[Samba] Possibly WERR_DS_DRA_ACCESS_DENIED or NT_STATUS_CANT_ACCESS_DOMAIN_INFO
James Fowler
fowlerj at adst.org
Thu May 2 15:56:30 UTC 2019
So we have two different Samba servers we are trying to connect to what was
originally a Windows 2003 AD and was raised to 2008R2 (both Forest and
Domain).
(We really only need to connect one of them - the one hosting Samba 4.7.6).
Any ideas or suggestions are helpful! We've scoured the lists (Rowland -
you are amazing), but still not found what is wrong (we think it is
probably a config issue on the Win2k8R2 DC).
Thank you in advance!
James
There is presently a single Windows 2k8R2 domain controller.
Our focus is on Samba 4.7.6 on Ubuntu. We also get the same error with
Samba 4.6.7 on Ubuntu (same smb.conf).
We can connect to all of the necessary ports on the Win2k8R2 DC from both
servers hosting Samba.
Here are details from Samba 4.7.6 join attempt and troubleshooting
*smb.conf:*
[global]
workgroup = DOMAIN1
realm = DOMAIN1.DOMAIN
netbios name = DC1
server string = Zentyal Server
server role = dc
server role check:inhibit = yes
server services = -dns
server signing = auto
dsdb:schema update allowed = yes
ldap server require strong auth = no
drs:max object sync = 3000
idmap_ldb:use rfc2307 = yes
winbind enum users = yes
winbind enum groups = yes
template shell = /bin/bash
template homedir = /home/%U
rpc server dynamic port range = 49152-65535
interfaces = lo,eth1
bind interfaces only = yes
map to guest = Bad User
log level = 3
log file = /var/log/samba/samba.log
max log size = 100000
kerberos method = secrets and keytab
include = /etc/samba/shares.conf
[netlogon]
path = /var/lib/samba/sysvol/DOMAIN1.DOMAIN/scripts
browseable = no
read only = yes
[sysvol]
path = /var/lib/samba/sysvol
read only = no
Output of:
root at DC1:~#* samba-tool domain join DOMAIN1.DOMAIN DC
--username='DOMAIN1\EnterpriseAdminUser' --realm='DOMAIN1.DOMAIN'
--site='Default-First-Site' --server='DC1' --dns-backend=BIND9_DLZ
--workgroup='DOMAIN1' -d 3*
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
resolve_lmhosts: Attempting lmhosts lookup for name DC1<0x20>
Password for [DOMAIN1\EnterpriseAdminUser]:
workgroup is DOMAIN1
realm is DOMAIN1.DOMAIN
Adding CN=DC1,OU=Domain Controllers,DC=DOMAIN1,DC=DOMAIN
Adding
CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Adding CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Using binding ncacn_ip_tcp:DC1[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name DC1<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name DC1<0x20>
Adding SPNs to CN=DC1,OU=Domain Controllers,DC=DOMAIN1,DC=DOMAIN
Setting account password for DC1$
Enabling account
Adding DNS account CN=dns-DC1,CN=Users,DC=DOMAIN1,DC=DOMAIN with dns/ SPN
Setting account password for dns-DC1
Calling bare provision
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
Looking up IPv4 addresses
Looking up IPv6 addresses
No IPv6 address will be assigned
Setting up secrets.ldb
Setting up the registry
ldb_wrap open of hklm.ldb
Setting up the privileges database
Setting up idmap db
Setting up SAM db
Setting up sam.ldb partitions and settings
Setting up sam.ldb rootDSE
Pre-loading the Samba 4 and AD schema
partition_metadata: Migrating partition metadata: open of metadata.tdb
gave: (null)
A Kerberos configuration suitable for Samba AD has been generated at
/var/lib/samba/private/krb5.conf
Provision OK for domain DN DC=DOMAIN1,DC=DOMAIN
Starting replication
Using binding ncacn_ip_tcp:DC1[,seal]
resolve_lmhosts: Attempting lmhosts lookup for name DC1<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name DC1<0x20>
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN]
objects[402/1438] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN]
objects[804/1438] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN]
objects[1206/1438] linked_values[0/0]
Schema-DN[CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN]
objects[1555/1438] linked_values[0/0]
Analyze and apply schema objects
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
754d8904-e4a6-4bd4-b283-49f858a0699b
