[Samba] Unable to join domain I think.
Rob Campbell
robcampbell08105 at gmail.com
Sat Sep 17 17:17:16 UTC 2022
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In all things, Be Intentional.
On Sat, Sep 17, 2022 at 11:59 AM Rowland Penny via samba <
samba at lists.samba.org> wrote:
>
>
> On 17/09/2022 16:20, Rob Campbell wrote:
> >
> >
> >
> >
> > [Sat Sep 17 11:15:03] [root at d02~$] net ads join -U Administrator -d3
> > lp_load_ex: refreshing parameters
> > Initialising global parameters
> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> > Processing section "[global]"
> > Registered MSG_REQ_POOL_USAGE
> > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
> > lp_load_ex: refreshing parameters
> > Initialising global parameters
> > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
> > Processing section "[global]"
> > added interface enp3s0 ip=10.0.0.9 bcast=10.0.0.255 netmask=255.255.255.0
> > Enter Administrator's password:
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > in: struct libnet_JoinCtx
> > dc_name : NULL
> > machine_name : 'D02'
> > domain_name : *
> > domain_name : 'HOME.ROB-CAMPBELL.LAN'
> > domain_name_type : JoinDomNameTypeDNS (1)
> > account_ou : NULL
> > admin_account : 'Administrator'
> > admin_domain : NULL
> > machine_password : NULL
> > join_flags : 0x00000023 (35)
> > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
> > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
> > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
> > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
> > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
> > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
> > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
> > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
> > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
> > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
> > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
> > os_version : NULL
> > os_name : NULL
> > os_servicepack : NULL
> > create_upn : 0x00 (0)
> > upn : NULL
> > dnshostname : NULL
> > modify_config : 0x00 (0)
> > ads : NULL
> > debug : 0x01 (1)
> > use_kerberos : 0x00 (0)
> > secure_channel_type : SEC_CHAN_WKSTA (2)
> > desired_encryption_types : 0x0000001f (31)
> > resolve_hosts: Attempting host lookup for name
> > dc01.home.rob-campbell.lan<0x20>
> > Connecting to 10.0.0.10 at port 445
> > GENSEC backend 'gssapi_spnego' registered
> > GENSEC backend 'gssapi_krb5' registered
> > GENSEC backend 'gssapi_krb5_sasl' registered
> > GENSEC backend 'spnego' registered
> > GENSEC backend 'schannel' registered
> > GENSEC backend 'naclrpc_as_system' registered
> > GENSEC backend 'sasl-EXTERNAL' registered
> > GENSEC backend 'ntlmssp' registered
> > GENSEC backend 'ntlmssp_resume_ccache' registered
> > GENSEC backend 'http_basic' registered
> > GENSEC backend 'http_ntlm' registered
> > GENSEC backend 'http_negotiate' registered
> > GENSEC backend 'krb5' registered
> > GENSEC backend 'fake_gssapi_krb5' registered
> > Got challenge flags:
> > Got NTLMSSP neg_flags=0x62898215
> > NTLMSSP: Set final flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088215
> > NTLMSSP Sign/Seal - Initialising with flags:
> > Got NTLMSSP neg_flags=0x62088215
> > get_dc_list: preferred server list: "dc01.home.rob-campbell.lan, *"
> > get_dc_list: preferred server list: "dc01.home.rob-campbell.lan, *"
> > Successfully contacted LDAP server 10.0.0.10
