Hi,
My apologies if this is a FAQ that I missed. This is my first attempt
at setting up samba4. Following the howto instructions:
kinit administrator seems to work fine.
samba is latest git (alpha19).
however the join fails (as below):
[root at ads bin]# ./samba-tool domain join tribalnova.local DC
-Uadministrator --realm=tribalnova.local -d4
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Finding a writeable DC for domain 'tribalnova.local'
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain tribalnova.local
finddcs: looking for SRV records for _ldap._tcp.tribalnova.local
finddcs: DNS SRV response 0 at '192.168.169.11'
finddcs: performing CLDAP query on 192.168.169.11
finddcs: Found matching DC 192.168.169.11 with server_type=0x000001fc
Found DC orage2.tribalnova.local
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Password for [WORKGROUP\administrator]:
Received smb_krb5 packet of length 158
Received smb_krb5 packet of length 1436
workgroup is TRIBALNOVA
realm is tribalnova.local
checking sAMAccountName
Adding CN=ADS,OU=Domain Controllers,DC=tribalnova,DC=local
Adding
CN=ADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tribalnova,DC=local
Adding CN=NTDS
Settings,CN=ADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tribalnova,DC=local
Using binding ncacn_ip_tcp:orage2.tribalnova.local[,seal,print]
Mapped to DCERPC endpoint 135
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Mapped to DCERPC endpoint 1025
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
added interface eth0 ip=fe80::216:3eff:fe7b:420a%eth0
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.169.47 bcast=192.168.169.255
netmask=255.255.255.0
Received smb_krb5 packet of length 158
Received smb_krb5 packet of length 1436
drsuapi_DsBind: struct drsuapi_DsBind
in: struct drsuapi_DsBind
bind_guid : *
bind_guid :
e24d201a-4fd6-11d1-a3da-0000f875ae0d
bind_info : *
bind_info: struct drsuapi_DsBindInfoCtr
length : 0x0000001c (28)
info : union
drsuapi_DsBindInfo(case 28)
info28: struct drsuapi_DsBindInfo28
supported_extensions : 0x0fefff7f
(267386751)
1: DRSUAPI_SUPPORTED_EXTENSION_BASE
1:
DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI
1: DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1
1:
DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION
0: DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY
1:
DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2
1:
DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD
1:
DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO
1:
DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION
1: DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01
1:
DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP
1:
DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY
1: DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6
1:
DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3
1:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7
1:
DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT
0:
DRSUAPI_SUPPORTED_EXTENSION_XPRESS_COMPRESS
0:
DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V10
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART2
0:
DRSUAPI_SUPPORTED_EXTENSION_RESERVED_PART3
site_guid :
00000000-0000-0000-0000-000000000000
pid : 0x00000000 (0)
repl_epoch : 0x00000000 (0)
Join failed - cleaning up
checking sAMAccountName
Deleted CN=ADS,OU=Domain Controllers,DC=tribalnova,DC=local
Deleted
CN=ADS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=tribalnova,DC=local
ERROR(runtime): uncaught exception - (-1073741790, 'Access denied')
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/__init__.py",
line 162, in _run
return self.run(*args, **kwargs)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/netcmd/domain.py",
line 180, in run
machinepass=machinepass)
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 966, in join_DC
ctx.do_join()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 871, in do_join
ctx.join_add_objects()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 467, in join_add_objects
ctx.join_add_ntdsdsa()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 416, in join_add_ntdsdsa
ctx.DsAddEntry([rec])
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 326, in DsAddEntry
ctx.drsuapi_connect()
File "/usr/local/samba/lib64/python2.6/site-packages/samba/join.py",
line 305, in drsuapi_connect
(ctx.drsuapi_handle, ctx.bind_supported_extensions)
drs_utils.drs_DsBind(ctx.drsuapi)
File
"/usr/local/samba/lib64/python2.6/site-packages/samba/drs_utils.py",
line 144, in drs_DsBind
(info, handle) = drs.DsBind(misc.GUID(drsuapi.DRSUAPI_DS_BIND_GUID),
bind_info)
Any idea what I'm doing wrong or where to look?
Thanks,
Greg
--
Greg Dickie
just a guy
514-983-5400