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
754d8904-e4a6-4bd4-b283-49f858a0699b
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
754d8904-e4a6-4bd4-b283-49f858a0699b
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
754d8904-e4a6-4bd4-b283-49f858a0699b
Discarding older DRS attribute update to objectClass on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to whenCreated on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to dSASignature on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
754d8904-e4a6-4bd4-b283-49f858a0699b
Discarding older DRS attribute update to objectVersion on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to showInAdvancedViewOnly on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to nTSecurityDescriptor on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to name on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to fSMORoleOwner on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to objectCategory on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
8decff98-ae54-4490-a39d-af0976b37fd5
Discarding older DRS attribute update to schemaInfo on
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN from
754d8904-e4a6-4bd4-b283-49f858a0699b
Replicated 1555 objects (0 linked attributes) for
CN=Schema,CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Partition[CN=Configuration,DC=DOMAIN1,DC=DOMAIN] objects[402/3488]
linked_values[0/31]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Partition[CN=Configuration,DC=DOMAIN1,DC=DOMAIN] objects[804/3488]
linked_values[0/31]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Partition[CN=Configuration,DC=DOMAIN1,DC=DOMAIN] objects[1206/3488]
linked_values[0/31]
Replicated 402 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Partition[CN=Configuration,DC=DOMAIN1,DC=DOMAIN] objects[1609/3488]
linked_values[0/31]
Replicated 403 objects (0 linked attributes) for
CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Partition[CN=Configuration,DC=DOMAIN1,DC=DOMAIN] objects[1948/3488]
linked_values[31/31]
Replicated 338 objects (31 linked attributes) for
CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Replicating critical objects from the base DN of the domain
Partition[DC=DOMAIN1,DC=DOMAIN] objects[103/122] linked_values[25/51]
Replicated 103 objects (25 linked attributes) for DC=DOMAIN1,DC=DOMAIN
Partition[DC=DOMAIN1,DC=DOMAIN] objects[462/1310] linked_values[38/51]
Replicated 359 objects (38 linked attributes) for DC=DOMAIN1,DC=DOMAIN
Partition[DC=DOMAIN1,DC=DOMAIN] objects[685/1310] linked_values[12/51]
Replicated 221 objects (12 linked attributes) for DC=DOMAIN1,DC=DOMAIN
Partition[DC=DOMAIN1,DC=DOMAIN] objects[771/1310] linked_values[1/51]
Replicated 84 objects (1 linked attributes) for DC=DOMAIN1,DC=DOMAIN
Done with always replicated NC (base, config, schema)
Replicating DC=DomainDnsZones,DC=DOMAIN1,DC=DOMAIN
Partition[DC=DomainDnsZones,DC=DOMAIN1,DC=DOMAIN] objects[172/31]
linked_values[0/0]
Replicated 172 objects (0 linked attributes) for
DC=DomainDnsZones,DC=DOMAIN1,DC=DOMAIN
Replicating DC=ForestDnsZones,DC=DOMAIN1,DC=DOMAIN
Partition[DC=ForestDnsZones,DC=DOMAIN1,DC=DOMAIN] objects[74/57]
linked_values[0/0]
Replicated 74 objects (0 linked attributes) for
DC=ForestDnsZones,DC=DOMAIN1,DC=DOMAIN
Join failed - cleaning up
ldb_wrap open of secrets.ldb
Could not find machine account in secrets database: Failed to fetch machine
account password for DOMAIN1 from both secrets.ldb (Could not find entry to
match filter: '(&(flatname=DOMAIN1)(objectclass=primaryDomain))' base:
'cn=Primary Domains': No such object: dsdb_search at
../source4/dsdb/common/util.c:4636) and from
/var/lib/samba/private/secrets.tdb: NT_STATUS_CANT_ACCESS_DOMAIN_INFO
Deleted CN=DC1,OU=Domain Controllers,DC=DOMAIN1,DC=DOMAIN
Deleted CN=dns-DC1,CN=Users,DC=DOMAIN1,DC=DOMAIN
Deleted CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN1,DC=DOMAIN
Deleted
CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=DOMAIN1,DC=DOMAIN
ERROR(runtime): uncaught exception - (8453, 'WERR_DS_DRA_ACCESS_DENIED')
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line
176, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 661,
in run
machinepass=machinepass, use_ntvfs=use_ntvfs, dns_backend=dns_backend)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1474, in
join_DC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 1377, in
do_join
ctx.join_replicate()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 961, in
join_replicate
exop=drsuapi.DRSUAPI_EXOP_FSMO_RID_ALLOC)
File "/usr/lib/python2.7/dist-packages/samba/drs_utils.py", line 291, in
replicate
(level, ctr) = self.drs.DsGetNCChanges(self.drs_handle, req_level, req)
tried:
*kinit EnterpriseAdminUser*
(prompted for password)
*klist --list-all*:
root at DC1:/var/lib/samba# klist --list-all
Name Cache name Expires
* EnterpriseAdminUser at DOMAIN1.DOMAIN FILE:/tmp/krb5cc_0 May 2 19:57:20
2019
net getlocalsid:
ldb: dsdb_schema_from_db() failed: 32:No such object: (null)
ldb: dsdb_get_schema: refresh_fn() failed
ldb: schema_load_init: dsdb_get_schema failed
ldb: module schema_load initialization failed : Operations error
ldb: module dsdb_notification initialization failed : Operations error
ldb: module rootdse initialization failed : Operations error
ldb: module samba_dsdb initialization failed : Operations error
ldb: Unable to load modules for /var/lib/samba/private/sam.ldb:
schema_load_init: dsdb_get_schema failed
samdb_connect failed
pdb backend samba_dsdb did not correctly init (error was
NT_STATUS_INTERNAL_ERROR)
WARNING: Could not open passdb
root at DC1:/var/lib/samba# *smbclient -k -L //DC1.DOMAIN1.DOMAIN -d 5*
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
Processing section "[global]"
doing parameter workgroup = DOMAIN1
doing parameter realm = DOMAIN1.DOMAIN
doing parameter netbios name = DC1
doing parameter server string = Zentyal Server
doing parameter server role = dc
doing parameter server role check:inhibit = yes
doing parameter server services = -dns
doing parameter server signing = auto
doing parameter dsdb:schema update allowed = yes
doing parameter ldap server require strong auth = no
doing parameter drs:max object sync = 3000
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter rpc server dynamic port range = 49152-65535
doing parameter interfaces = lo,eth1
doing parameter bind interfaces only = yes
doing parameter map to guest = Bad User
doing parameter log level = 3
doing parameter log file = /var/log/samba/samba.log
doing parameter max log size = 100000
doing parameter kerberos method = secrets and keytab
doing parameter include = /etc/samba/shares.conf
pm_process() returned Yes
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface lo ip=127.0.1.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth1 ip=192.168.1.20 bcast=192.168.1.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="DC1"
Client started (version 4.7.6-Ubuntu).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for realm 'DOMAIN1.DOMAIN'
no entry for DC1.DOMAIN1.DOMAIN#20 found.
resolve_hosts: Attempting host lookup for name DC1.DOMAIN1.DOMAIN<0x20>
namecache_store: storing 1 address for DC1.DOMAIN1.DOMAIN#20: 192.168.1.254
Connecting to 192.168.1.254 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB2_10] against server[DC1.DOMAIN1.DOMAIN]
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
session setup ok
signed SMB2 message
signed SMB2 message
tconx ok
Sharename Type Comment
--------- ---- -------
signed SMB2 message
Bind RPC Pipe: host DC1.DOMAIN1.DOMAIN auth_type 0, auth_level 1
rpc_api_pipe: host DC1.DOMAIN1.DOMAIN
signed SMB2 message
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host DC1.DOMAIN1.DOMAIN
signed SMB2 message
rpc_read_send: data_to_read: 928
ADMIN$ Disk Remote Admin
ADST_Interns Disk
ADST_Staff Disk
C$ Disk Default share
F$ Disk Default share
H$ Disk Default share
IPC$ IPC Remote IPC
NETLOGON Disk Logon server share
Scanner Disk
SYSVOL Disk Logon server share
UserData Disk
UserDirectories$ Disk
signed SMB2 message
signed SMB2 message
Reconnecting with SMB1 for workgroup listing.
sitename_fetch: No stored sitename for realm 'DOMAIN1.DOMAIN'
name DC1.DOMAIN1.DOMAIN#20 found.
