Nico Speelman
2016-May-26 09:57 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
Hello,
I've been trying to add a new server to my Samba 4 Active directory, but
I've been failing so far. I'm running the command "net ads join
-k" and it fails with "Failed to join domain: failed to lookup DC info
for domain '<EXAMPLE.COM>' over rpc: The object name is not
found." The answers I found so far imply a problem with the RPC service,
but this seems to be running as the output of "netstat -plane | grep
135" suggests. I was unable to find any hint to the problems origin in my
samba logs, but the output of "net ads join -k -d10" shows a lot more
information. Unfortunately I am unable to filter through this all. I hope anyone
is able to point me in the direction of a solution.
My domain controller and client are running Debian testing with samba 4.4.3.
Thank in advance,
Nico Speelman
output of "netstat -plane | grep 135" on the domain controllers:
tcp 0 0 10.0.0.2:135 0.0.0.0:* LISTEN
0 96682 8639/samba
tcp 0 0 127.0.0.1:135 0.0.0.0:* LISTEN
0 96679 8639/samba
tcp6 0 0 2001:980:7912:1::2:135 :::* LISTEN
0 96681 8639/samba
tcp6 0 0 ::1:135 :::* LISTEN
0 96680 8639/samba
output of "net ads join -k -d10" on the client:
Failed to join domain: failed to lookup DC info for domain
'<EXAMPLE.COM>' over rpc: The object name is not found.
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
Processing section "[global]"
doing parameter security = ADS
doing parameter workgroup = <EXAMPLE>
doing parameter realm = <example.com>
doing parameter log file = /var/log/samba/%m.log
doing parameter kerberos method = secrets and keytab
doing parameter client signing = yes
doing parameter client use spnego = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
messaging_dgm_ref: messaging_dgm_init returned Success
messaging_dgm_ref: unique = 18102182485556212140
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
tevent: 10
Processing section "[global]"
doing parameter security = ADS
doing parameter workgroup = <EXAMPLE>
doing parameter realm = <example.com>
doing parameter log file = /var/log/samba/%m.log
doing parameter kerberos method = secrets and keytab
doing parameter client signing = yes
doing parameter client use spnego = yes
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="HESTIA"
added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff::
added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'HESTIA'
domain_name : *
domain_name : '<EXAMPLE.COM>'
domain_name_type : JoinDomNameTypeDNS (1)
account_ou : NULL
admin_account : 'root'
admin_domain : NULL
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
os_servicepack : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x01 (1)
secure_channel_type : SEC_CHAN_WKSTA (2)
desired_encryption_types : 0x0000001f (31)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for <EXAMPLE.COM>:
"Default-First-Site-Name"
dsgetdcname_internal: domain_name: <EXAMPLE.COM>, domain_guid: (null),
site_name: Default-First-Site-Name, flags: 0x40021011
debug_dsdcinfo_flags: 0x40021011
DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED
DS_IS_DNS_NAME DS_RETURN_DNS_NAME
dsgetdcname_rediscover
ads_dns_lookup_srv: 2 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 389]
ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 389]
LDAP ping to hera.<example.com> (10.0.0.3)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000013fc (5116)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
0: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_DS_8
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
forest : '<example.com>'
dns_domain : '<example.com>'
pdc_dns_name : 'hera.<example.com>'
domain_name : '<EXAMPLE>'
pdc_name : 'HERA'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do
mei 26 08:31:50 2016 CEST] (900 seconds ahead)
sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name],
expire = [2085923199]
Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got it
Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM>] and
timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead)
sitename_store: realm = [<example.com>], sitename =
[Default-First-Site-Name], expire = [2085923199]
Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM>, we already got
it
create_local_private_krb5_conf_for_domain: fname =
/var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <EXAMPLE.COM>, domain =
.JOIN
saf_fetch: failed to find server for "<EXAMPLE.COM>" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename
Default-First-Site-Name)
resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88]
ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88]
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88
<hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88
<zeus_ipv6_#2>:88 10.0.0.2:88
Adding 6 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <hera_ipv6_#1>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <hera_ipv6_#2>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server 10.0.0.3
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <zeus_ipv6_#1>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <zeus_ipv6_#2>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server 10.0.0.2
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 6 ip addresses in an ordered list
get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88
<hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88
got 6 addresses from site Default-First-Site-Name search
saf_fetch: failed to find server for "<EXAMPLE.COM>" domain
get_dc_list: preferred server list: ", *"
internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename (null))
resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS
ads_dns_lookup_srv: 2 records returned in the answer section.
ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88]
ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88]
remove_duplicate_addrs2: looking for duplicate address/port pairs
internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88
<hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88
<zeus_ipv6_#2>:88 10.0.0.2:88
Adding 6 DC's from auto lookup
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <hera_ipv6_#1>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <hera_ipv6_#2>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server 10.0.0.3
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <zeus_ipv6_#1>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server <zeus_ipv6_#2>
check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM>
server 10.0.0.2
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 6 ip addresses in an ordered list
get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88
<hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88
got 6 addresses from site-less search
5 additional KDCs to test
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000013fc (5116)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
0: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_DS_8
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
forest : '<example.com>'
dns_domain : '<example.com>'
pdc_dns_name : 'zeus.<example.com>'
domain_name : '<EXAMPLE>'
pdc_name : 'ZEUS'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000013fc (5116)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
0: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_DS_8
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
forest : '<example.com>'
dns_domain : '<example.com>'
pdc_dns_name : 'hera.<example.com>'
domain_name : '<EXAMPLE>'
pdc_name : 'HERA'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x000013fc (5116)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
1: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
1: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
0: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_DS_8
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593
forest : '<example.com>'
dns_domain : '<example.com>'
pdc_dns_name : 'zeus.<example.com>'
domain_name : '<EXAMPLE>'
pdc_name : 'ZEUS'
user_name : ''
server_site : 'Default-First-Site-Name'
client_site : 'Default-First-Site-Name'
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
get_kdc_ip_string: Returning kdc = 10.0.0.3
kdc = 10.0.0.2
kdc = [<hera_ipv6_#1>]:88
kdc = [<zeus_ipv6_#1>]:88
create_local_private_krb5_conf_for_domain: wrote file
/var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM> KDC list
= kdc = 10.0.0.3
kdc = 10.0.0.2
kdc = [<hera_ipv6_#1>]:88
kdc = [<zeus_ipv6_#1>]:88
sitename_fetch: Returning sitename for <EXAMPLE.COM>:
"Default-First-Site-Name"
internal_resolve_name: looking up hera.<example.com>#20 (sitename
Default-First-Site-Name)
Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do
jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past)
no entry for hera.<example.com>#20 found.
resolve_hosts: Attempting host lookup for name
hera.<example.com><0x20>
remove_duplicate_addrs2: looking for duplicate address/port pairs
namecache_store: storing 3 addresses for hera.<example.com>#20:
[<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3
Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do
mei 26 08:27:51 2016 CEST] (660 seconds ahead)
internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0
<hera_ipv6_#2>:0 10.0.0.3:0
Connecting to <hera_ipv6_#1> at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 368000
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
cli_session_setup_spnego: using target hostname not SPNEGO principal
cli_session_setup_spnego: guessed server
principal=cifs/hera.<example.com>@<EXAMPLE.COM>
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
SPNEGO login failed: The object name is not found.
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for domain
'<EXAMPLE.COM>' over rpc: The object name is not found.'
