[Samba] Unable to join domain I think.
Rob Campbell
robcampbell08105 at gmail.com
Sat Sep 17 15:20:26 UTC 2022
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Sat, Sep 17, 2022 at 3:12 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 17/09/2022 00:01, Rob Campbell wrote:
> > I run this
> > [Fri Sep 16 18:59:03] [root at dc02~$] net ads join -U Administrator
> > Enter Administrator's password:
> > Using short domain name -- HOME
> > Joined 'DC02' to dns domain 'home.rob-campbell.lan'
> > DNS Update for dc02.home.rob-campbell.lan failed: ERROR_DNS_UPDATE_FAILED
>
> The join has succeeded but it couldn't update the DNS record, this is
> usually caused by a misconfiguration of /etc/hosts.
>
> >
> > I get nothing in any log from the member DC02 or the DC DC01. None of
> > the logs are even touched around the time that I ran that command.
> > Shouldn't something be logged somewhere?
>
> I do wish you would change that hostname 'DC02', it is terribly confusing..
>
> If you want more logging for the join command, add '-dN' to the end of
> the join command (where 'N' is a number between 1-10, the higher the
> number, the more logging ) e.g.:
>
> net ads join -U Administrator -d3
>
> Rowland
>
>
[Sat Sep 17 11:15:03] [root at d02~$] net ads join -U Administrator -d3
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
Registered MSG_REQ_POOL_USAGE
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[global]"
added interface enp3s0 ip=10.0.0.9 bcast=10.0.0.255 netmask=255.255.255.0
Enter Administrator's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'D02'
domain_name : *
domain_name : 'HOME.ROB-CAMPBELL.LAN'
domain_name_type : JoinDomNameTypeDNS (1)
account_ou : NULL
admin_account : 'Administrator'
admin_domain : NULL
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
os_servicepack : NULL
create_upn : 0x00 (0)
upn : NULL
dnshostname : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
desired_encryption_types : 0x0000001f (31)
resolve_hosts: Attempting host lookup for name
dc01.home.rob-campbell.lan<0x20>
Connecting to 10.0.0.10 at port 445
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
get_dc_list: preferred server list: "dc01.home.rob-campbell.lan, *"
get_dc_list: preferred server list: "dc01.home.rob-campbell.lan, *"
Successfully contacted LDAP server 10.0.0.10
Connecting to 10.0.0.10 at port 389
Connected to LDAP server dc01.home.rob-campbell.lan
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
libnet_join_precreate_machine_acct: Machine account successfully created
ads_domain_func_level: 4
join: struct secrets_domain_infoB
version : SECRETS_DOMAIN_INFO_VERSION_1 (1)
reserved : 0x00000000 (0)
info : union secrets_domain_infoU(case 1)
info1 : *
info1: struct secrets_domain_info1
reserved_flags : 0x0000000000000000 (0)
join_time : Sat Sep 17 11:15:50 AM 2022 EDT
computer_name : 'D02'
account_name : 'D02$'
secure_channel_type : SEC_CHAN_WKSTA (2)
domain_info: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string : 'HOME'
dns_domain: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string :
'home.rob-campbell.lan'
dns_forest: struct lsa_StringLarge
length : 0x0000 (0)
size : 0x0000 (0)
string : *
string :
'home.rob-campbell.lan'
domain_guid :
c1c018e3-6250-407d-9b57-42fda446aa97
sid : *
sid :
S-1-5-21-3671967812-2164588398-1947807301
trust_flags : 0x0000001a (26)
0: NETR_TRUST_FLAG_IN_FOREST
1: NETR_TRUST_FLAG_OUTBOUND
0: NETR_TRUST_FLAG_TREEROOT
1: NETR_TRUST_FLAG_PRIMARY
1: NETR_TRUST_FLAG_NATIVE
0: NETR_TRUST_FLAG_INBOUND
0: NETR_TRUST_FLAG_MIT_KRB5
0: NETR_TRUST_FLAG_AES
trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
trust_attributes : 0x00000040 (64)
0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
1: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
0:
LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION
0: LSA_TRUST_ATTRIBUTE_PIM_TRUST
0:
LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION
reserved_routing : NULL
supported_enc_types : 0x0000001f (31)
1: KERB_ENCTYPE_DES_CBC_CRC
1: KERB_ENCTYPE_DES_CBC_MD5