> > Connecting to 10.0.0.10 at port 389
> > Connected to LDAP server dc01.home.rob-campbell.lan
> > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
> > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
> > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
> > libnet_join_precreate_machine_acct: Machine account successfully created
> > ads_domain_func_level: 4
> > join: struct secrets_domain_infoB
> > version : SECRETS_DOMAIN_INFO_VERSION_1 (1)
> > reserved : 0x00000000 (0)
> > info : union secrets_domain_infoU(case 1)
> > info1 : *
> > info1: struct secrets_domain_info1
> > reserved_flags : 0x0000000000000000 (0)
> > join_time : Sat Sep 17 11:15:50 AM 2022
> EDT
> > computer_name : 'D02'
> > account_name : 'D02$'
> > secure_channel_type : SEC_CHAN_WKSTA (2)
> > domain_info: struct lsa_DnsDomainInfo
> > name: struct lsa_StringLarge
> > length : 0x0000 (0)
> > size : 0x0000 (0)
> > string : *
> > string : 'HOME'
> > dns_domain: struct lsa_StringLarge
> > length : 0x0000 (0)
> > size : 0x0000 (0)
> > string : *
> > string :
> > 'home.rob-campbell.lan'
> > dns_forest: struct lsa_StringLarge
> > length : 0x0000 (0)
> > size : 0x0000 (0)
> > string : *
> > string :
> > 'home.rob-campbell.lan'
> > domain_guid :
> > c1c018e3-6250-407d-9b57-42fda446aa97
> > sid : *
> > sid :
> > S-1-5-21-3671967812-2164588398-1947807301
> > trust_flags : 0x0000001a (26)
> > 0: NETR_TRUST_FLAG_IN_FOREST
> > 1: NETR_TRUST_FLAG_OUTBOUND
> > 0: NETR_TRUST_FLAG_TREEROOT
> > 1: NETR_TRUST_FLAG_PRIMARY
> > 1: NETR_TRUST_FLAG_NATIVE
> > 0: NETR_TRUST_FLAG_INBOUND
> > 0: NETR_TRUST_FLAG_MIT_KRB5
> > 0: NETR_TRUST_FLAG_AES
> > trust_type : LSA_TRUST_TYPE_UPLEVEL (2)
> > trust_attributes : 0x00000040 (64)
> > 0: LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE
> > 0: LSA_TRUST_ATTRIBUTE_UPLEVEL_ONLY
> > 0: LSA_TRUST_ATTRIBUTE_QUARANTINED_DOMAIN
> > 0: LSA_TRUST_ATTRIBUTE_FOREST_TRANSITIVE
> > 0: LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION
> > 0: LSA_TRUST_ATTRIBUTE_WITHIN_FOREST
> > 1: LSA_TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL
> > 0: LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION
> > 0:
> > LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_NO_TGT_DELEGATION
> > 0: LSA_TRUST_ATTRIBUTE_PIM_TRUST
> > 0:
> > LSA_TRUST_ATTRIBUTE_CROSS_ORGANIZATION_ENABLE_TGT_DELEGATION
> > reserved_routing : NULL
> > supported_enc_types : 0x0000001f (31)
> > 1: KERB_ENCTYPE_DES_CBC_CRC
> > 1: KERB_ENCTYPE_DES_CBC_MD5
> > 1: KERB_ENCTYPE_RC4_HMAC_MD5
> > 1: KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96
> > 1: KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96
> > 0: KERB_ENCTYPE_FAST_SUPPORTED
> > 0: KERB_ENCTYPE_COMPOUND_IDENTITY_SUPPORTED
> > 0: KERB_ENCTYPE_CLAIMS_SUPPORTED
> > 0: KERB_ENCTYPE_RESOURCE_SID_COMPRESSION_DISABLED
> > salt_principal : *
> > salt_principal :
> > 'host/d02.home.rob-campbell.lan at HOME.ROB-CAMPBELL.LAN'
> > password_last_change : Sat Sep 17 11:15:50 AM 2022
> EDT
> > password_changes : 0x0000000000000001 (1)
> > next_change : NULL
> > password : *
> > password: struct secrets_domain_info1_password
> > change_time : Sat Sep 17 11:15:50
> > AM 2022 EDT
> > change_server :
> > 'dc01.home.rob-campbell.lan'
> > cleartext_blob : DATA_BLOB length=260
> > nt_hash: struct samr_Password
> > hash: ARRAY(16): <REDACTED SECRET VALUES>
> > salt_data : *
> > salt_data :
> > 'HOME.ROB-CAMPBELL.LANhostd02.home.rob-campbell.lan'
> > default_iteration_count : 0x00001000 (4096)