domain_is_ad : 0x00 (0)
set_encryption_types : 0x00000000 (0)
result : WERR_BADFILE
return code = -1
msg_dgm_ref_destructor: refs=(nil)
HERA smb.conf:
[global]
workgroup = SPEELMANROBBEN
realm = speelmanrobben.nl
netbios name = HERA
server role = active directory domain controller
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
[netlogon]
path = /mnt/netlogon
read only = No
guest ok = Yes
[sysvol]
path = /var/lib/samba/sysvol
read only = No
ZEUS smb.conf:
[global]
workgroup = SPEELMANROBBEN
realm = speelmanrobben.nl
netbios name = ZEUS
server string = %h PDC (Debian Testing, Samba4)
interfaces = 127.0.0.0/8, ::1/128, eth0, lo
bind interfaces only = Yes
server role = active directory domain controller
map to guest = Bad User
private dir = /var/lib/samba/private
pam password change = Yes
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.samba
max log size = 1000
logon path domain logons = Yes
preferred master = Yes
domain master = Yes
dns proxy = No
lock directory = /var/lib/samba/
state directory = /var/lib/samba/state
cache directory = /var/cache/samba
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl,
winbind, ntp_signd, kcc, dnsupdate
idmap_ldb:use rfc2307 = yes
idmap config * : backend = tdb
invalid users = root
admin users = administrator
tls enabled = yes
tls keyfile = tls/sambakey.pem
tls certfile = tls/zeus.<example.com>.crt
tls cafile = /etc/ssl/certs/cacert.pem
[netlogon]
comment = Network Logon Service
path = /mnt/netlogon
read only = No
guest ok = Yes
[sysvol]
comment = System Volume
path = /var/lib/samba/state/sysvol
read only = No
guest ok = Yes
Miso Rapajić
2016-May-26 10:19 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
Try to ping from client to server with its hostname. Sounds like dns problem. ping server Then try to ping its ip address. Then try to add server address to host file. Ex 192.168.8.30 server.example.com server Best M On May 26, 2016 12:02, "Nico Speelman" <nico at speelmanrobben.nl> wrote:> Hello, > > I've been trying to add a new server to my Samba 4 Active directory, but > I've been failing so far. I'm running the command "net ads join -k" and it > fails with "Failed to join domain: failed to lookup DC info for domain '< > EXAMPLE.COM>' over rpc: The object name is not found." The answers I > found so far imply a problem with the RPC service, but this seems to be > running as the output of "netstat -plane | grep 135" suggests. I was unable > to find any hint to the problems origin in my samba logs, but the output of > "net ads join -k -d10" shows a lot more information. Unfortunately I am > unable to filter through this all. I hope anyone is able to point me in the > direction of a solution. > > My domain controller and client are running Debian testing with samba > 4.4.3. > > Thank in advance, > Nico Speelman > > output of "netstat -plane | grep 135" on the domain controllers: > tcp 0 0 10.0.0.2:135 0.0.0.0:* > LISTEN 0 96682 8639/samba > tcp 0 0 127.0.0.1:135 0.0.0.0:* > LISTEN 0 96679 8639/samba > tcp6 0 0 2001:980:7912:1::2:135 :::* > LISTEN 0 96681 8639/samba > tcp6 0 0 ::1:135 :::* > LISTEN 0 96680 8639/samba > > output of "net ads join -k -d10" on the client: > Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' > over rpc: The object name is not found. > > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > messaging_dgm_ref: messaging_dgm_init returned Success > messaging_dgm_ref: unique = 18102182485556212140 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > lp_load_ex: refreshing parameters > Freeing parametrics: > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="HESTIA" > added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff:: > added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0 > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'HESTIA' > domain_name : * > domain_name : '<EXAMPLE.COM>' > domain_name_type : JoinDomNameTypeDNS (1) > account_ou : NULL > admin_account : 'root' > admin_domain : NULL > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > os_servicepack : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x01 (1) > secure_channel_type : SEC_CHAN_WKSTA (2) > desired_encryption_types : 0x0000001f (31) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/run/samba/gencache_notrans.tdb > sitename_fetch: Returning sitename for <EXAMPLE.COM>: > "Default-First-Site-Name" > dsgetdcname_internal: domain_name: <EXAMPLE.COM>, domain_guid: (null), > site_name: Default-First-Site-Name, flags: 0x40021011 > debug_dsdcinfo_flags: 0x40021011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED > DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME > dsgetdcname_rediscover > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 389] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 389] > LDAP ping to hera.