[Samba] samba 4.7.6-Ubuntu + ipv6 not work bind9-DLZ

spiderslack spiderslack at yahoo.com.br
Mon Sep 10 20:10:19 UTC 2018


Em 10-09-2018 10:43, Rowland Penny via samba escreveu:
> On Mon, 10 Sep 2018 09:56:46 -0400
> spiderslack via samba <samba at lists.samba.org> wrote:
>
>> Hi, all
>>
>>
>> I trying setting domain samba with bind9-DLZ. I followed the tutorial
>> https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller,
>> but not work. see the tests bellow
>>
>>
>> ricardobarbosa at isadora:~$ bash tools/testSambaRecords.sh
>> Host _ldap._tcp.freewaynet.corp not found: 3(NXDOMAIN)
>> Host _kerberos._udp.freewaynet.corp not found: 3(NXDOMAIN)
>> Host agamenon.freewaynet.corp not found: 3(NXDOMAIN)
>> ricardobarbosa at isadora:~$
>>
>> following link to troubleshooting
>>
>>
>> ------------------------ inicio -------------------------------
>> root at agamenon:~# ps axf | egrep "samba|smbd|winbind"
>>    1283 pts/0    S+     0:00  |                   \_ samba -i
>>    1284 pts/0    S+     0:00  |                       \_ samba -i
>>    1290 pts/0    S+     0:00  |                       |   \_ samba -i
>>    1291 ?        Ss     0:00  |                       |       \_
>> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>> --log-stdout
>>    1305 ?        S      0:00  |                       |           \_
>> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>> --log-stdout
>>    1306 ?        S      0:00  |                       |           \_
>> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>> --log-stdout
>>    1307 ?        S      0:00  |                       |           \_
>> /usr/sbin/smbd -D --option=server role check:inhibit=yes --foreground
>> --log-stdout
>>    1285 pts/0    S+     0:00  |                       \_ samba -i
>>    1286 pts/0    S+     0:00  |                       \_ samba -i
>>    1287 pts/0    S+     0:00  |                       \_ samba -i
>>    1288 pts/0    S+     0:00  |                       \_ samba -i
>>    1289 pts/0    S+     0:00  |                       \_ samba -i
>>    1292 pts/0    S+     0:00  |                       \_ samba -i
>>    1293 pts/0    S+     0:00  |                       \_ samba -i
>>    1295 pts/0    S+     0:00  |                       \_ samba -i
>>    1297 pts/0    S+     0:00  |                       \_ samba -i
>>    1298 pts/0    S+     0:00  |                       \_ samba -i
>> ------------------------------------------------------------
>>
>>
> Hmm, you have grepped for 'winbind' but it isn't showing, have you
> installed the winbind package ?
>
> Rowland
>
Hi, thanks for answering.


I did not install winbind because i figured it was installed along with 
samba. in smb.conf until it has a reference to winbind


-----------------------------

         server role = active directory domain controller
         server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, 
drepl, winbindd, ntp_signd, kcc, dnsupdate

-----------------------------


I need install winbind?


But when join the workstation the domain, i get followed:


-----------------------------------

The following error ocurred attempting to join the domain An internal 
error occurred

-----------------------------------


I debug the process samba with command "samba -i -d 4" i get followed error:


----------------------------------------------------------------------


added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= 
netmask=ffff:ffff:ffff:ffff::
added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 
netmask=255.255.255.0
added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= 
netmask=ffff:ffff:ffff:ffff::
added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 
netmask=255.255.255.0
added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= 
netmask=ffff:ffff:ffff:ffff::
added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 
netmask=255.255.255.0
added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= 
netmask=ffff:ffff:ffff:ffff::
added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 
netmask=255.255.255.0
added interface ens32 ip=2001:db8:3:0:20c:29ff:fecb:5299 bcast= 
netmask=ffff:ffff:ffff:ffff::
added interface ens32 ip=192.168.1.252 bcast=192.168.1.255 
netmask=255.255.255.0
Kerberos: AS-REQ Administrator at freewaynet.corp from 
ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61477 for 
krbtgt/freewaynet.corp at freewaynet.corp
Kerberos: Client sent patypes: 128
Kerberos: Looking for PKINIT pa-data -- Administrator at freewaynet.corp
Kerberos: Looking for ENC-TS pa-data -- Administrator at freewaynet.corp
Kerberos: No preauth found, returning PREAUTH-REQUIRED -- 
Administrator at freewaynet.corp
Terminating connection - 'kdc_tcp_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() 
- NT_STATUS_CONNECTION_DISCONNECTED]
Kerberos: AS-REQ Administrator at freewaynet.corp from 
ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61478 for 
krbtgt/freewaynet.corp at freewaynet.corp
Kerberos: Client sent patypes: encrypted-timestamp, 128
Kerberos: Looking for PKINIT pa-data -- Administrator at freewaynet.corp
Kerberos: Looking for ENC-TS pa-data -- Administrator at freewaynet.corp
Kerberos: ENC-TS Pre-authentication succeeded -- 
Administrator at freewaynet.corp using aes256-cts-hmac-sha1-96
Auth: [Kerberos KDC,ENC-TS Pre-authentication] user 
[(null)]\[Administrator at freewaynet.corp] at [Mon, 10 Sep 2018 
14:42:38.918181 UTC] with [aes256-cts-hmac-sha1-96] status 
[NT_STATUS_OK] workstation [(null)] remote host 
[ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61478] became 
[FREEWAYNET]\[Administrator] 
[S-1-5-21-1615479121-2557752159-4193559781-500]. local host [NULL]
JSON Authentication: {"timestamp": "2018-09-10T14:42:38.918341+0000", 
"type": "Authentication", "Authentication": {"version": {"major": 1, 
"minor": 0}, "status": "NT_STATUS_OK", "localAddress": "NULL", 
"remoteAddress": "ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61478", 
"serviceDescription": "Kerberos KDC", "authDescription": "ENC-TS 
Pre-authentication", "clientDomain": null, "clientAccount": 
"Administrator at freewaynet.corp", "workstation": null, "becameAccount": 
"Administrator", "becameDomain": "FREEWAYNET", "becameSid": 
"S-1-5-21-1615479121-2557752159-4193559781-500", "mappedAccount": 
"Administrator", "mappedDomain": "FREEWAYNET", "netlogonComputer": null, 
"netlogonTrustAccount": null, "netlogonNegotiateFlags": "0x00000000", 
"netlogonSecureChannelType": 0, "netlogonTrustAccountSid": "(NULL SID)", 
"passwordType": "aes256-cts-hmac-sha1-96"}}
get_auth_event_server: Failed to find 'auth_event' registered on the 
message bus to send JSON authentication events to: 
NT_STATUS_OBJECT_NAME_NOT_FOUND
authsam_account_ok: Checking SMB password for user 
Administrator at freewaynet.corp
Kerberos: AS-REQ authtime: 2018-09-10T14:42:38 starttime: unset endtime: 
2018-09-11T00:42:38 renew till: 2018-09-17T14:42:38
Kerberos: Client supported enctypes: aes256-cts-hmac-sha1-96, 
aes128-cts-hmac-sha1-96, arcfour-hmac-md5, 24, -135, des-cbc-md5, using 
aes256-cts-hmac-sha1-96/aes256-cts-hmac-sha1-96
Kerberos: Requested flags: renewable-ok, canonicalize, renewable, 
forwardable
Terminating connection - 'kdc_tcp_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() 
- NT_STATUS_CONNECTION_DISCONNECTED]
Kerberos: TGS-REQ Administrator at FREEWAYNET.CORP from 
ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61479 for 
cifs/agamenon.freewaynet.corp at FREEWAYNET.CORP [canonicalize, renewable, 
forwardable]
Kerberos: TGS-REQ authtime: 2018-09-10T14:42:38 starttime: 
2018-09-10T14:42:38 endtime: 2018-09-11T00:42:38 renew till: 
2018-09-17T14:42:38
Terminating connection - 'kdc_tcp_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() 
- NT_STATUS_CONNECTION_DISCONNECTED]
Kerberos: TGS-REQ Administrator at FREEWAYNET.CORP from 
ipv6:2001:db8:3:0:57c:a284:973d:9b5f:61480 for 
krbtgt/FREEWAYNET.CORP at FREEWAYNET.CORP [renewable-ok, canonicalize, 
renewable, forwarded, forwardable]
Kerberos: TGS-REQ authtime: 2018-09-10T14:42:38 starttime: 
2018-09-10T14:42:38 endtime: 2018-09-11T00:42:38 renew till: 
2018-09-17T14:42:38
Terminating connection - 'kdc_tcp_call_loop: 
tstream_read_pdu_blob_recv() - NT_STATUS_CONNECTION_DISCONNECTED'
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv() 
- NT_STATUS_CONNECTION_DISCONNECTED]


----------------------------------------------------------------------

Any idea?




More information about the samba mailing list