1: KERB_ENCTYPE_RC4_HMAC_MD5
1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
0: KERB_ENCTYPE_FAST_SUPPORTED
0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
0: KERB_ENCTYPE_CLAIMS_SUPPORTED
0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
salt_principal : *
salt_principal :
'host/d02.home.rob-campbell.lan at HOME.ROB-CAMPBELL.LAN'
password_last_change : Sat Sep 17 11:15:50 AM 2022 EDT
password_changes : 0x0000000000000001 (1)
next_change : NULL
password : *
password: struct secrets_domain_info1_password
change_time : Sat Sep 17 11:15:50 AM
2022 EDT
change_server :
'dc01.home.rob-campbell.lan'
cleartext_blob : DATA_BLOB length=260
nt_hash: struct samr_Password
hash: ARRAY(16): <REDACTED SECRET VALUES>
salt_data : *
salt_data :
'HOME.ROB-CAMPBELL.LANhostd02.home.rob-campbell.lan'
default_iteration_count : 0x00001000 (4096)
num_keys : 0x0003 (3)
keys: ARRAY(3)
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000012 (18)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB
length=32
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000011 (17)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB
length=16
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000017 (23)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB
length=16
old_password : *
old_password: struct secrets_domain_info1_password
change_time : Sat Sep 17 11:14:05 AM
2022 EDT
change_server :
'dc01.home.rob-campbell.lan'
cleartext_blob : DATA_BLOB length=416
nt_hash: struct samr_Password
hash: ARRAY(16): <REDACTED SECRET VALUES>
salt_data : *
salt_data :
'HOME.ROB-CAMPBELL.LANhostd02.home.rob-campbell.lan'
default_iteration_count : 0x00001000 (4096)
num_keys : 0x0003 (3)
keys: ARRAY(3)
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000012 (18)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB
length=32
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000011 (17)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB
length=16
keys: struct secrets_domain_info1_kerberos_key
keytype : 0x00000017 (23)
iteration_count : 0x00001000 (4096)
value : DATA_BLOB
length=16
older_password : NULL
ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could not
open file /var/lib/samba/private/secrets.ldb: No such file or directory
ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such file
or directory
ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with backend
'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
file or directory
Connecting to 10.0.0.10 at port 445
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : 'D02$'
netbios_domain_name : 'HOME'
dns_domain_name : 'home.rob-campbell.lan'
forest_name : 'home.rob-campbell.lan'
dn :
'CN=D02,CN=Computers,DC=home,DC=rob-campbell,DC=lan'
domain_guid : c1c018e3-6250-407d-9b57-42fda446aa97
domain_sid : *
domain_sid :
S-1-5-21-3671967812-2164588398-1947807301
modified_config : 0x00 (0)
error_string : NULL
domain_is_ad : 0x01 (1)
set_encryption_types : 0x0000001f (31)
krb5_salt :
'host/d02.home.rob-campbell.lan at HOME.ROB-CAMPBELL.LAN'
result : WERR_OK
Using short domain name -- HOME
Joined 'D02' to dns domain 'home.rob-campbell.lan'
added interface enp3s0 ip=10.0.0.9 bcast=10.0.0.255 netmask=255.255.255.0
DoDNSUpdate: signed update failed
DNS Update for d02.home.rob-campbell.lan failed: ERROR_DNS_UPDATE_FAILED
DNS update failed: NT_STATUS_UNSUCCESSFUL
return code = 0
[Sat Sep 17 11:15:51] [root at d02~$] la /var/lib/samba/private/secrets.ldb
ls: cannot access '/var/lib/samba/private/secrets.ldb': No such file or
directory
[Sat Sep 17 11:18:31] [root at d02~$] la /var/lib/samba/private/
total 612K
drwxr-xr-x 5 root root 4.0K Sep 17 11:14 .
drwxr-xr-x 8 root root 4.0K Sep 17 11:14 ..
-rw------- 1 root root 16 Sep 8 19:41 encrypted_secrets.key
drwx------ 2 root root 4.0K Sep 17 11:15 msg.sock
-rw------- 1 root root 28K Sep 17 11:15 netlogon_creds_cli.tdb
-rw------- 1 root root 560K Sep 17 11:15 secrets.tdb
drwxr-xr-x 2 root root 4.0K Sep 8 20:16 smbd.tmp
drwxr-xr-x 2 root root 4.0K Sep 8 19:41 tls
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list