<example.com> (10.0.0.3) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do > mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name], > expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got it > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM>] and > timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<example.com>], sitename > [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM>, we already got > it > create_local_private_krb5_conf_for_domain: fname > /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <EXAMPLE.COM>, domain > .JOIN > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename > Default-First-Site-Name) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 > <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 > <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site Default-First-Site-Name search > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename (null)) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 > <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 > <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site-less search > 5 additional KDCs to test > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > get_kdc_ip_string: Returning kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > create_local_private_krb5_conf_for_domain: wrote file > /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM> KDC list > = kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > sitename_fetch: Returning sitename for <EXAMPLE.COM>: > "Default-First-Site-Name" > internal_resolve_name: looking up hera.<example.com>#20 (sitename > Default-First-Site-Name) > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do > jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past) > no entry for hera.<example.com>#20 found. > resolve_hosts: Attempting host lookup for name hera.<example.com><0x20> > remove_duplicate_addrs2: looking for duplicate address/port pairs > namecache_store: storing 3 addresses for hera.<example.com>#20: > [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3 > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do > mei 26 08:27:51 2016 CEST] (660 seconds ahead) > internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0 > <hera_ipv6_#2>:0 10.0.0.3:0 > Connecting to <hera_ipv6_#1> at port 445 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 368000 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=96) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > cli_session_setup_spnego: using target hostname not SPNEGO principal > cli_session_setup_spnego: guessed server principal=cifs/hera.<example.com > >@<EXAMPLE.COM> > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gse_krb5 > SPNEGO login failed: The object name is not found. > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : NULL > dns_domain_name : NULL > forest_name : NULL > dn : NULL > domain_sid : NULL > domain_sid : (NULL SID) > modified_config : 0x00 (0) > error_string : 'failed to lookup DC info for > domain '<EXAMPLE.COM>' over rpc: The object name is not found.' > domain_is_ad : 0x00 (0) > set_encryption_types : 0x00000000 (0) > result : WERR_BADFILE > return code = -1 > msg_dgm_ref_destructor: refs=(nil) > > HERA smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = HERA > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > > [netlogon] > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ZEUS smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = ZEUS > server string = %h PDC (Debian Testing, Samba4) > interfaces = 127.0.0.0/8, ::1/128, eth0, lo > bind interfaces only = Yes > server role = active directory domain controller > map to guest = Bad User > private dir = /var/lib/samba/private > pam password change = Yes > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.samba > max log size = 1000 > logon path > domain logons = Yes > preferred master = Yes > domain master = Yes > dns proxy = No > lock directory = /var/lib/samba/ > state directory = /var/lib/samba/state > cache directory = /var/cache/samba > usershare allow guests = Yes > panic action = /usr/share/samba/panic-action %d > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > invalid users = root > admin users = administrator > tls enabled = yes > tls keyfile = tls/sambakey.pem > tls certfile = tls/zeus.<example.com>.crt > tls cafile = /etc/ssl/certs/cacert.pem > > [netlogon] > comment = Network Logon Service > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > comment = System Volume > path = /var/lib/samba/state/sysvol > read only = No > guest ok = Yes > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2016-May-26 10:19 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
On 26/05/16 10:57, Nico Speelman wrote:> Hello, > > I've been trying to add a new server to my Samba 4 Active directory, but I've been failing so far. I'm running the command "net ads join -k" and it fails with "Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found." The answers I found so far imply a problem with the RPC service, but this seems to be running as the output of "netstat -plane | grep 135" suggests. I was unable to find any hint to the problems origin in my samba logs, but the output of "net ads join -k -d10" shows a lot more information. Unfortunately I am unable to filter through this all. I hope anyone is able to point me in the direction of a solution. > > My domain controller and client are running Debian testing with samba 4.4.3. > > Thank in advance, > Nico Speelman > > output of "netstat -plane | grep 135" on the domain controllers: > tcp 0 0 10.0.0.2:135 0.0.0.0:* LISTEN 0 96682 8639/samba > tcp 0 0 127.0.0.1:135 0.0.0.0:* LISTEN 0 96679 8639/samba > tcp6 0 0 2001:980:7912:1::2:135 :::* LISTEN 0 96681 