[Samba] LDAP error 53 LDAP_UNWILLING_TO_PERFORM
Omnis ludis - games
sergey.gortinsc17 at gmail.com
Fri May 24 13:22:33 UTC 2024
good afternoon, when entering into the domain an error occurs, the
administrator has all the rights, but for some reason it is not possible to
enter this server into the domain, samba 4.19.0, the log is attached
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'ncalrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'http_negotiate' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain.local<0x20>
startlmhosts: Can't open lmhosts file /opt/reddc/etc/lmhosts. Error was No
such file or directory
finddcs: response 0 at '192.168.237.150'
finddcs: performing CLDAP query on 192.168.237.150
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0003f3fd (259069)
1: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
1: NBT_SERVER_DS_8
1: NBT_SERVER_DS_9
1: NBT_SERVER_DS_10
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : eac1ac7e-5bd4-4f8d-9ae6-cef06fcf2ee0
forest : 'domain.local'
dns_domain : 'domain.local'
pdc_dns_name : 'DC1.domain.local'
domain_name : 'domain'
pdc_name : 'DC1'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
finddcs: Found matching DC 192.168.237.150 with server_type=0x0003f3fd
Security token SIDs (1):
SID[ 0]: S-1-5-18
Privileges (0xFFFFFFFFFFFFFFFF):
Privilege[ 0]: SeMachineAccountPrivilege
Privilege[ 1]: SeTakeOwnershipPrivilege
Privilege[ 2]: SeBackupPrivilege
Privilege[ 3]: SeRestorePrivilege
Privilege[ 4]: SeRemoteShutdownPrivilege
Privilege[ 5]: SePrintOperatorPrivilege
Privilege[ 6]: SeAddUsersPrivilege
Privilege[ 7]: SeDiskOperatorPrivilege
Privilege[ 8]: SeSecurityPrivilege
Privilege[ 9]: SeSystemtimePrivilege
Privilege[ 10]: SeShutdownPrivilege
Privilege[ 11]: SeDebugPrivilege
Privilege[ 12]: SeSystemEnvironmentPrivilege
Privilege[ 13]: SeSystemProfilePrivilege
Privilege[ 14]: SeProfileSingleProcessPrivilege
Privilege[ 15]: SeIncreaseBasePriorityPrivilege
Privilege[ 16]: SeLoadDriverPrivilege
Privilege[ 17]: SeCreatePagefilePrivilege
Privilege[ 18]: SeIncreaseQuotaPrivilege
Privilege[ 19]: SeChangeNotifyPrivilege
Privilege[ 20]: SeUndockPrivilege
Privilege[ 21]: SeManageVolumePrivilege
Privilege[ 22]: SeImpersonatePrivilege
Privilege[ 23]: SeCreateGlobalPrivilege
Privilege[ 24]: SeEnableDelegationPrivilege
Rights (0x 0):
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
added interface ens192 ip=192.168.237.100 bcast=192.168.237.255
netmask=255.255.255.0
resolve_lmhosts: Attempting lmhosts lookup for name dc1.domain.local<0x20>
startlmhosts: Can't open lmhosts file /opt/reddc/etc/lmhosts. Error was No
such file or directory
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [WORKGROUP\Administrator]:Received smb_krb5 packet of length
196
Received smb_krb5 packet of length 98
kinit for Administrator at DOMAIN.LOCAL succeeded
gensec_update_send: gssapi_krb5[0x5630126c7020]: subreq: 0x563012674660
gensec_update_send: spnego[0x5630126c8410]: subreq: 0x5630126c01f0
gensec_update_done: gssapi_krb5[0x5630126c7020]:
NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x563012674660/../../source4/auth/gensec/gensec_gssapi.c:1059]:
state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
(0x563012674840)] timer[(nil)]
finish[../../source4/auth/gensec/gensec_gssapi.c:1070]
gensec_update_done: spnego[0x5630126c8410]:
NT_STATUS_MORE_PROCESSING_REQUIRED
tevent_req[0x5630126c01f0/../../auth/gensec/spnego.c:1631]: state[2]
error[0 (0x0)] state[struct gensec_spnego_update_state (0x5630126c03d0)]
timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
gensec_gssapi: NO credentials were delegated
GSSAPI Connection will be cryptographically sealed
gensec_update_send: gssapi_krb5[0x5630126c7020]: subreq: 0x563012674660
gensec_update_send: spnego[0x5630126c8410]: subreq: 0x5630126c01f0
gensec_update_done: gssapi_krb5[0x5630126c7020]: NT_STATUS_OK
tevent_req[0x563012674660/../../source4/auth/gensec/gensec_gssapi.c:1059]:
state[2] error[0 (0x0)] state[struct gensec_gssapi_update_state
(0x563012674840)] timer[(nil)]
finish[../../source4/auth/gensec/gensec_gssapi.c:1077]
gensec_update_done: spnego[0x5630126c8410]: NT_STATUS_OK
tevent_req[0x5630126c01f0/../../auth/gensec/spnego.c:1631]: state[2]
error[0 (0x0)] state[struct gensec_spnego_update_state (0x5630126c03d0)]
timer[(nil)] finish[../../auth/gensec/spnego.c:2116]
INFO 2024-05-24 17:23:00,320 pid:73718
/opt/reddc/lib/python3.8/site-packages/samba/netcmd/main.py #91: workgroup
is DOMAIN
INFO 2024-05-24 17:23:00,320 pid:73718
/opt/reddc/lib/python3.8/site-packages/samba/netcmd/main.py #91: realm is
doamin.local
ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM -
<00002010: SvcErr: DSID-031A124C, problem 5003 (WILL_NOT_PERFORM), data 0
> <>
File "samba/netcmd/__init__.py", line 279, in samba.netcmd.Command._run
File "samba/netcmd/domain/join.py", line 130, in
samba.netcmd.domain.join.cmd_domain_join.run
File "samba/join.py", line 1683, in samba.join.join_DC
File "samba/join.py", line 1590, in samba.join.DCJoinContext.do_join
File "samba/join.py", line 1563, in samba.join.DCJoinContext.do_join
File "samba/join.py", line 649, in
samba.join.DCJoinContext.join_add_objects
Adding CN=DCRED,OU=Domain Controllers,DC=domain,DC=local
Join failed - cleaning up
More information about the samba
mailing list