> > num_keys : 0x0003 (3)
> > keys: ARRAY(3)
> > keys: struct
> secrets_domain_info1_kerberos_key
> > keytype : 0x00000012
> (18)
> > iteration_count : 0x00001000
> > (4096)
> > value : DATA_BLOB
> > length=32
> > keys: struct
> secrets_domain_info1_kerberos_key
> > keytype : 0x00000011
> (17)
> > iteration_count : 0x00001000
> > (4096)
> > value : DATA_BLOB
> > length=16
> > keys: struct
> secrets_domain_info1_kerberos_key
> > keytype : 0x00000017
> (23)
> > iteration_count : 0x00001000
> > (4096)
> > value : DATA_BLOB
> > length=16
> > old_password : *
> > old_password: struct secrets_domain_info1_password
> > change_time : Sat Sep 17 11:14:05
> > AM 2022 EDT
> > change_server :
> > 'dc01.home.rob-campbell.lan'
> > cleartext_blob : DATA_BLOB length=416
> > nt_hash: struct samr_Password
> > hash: ARRAY(16): <REDACTED SECRET VALUES>
> > salt_data : *
> > salt_data :
> > 'HOME.ROB-CAMPBELL.LANhostd02.home.rob-campbell.lan'
> > default_iteration_count : 0x00001000 (4096)
> > num_keys : 0x0003 (3)
> > keys: ARRAY(3)
> > keys: struct
> secrets_domain_info1_kerberos_key
> > keytype : 0x00000012
> (18)
> > iteration_count : 0x00001000
> > (4096)
> > value : DATA_BLOB
> > length=32
> > keys: struct
> secrets_domain_info1_kerberos_key
> > keytype : 0x00000011
> (17)
> > iteration_count : 0x00001000
> > (4096)
> > value : DATA_BLOB
> > length=16
> > keys: struct
> secrets_domain_info1_kerberos_key
> > keytype : 0x00000017
> (23)
> > iteration_count : 0x00001000
> > (4096)
> > value : DATA_BLOB
> > length=16
> > older_password : NULL
> > ldb: ltdb: tdb(/var/lib/samba/private/secrets.ldb): tdb_open_ex: could
> > not open file /var/lib/samba/private/secrets.ldb: No such file or
> directory
> >
> > ldb: Unable to open tdb '/var/lib/samba/private/secrets.ldb': No such
> > file or directory
> > ldb: Failed to connect to '/var/lib/samba/private/secrets.ldb' with
> > backend 'tdb': Unable to open tdb '/var/lib/samba/private/secrets.ldb':
> > No such file or directory
>
> You can ignore errors like the above, there will never be a file called
> 'secrets.ldb' on a Unix domain member.
>
> > Connecting to 10.0.0.10 at port 445
> > libnet_Join:
> > libnet_JoinCtx: struct libnet_JoinCtx
> > out: struct libnet_JoinCtx
> > account_name : 'D02$'
> > netbios_domain_name : 'HOME'
> > dns_domain_name : 'home.rob-campbell.lan'
> > forest_name : 'home.rob-campbell.lan'
> > dn :
> > 'CN=D02,CN=Computers,DC=home,DC=rob-campbell,DC=lan'
> > domain_guid :
> c1c018e3-6250-407d-9b57-42fda446aa97
> > domain_sid : *
> > domain_sid :
> > S-1-5-21-3671967812-2164588398-1947807301
> > modified_config : 0x00 (0)
> > error_string : NULL
> > domain_is_ad : 0x01 (1)
> > set_encryption_types : 0x0000001f (31)
> > krb5_salt :
> > 'host/d02.home.rob-campbell.lan at HOME.ROB-CAMPBELL.LAN'
> > result : WERR_OK
> > Using short domain name -- HOME
> > Joined 'D02' to dns domain 'home.rob-campbell.lan'
> > added interface enp3s0 ip=10.0.0.9 bcast=10.0.0.255 netmask=255.255.255.0
> > DoDNSUpdate: signed update failed
>
> There is your error, something is stopping the update, is there a
> firewall in the way, or is apparmor running ?
>
> Rowland
>
> No apparmor or anything but I guess there could be a port that isn't
open. I didn't see the wiki mention any particular ports or protocols so I
opened only what I found I needed. Maybe I missed something.
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
>
More information about the samba
mailing list