8639/samba > tcp6 0 0 ::1:135 :::* LISTEN 0 96680 8639/samba > > output of "net ads join -k -d10" on the client: > Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found. > > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > messaging_dgm_ref: messaging_dgm_init returned Success > messaging_dgm_ref: unique = 18102182485556212140 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > lp_load_ex: refreshing parameters > Freeing parametrics: > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="HESTIA" > added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff:: > added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0 > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'HESTIA' > domain_name : * > domain_name : '<EXAMPLE.COM>' > domain_name_type : JoinDomNameTypeDNS (1) > account_ou : NULL > admin_account : 'root' > admin_domain : NULL > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > os_servicepack : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x01 (1) > secure_channel_type : SEC_CHAN_WKSTA (2) > desired_encryption_types : 0x0000001f (31) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/run/samba/gencache_notrans.tdb > sitename_fetch: Returning sitename for <EXAMPLE.COM>: "Default-First-Site-Name" > dsgetdcname_internal: domain_name: <EXAMPLE.COM>, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011 > debug_dsdcinfo_flags: 0x40021011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME > dsgetdcname_rediscover > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 389] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 389] > LDAP ping to hera.<example.com> (10.0.0.3) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got it > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<example.com>], sitename = [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM>, we already got it > create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <EXAMPLE.COM>, domain = .JOIN > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename Default-First-Site-Name) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site Default-First-Site-Name search > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename (null)) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site-less search > 5 additional KDCs to test > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > get_kdc_ip_string: Returning kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM> KDC list = kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > sitename_fetch: Returning sitename for <EXAMPLE.COM>: "Default-First-Site-Name" > internal_resolve_name: looking up hera.<example.com>#20 (sitename Default-First-Site-Name) > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past) > no entry for hera.<example.com>#20 found. > resolve_hosts: Attempting host lookup for name hera.<example.com><0x20> > remove_duplicate_addrs2: looking for duplicate address/port pairs > namecache_store: storing 3 addresses for hera.<example.com>#20: [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3 > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do mei 26 08:27:51 2016 CEST] (660 seconds ahead) > internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0 <hera_ipv6_#2>:0 10.0.0.3:0 > Connecting to <hera_ipv6_#1> at port 445 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 368000 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=96) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > cli_session_setup_spnego: using target hostname not SPNEGO principal > cli_session_setup_spnego: guessed server principal=cifs/hera.<example.com>@<EXAMPLE.COM> > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gse_krb5 > SPNEGO login failed: The object name is not found. > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : NULL > dns_domain_name : NULL > forest_name : NULL > dn : NULL > domain_sid : NULL > domain_sid : (NULL SID) > modified_config : 0x00 (0) > error_string : 'failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.' > domain_is_ad : 0x00 (0) > set_encryption_types : 0x00000000 (0) > result : WERR_BADFILE > return code = -1 > msg_dgm_ref_destructor: refs=(nil) > > HERA smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = HERA > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate > > [netlogon] > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ZEUS smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = ZEUS > server string = %h PDC (Debian Testing, Samba4) > interfaces = 127.0.0.0/8, ::1/128, eth0, lo > bind interfaces only = Yes > server role = active directory domain controller > map to guest = Bad User > private dir = /var/lib/samba/private > pam password change = Yes > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.samba > max log size = 1000 > logon path > domain logons = Yes > preferred master = Yes > domain master = Yes > dns proxy = No > lock directory = /var/lib/samba/ > state directory = /var/lib/samba/state > cache directory = /var/cache/samba > usershare allow guests = Yes > panic action = /usr/share/samba/panic-action %d > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > invalid users = root > admin users = administrator > tls enabled = yes > tls keyfile = tls/sambakey.pem > tls certfile = tls/zeus.<example.com>.crt > tls cafile = /etc/ssl/certs/cacert.pem > > [netlogon] > comment = Network Logon Service > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > comment = System Volume > path = /var/lib/samba/state/sysvol > read only = No > guest ok = Yes >You say 'My domain controller and client are running Debian testing with samba 4.4.3' This sort of suggests you only have one DC, yet you have posted two DC smb.conf files, can we sort this out before going further. Do you have two DCs and are trying to join a client, or do you only have one DC and are trying to join another DC? Rowland
