipv6>)) 56 data bytes
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=1 ttl=255
> time=0.295 ms
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=2 ttl=255
> time=0.513 ms
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=3 ttl=255
> time=0.423 ms
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=4 ttl=255
> time=0.414 ms
>
>
>
> --- <zeus_ipv6> ping statistics ---
>
> 7 packets transmitted, 7 received, 0% packet loss, time 5999ms
>
> rtt min/avg/max/mdev = 0.273/0.418/0.572/0.089 ms
>
> root at hestia:~# ping -c4 <zeus_ipv6>
>
> PING <zeus_ipv6>(<zeus_ipv6>) 56 data bytes
>
> 64 bytes from <zeus_ipv6>: icmp_seq=1 ttl=255 time=0.442 ms
>
> 64 bytes from <zeus_ipv6>: icmp_seq=2 ttl=255 time=0.435 ms
>
> 64 bytes from <zeus_ipv6>: icmp_seq=3 ttl=255 time=0.434 ms
>
> 64 bytes from <zeus_ipv6>: icmp_seq=4 ttl=255 time=0.426 ms
>
>
>
> --- <zeus_ipv6> ping statistics ---
>
> 4 packets transmitted, 4 received, 0% packet loss, time 2999ms
>
> rtt min/avg/max/mdev = 0.426/0.434/0.442/0.015 ms
>
> root at hestia:~# ping -c4 <hera_ipv6>
>
> PING <hera_ipv6>(<hera_ipv6>) 56 data bytes
>
> 64 bytes from <hera_ipv6>: icmp_seq=1 ttl=255 time=0.301 ms
>
> 64 bytes from <hera_ipv6>: icmp_seq=2 ttl=255 time=0.441 ms
>
> 64 bytes from <hera_ipv6>: icmp_seq=3 ttl=255 time=0.334 ms
>
> 64 bytes from <hera_ipv6>: icmp_seq=4 ttl=255 time=0.458 ms
>
>
>
> --- <hera_ipv6> ping statistics ---
>
> 4 packets transmitted, 4 received, 0% packet loss, time 2997ms
>
> rtt min/avg/max/mdev = 0.301/0.383/0.458/0.070 ms
>
> root at hestia:~# ping -c4 zeus
>
> PING zeus(zeus.<example.com> (<zeus_ipv6>)) 56 data bytes
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=1 ttl=255
> time=0.443 ms
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=2 ttl=255
> time=0.443 ms
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=3 ttl=255
> time=0.405 ms
>
> 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=4 ttl=255
> time=0.381 ms
>
>
>
> --- zeus ping statistics ---
>
> 4 packets transmitted, 4 received, 0% packet loss, time 2999ms
>
> rtt min/avg/max/mdev = 0.381/0.418/0.443/0.026 ms
>
> root at hestia:~# ping -c4 hera
>
> PING hera(hera.<example.com> (<hera_ipv6>)) 56 data bytes
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=1 ttl=255
> time=0.263 ms
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=2 ttl=255
> time=0.549 ms
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=3 ttl=255
> time=0.370 ms
>
> 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=4 ttl=255
> time=0.422 ms
>
>
>
> --- hera ping statistics ---
>
> 4 packets transmitted, 4 received, 0% packet loss, time 3001ms
>
> rtt min/avg/max/mdev = 0.263/0.401/0.549/0.102 ms
>
>
>
> root at hestia:~# ping -c4 -4 hera
>
> PING hera.<example.com> (10.0.0.3) 56(84) bytes of data.
>
> 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=1 ttl=64 time=0.291
> ms
>
> 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=2 ttl=64 time=0.524
> ms
>
> 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=3 ttl=64 time=0.451
> ms
>
> 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=4 ttl=64 time=0.477
> ms
>
>
>
> --- hera.<example.com> ping statistics ---
>
> 4 packets transmitted, 4 received, 0% packet loss, time 3001ms
>
> rtt min/avg/max/mdev = 0.291/0.435/0.524/0.091 ms
>
> root at hestia:~# ping -c4 -4 zeus
>
> PING zeus.<example.com> (10.0.0.2) 56(84) bytes of data.
>
> 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=1 ttl=64 time=0.300
> ms
>
> 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=2 ttl=64 time=0.396
> ms
>
> 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=3 ttl=64 time=0.469
> ms
>
> 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=4 ttl=64 time=0.461
> ms
>
>
>
More information about the samba
mailing list