E2BIG: convert_string(UTF-8,CP850): srclen=22 destlen=16 -
'DC1.DOMAIN1.DOMAIN'
Connecting to 192.168.1.254 at port 139
Connecting to 192.168.1.254 at port 139
Connection to DC1.DOMAIN1.DOMAIN failed (Error
NT_STATUS_RESOURCE_NAME_NOT_FOUND)
Failed to connect with SMB1 -- no workgroup available
root at DC1:/var/lib/samba# *smbclient -k -L //DC1 -d 5*
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
tevent: 5
auth_audit: 5
auth_json_audit: 5
kerberos: 5
drs_repl: 5
Processing section "[global]"
doing parameter workgroup = DOMAIN1
doing parameter realm = DOMAIN1.DOMAIN
doing parameter netbios name = DC1
doing parameter server string = Zentyal Server
doing parameter server role = dc
doing parameter server role check:inhibit = yes
doing parameter server services = -dns
doing parameter server signing = auto
doing parameter dsdb:schema update allowed = yes
doing parameter ldap server require strong auth = no
doing parameter drs:max object sync = 3000
doing parameter idmap_ldb:use rfc2307 = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter rpc server dynamic port range = 49152-65535
doing parameter interfaces = lo,eth1
doing parameter bind interfaces only = yes
doing parameter map to guest = Bad User
doing parameter log level = 3
doing parameter log file = /var/log/samba/samba.log
doing parameter max log size = 100000
doing parameter kerberos method = secrets and keytab
doing parameter include = /etc/samba/shares.conf
pm_process() returned Yes
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface lo ip=127.0.1.1 bcast=127.255.255.255 netmask=255.0.0.0
added interface eth1 ip=192.168.1.20 bcast=192.168.1.255
netmask=255.255.255.0
Netbios name list:-
my_netbios_names[0]="DC1"
Client started (version 4.7.6-Ubuntu).
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for realm 'DOMAIN1.DOMAIN'
no entry for DC1#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name DC1<0x20>
resolve_wins: WINS server resolution selected and no WINS servers listed.
resolve_hosts: Attempting host lookup for name DC1<0x20>
namecache_store: storing 1 address for DC1#20: 192.168.1.254
Connecting to 192.168.1.254 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[SMB2_10] against server[DC1]
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
session setup ok
signed SMB2 message
signed SMB2 message
tconx ok
Sharename Type Comment
--------- ---- -------
signed SMB2 message
Bind RPC Pipe: host DC1 auth_type 0, auth_level 1
rpc_api_pipe: host DC1
signed SMB2 message
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host DC1
signed SMB2 message
rpc_read_send: data_to_read: 928
ADMIN$ Disk Remote Admin
ADST_Interns Disk
ADST_Staff Disk
C$ Disk Default share
F$ Disk Default share
H$ Disk Default share
IPC$ IPC Remote IPC
NETLOGON Disk Logon server share
Scanner Disk
SYSVOL Disk Logon server share
UserData Disk
UserDirectories$ Disk
signed SMB2 message
signed SMB2 message
Reconnecting with SMB1 for workgroup listing.
sitename_fetch: No stored sitename for realm 'DOMAIN1.DOMAIN'
name DC1#20 found.
Connecting to 192.168.1.254 at port 139
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
session request ok
negotiated dialect[NT1] against server[DC1]
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
session setup ok
tconx ok
Server Comment
--------- -------
Workgroup Master
--------- -------
--
James Fowler
Association for Diplomatic Studies and Training http://adst.org
Capturing, Preserving, Sharing - Oral Histories of US Diplomacy
More information about the samba
mailing list