Nico Speelman
2016-May-26 10:33 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
Try to ping from client to server with its hostname. Sounds like dns problem. ping server Then try to ping its ip address. Then try to add server address to host file. Ex 192.168.8.30 server.example.com[1] server Best M On May 26, 2016 12:02, "Nico Speelman" <nico at speelmanrobben.nl[2]> wrote: Hello, I've been trying to add a new server to my Samba 4 Active directory, but I've been failing so far. I'm running the command "net ads join -k" and it fails with "Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM[3]>' over rpc: The object name is not found." The answers I found so far imply a problem with the RPC service, but this seems to be running as the output of "netstat -plane | grep 135" suggests. I was unable to find any hint to the problems origin in my samba logs, but the output of "net ads join -k -d10" shows a lot more information. Unfortunately I am unable to filter through this all. I hope anyone is able to point me in the direction of a solution. My domain controller and client are running Debian testing with samba 4.4.3. Thank in advance,Nico Speelman output of "netstat -plane | grep 135" on the domain controllers:tcp 0 0 10.0.0.2:135[4] 0.0.0.0:* LISTEN 0 96682 8639/sambatcp 0 0 127.0.0.1:135[5] 0.0.0.0:* LISTEN 0 96679 8639/sambatcp6 0 0 2001:980:7912:1::2:135 :::* LISTEN 0 96681 8639/sambatcp6 0 0 ::1:135 :::* LISTEN 0 96680 8639/samba output of "net ads join -k -d10" on the client:Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM[3]>' over rpc: The object name is not found. rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10lp_load_ex: refreshing parametersInitialising global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10Processing section "[global]"doing parameter security = ADSdoing parameter workgroup = <EXAMPLE>doing parameter realm = <example.com[6]>doing parameter log file = /var/log/samba/%m.logdoing parameter kerberos method = secrets and keytabdoing parameter client signing = yesdoing parameter client use spnego = yespm_process() returned Yeslp_servicenumber: couldn't find homesmessaging_dgm_ref: messaging_dgm_init returned Successmessaging_dgm_ref: unique = 18102182485556212140Registering messaging pointer for type 2 - private_data=(nil)Registering messaging pointer for type 9 - private_data=(nil)Registered MSG_REQ_POOL_USAGERegistering messaging pointer for type 11 - private_data=(nil)Registering messaging pointer for type 12 - private_data=(nil)Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGEDRegistering messaging pointer for type 1 - private_data=(nil)Registering messaging pointer for type 5 - private_data=(nil)lp_load_ex: refreshing parametersFreeing parametrics:Initialising global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10Processing section "[global]"doing parameter security = ADSdoing parameter workgroup = <EXAMPLE>doing parameter realm = <_example.com_>doing parameter log file = /var/log/samba/%m.logdoing parameter kerberos method = secrets and keytabdoing parameter client signing = yesdoing parameter client use spnego = yespm_process() returned Yeslp_servicenumber: couldn't find homesNetbios name list:-my_netbios_names[0]="HESTIA"added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff::added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'HESTIA' domain_name : * domain_name : '<EXAMPLE.COM[3]>' domain_name_type : JoinDomNameTypeDNS (1) account_ou : NULL admin_account : 'root' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x01 (1) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31)Opening cache file at /var/cache/samba/gencache.tdbOpening cache file at /var/run/samba/gencache_notrans.tdbsitename_fetch: Returning sitename for <_EXAMPLE.COM_>: "Default-First-Site-Name"dsgetdcname_internal: domain_name: <_EXAMPLE.COM_>, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011debug_dsdcinfo_flags: 0x40021011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAMEdsgetdcname_rediscoverads_dns_lookup_srv: 2 records returned in the answer section.ads_dns_parse_rr_srv: Parsed hera.<example.com[6]> [0, 100, 389]ads_dns_parse_rr_srv: Parsed zeus.<_example.com_> [0, 100, 389]LDAP ping to hera.<_example.com_> (10.0.0.3) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<_example.com_>' dns_domain : '<_example.com_>' pdc_dns_name : 'hera.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'HERA' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535)Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead)sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name], expire = [2085923199]Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got itAdding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM[3]>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead)sitename_store: realm = [<example.com[6]>], sitename = [Default-First-Site-Name], expire = [2085923199]Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM[3]>, we already got itcreate_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <_EXAMPLE.COM_>, domain = .JOINsaf_fetch: failed to find server for "<_EXAMPLE.COM_>" domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking up <_EXAMPLE.COM_>#dcdc (sitename Default-First-Site-Name)resolve_ads: Attempting to resolve KDCs for <_EXAMPLE.COM_> using DNSads_dns_lookup_srv: 2 records returned in the answer section.ads_dns_parse_rr_srv: Parsed hera.<example.com[6]> [0, 100, 88]ads_dns_parse_rr_srv: Parsed zeus.<_example.com_> [0, 100, 88]remove_duplicate_addrs2: looking for duplicate address/port pairsinternal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88[7] <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88[8] EXAMPLE.COM[3]> server <hera_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <hera_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.3check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.2remove_duplicate_addrs2: looking for duplicate address/port pairsget_dc_list: returning 6 ip addresses in an ordered listget_dc_list: 10.0.0.3:88[7] 10.0.0.2:88[8] <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88got 6 addresses from site Default-First-Site-Name searchsaf_fetch: failed to find server for "<EXAMPLE.COM[3]>" domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking up <_EXAMPLE.COM_>#dcdc (sitename (null))resolve_ads: Attempting to resolve KDCs for <_EXAMPLE.COM_> using DNSads_dns_lookup_srv: 2 records returned in the answer section.ads_dns_parse_rr_srv: Parsed hera.<example.com[6]> [0, 100, 88]ads_dns_parse_rr_srv: Parsed zeus.<_example.com_> [0, 100, 88]remove_duplicate_addrs2: looking for duplicate address/port pairsinternal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88[7] <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88[8] EXAMPLE.COM[3]> server <hera_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <hera_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.3check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.2remove_duplicate_addrs2: looking for duplicate address/port pairsget_dc_list: returning 6 ip addresses in an ordered listget_dc_list: 10.0.0.3:88[7] 10.0.0.2:88[8] <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88got 6 addresses from site-less search5 additional KDCs to test &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<example.com[6]>' dns_domain : '<_example.com_>' pdc_dns_name : 'zeus.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'ZEUS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<_example.com_>' dns_domain : '<_example.com_>' pdc_dns_name : 'hera.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'HERA' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<_example.com_>' dns_domain : '<_example.com_>' pdc_dns_name : 'zeus.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'ZEUS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535)get_kdc_ip_string: Returning kdc = 10.0.0.3 kdc = 10.0.0.2 kdc = [<hera_ipv6_#1>]:88 kdc = [<zeus_ipv6_#1>]:88 create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM[3]> KDC list = kdc = 10.0.0.3 kdc = 10.0.0.2 kdc = [<hera_ipv6_#1>]:88 kdc = [<zeus_ipv6_#1>]:88 sitename_fetch: Returning sitename for <_EXAMPLE.COM_>: "Default-First-Site-Name"internal_resolve_name: looking up hera.<example.com[6]>#20 (sitename Default-First-Site-Name)Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM[3]>#20] and timeout=[do jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past)no entry for hera.<example.com[6]>#20 found.resolve_hosts: Attempting host lookup for name hera.<_example.com_><0x20>remove_duplicate_addrs2: looking for duplicate address/port pairsnamecache_store: storing 3 addresses for hera.<_example.com_>#20: [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM[3]>#20] and timeout=[do mei 26 08:27:51 2016 CEST] (660 seconds ahead)internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0 <hera_ipv6_#2>:0 10.0.0.3:0[9] example.com[6]>@<EXAMPLE.COM[3]>GENSEC backend 'gssapi_spnego' registeredGENSEC backend 'gssapi_krb5' registeredGENSEC backend 'gssapi_krb5_sasl' registeredGENSEC backend 'spnego' registeredGENSEC backend 'schannel' registeredGENSEC backend 'naclrpc_as_system' registeredGENSEC backend 'sasl-EXTERNAL' registeredGENSEC backend 'ntlmssp' registeredGENSEC backend 'ntlmssp_resume_ccache' registeredGENSEC backend 'http_basic' registeredGENSEC backend 'http_ntlm' registeredGENSEC backend 'krb5' registeredGENSEC backend 'fake_gssapi_krb5' registeredStarting GENSEC mechanism spnegoStarting GENSEC submechanism gse_krb5SPNEGO login failed: The object name is not found.libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to lookup DC info for domain '<_EXAMPLE.COM_>' over rpc: The object name is not found.' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_BADFILEreturn code = -1msg_dgm_ref_destructor: refs=(nil) HERA smb.conf:[global] workgroup = SPEELMANROBBEN realm = speelmanrobben.nl[10] _speelmanrobben.nl_ 127.0.0.0/8[11], ::1/128, eth0, lo bind interfaces only = Yes server role = active directory domain controller map to guest = Bad User private dir = /var/lib/samba/private pam password change = Yes unix password sync = Yes syslog = 0 log file = /var/log/samba/log.samba max log size = 1000 logon path = domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No lock directory = /var/lib/samba/ state directory = /var/lib/samba/state cache directory = /var/cache/samba usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb invalid users = root admin users = administrator tls enabled = yes tls keyfile = tls/sambakey.pem tls certfile = tls/zeus.<example.com[6]>.crt tls cafile = /etc/ssl/certs/cacert.pem [netlogon] comment = Network Logon Service path = /mnt/netlogon read only = No guest ok = Yes [sysvol] comment = System Volume path = /var/lib/samba/state/sysvol read only = No guest ok = Yes --To unsubscribe from this list go to the following URL and read theinstructions: https://lists.samba.org/mailman/options/samba[12] root at hestia:~# ping -c4 zeus.<example.com> PING zeus.<example.com>(zeus.<example.com> (<zeus_ipv6>)) 56 data bytes 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=1 ttl=255 time=0.255 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=2 ttl=255 time=0.470 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=3 ttl=255 time=0.448 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=4 ttl=255 time=0.632 ms --- zeus.<example.com> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.255/0.451/0.632/0.134 ms root at hestia:~# ping -c4 hera.<example.com> PING hera.<example.com>(hera.<example.com> (<hera_ipv6>)) 56 data bytes 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=1 ttl=255 time=0.295 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=2 ttl=255 time=0.513 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=3 ttl=255 time=0.423 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=4 ttl=255 time=0.414 ms --- <zeus_ipv6> ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 5999ms rtt min/avg/max/mdev = 0.273/0.418/0.572/0.089 ms root at hestia:~# ping -c4 <zeus_ipv6> PING <zeus_ipv6>(<zeus_ipv6>) 56 data bytes 64 bytes from <zeus_ipv6>: icmp_seq=1 ttl=255 time=0.442 ms 64 bytes from <zeus_ipv6>: icmp_seq=2 ttl=255 time=0.435 ms 64 bytes from <zeus_ipv6>: icmp_seq=3 ttl=255 time=0.434 ms 64 bytes from <zeus_ipv6>: icmp_seq=4 ttl=255 time=0.426 ms --- <zeus_ipv6> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.426/0.434/0.442/0.015 ms root at hestia:~# ping -c4 <hera_ipv6> PING <hera_ipv6>(<hera_ipv6>) 56 data bytes 64 bytes from <hera_ipv6>: icmp_seq=1 ttl=255 time=0.301 ms 64 bytes from <hera_ipv6>: icmp_seq=2 ttl=255 time=0.441 ms 64 bytes from <hera_ipv6>: icmp_seq=3 ttl=255 time=0.334 ms 64 bytes from <hera_ipv6>: icmp_seq=4 ttl=255 time=0.458 ms --- <hera_ipv6> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2997ms rtt min/avg/max/mdev = 0.301/0.383/0.458/0.070 ms root at hestia:~# ping -c4 zeus PING zeus(zeus.<example.com> (<zeus_ipv6>)) 56 data bytes 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=1 ttl=255 time=0.443 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=2 ttl=255 time=0.443 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=3 ttl=255 time=0.405 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=4 ttl=255 time=0.381 ms --- zeus ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.381/0.418/0.443/0.026 ms root at hestia:~# ping -c4 hera PING hera(hera.<example.com> (<hera_ipv6>)) 56 data bytes 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=1 ttl=255 time=0.263 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=2 ttl=255 time=0.549 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=3 ttl=255 time=0.370 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=4 ttl=255 time=0.422 ms --- hera ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.263/0.401/0.549/0.102 ms root at hestia:~# ping -c4 -4 hera PING hera.<example.com> (10.0.0.3) 56(84) bytes of data. 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=1 ttl=64 time=0.291 ms 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=2 ttl=64 time=0.524 ms 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=3 ttl=64 time=0.451 ms 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=4 ttl=64 time=0.477 ms --- hera.<example.com> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.291/0.435/0.524/0.091 ms root at hestia:~# ping -c4 -4 zeus PING zeus.<example.com> (10.0.0.2) 56(84) bytes of data. 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=1 ttl=64 time=0.300 ms 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=2 ttl=64 time=0.396 ms 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=3 ttl=64 time=0.469 ms 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=4 ttl=64 time=0.461 ms -------- [1] http://server.example.com [2] mailto:nico at speelmanrobben.nl [3] http://EXAMPLE.COM [4] http://10.0.0.2:135 [5] http://127.0.0.1:135 [6] http://example.com [7] http://10.0.0.3:88 [8] http://10.0.0.2:88 [9] http://10.0.0.3:0 [10] http://speelmanrobben.nl [11] http://127.0.0.0/8 [12] https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- Samba AD member lost domain join after reboot
- Using net ads user to get child domain users on Samba 4.10.7