On 3/1/21 10:06 AM, Rowland penny via samba wrote:> On 01/03/2021 15:57, K. R. Foley wrote:
>>
>> On 3/1/21 9:40 AM, Rowland penny via samba wrote:
>>> On 01/03/2021 15:35, K. R. Foley wrote:
>>>>
>>>> On 3/1/21 9:19 AM, Rowland penny via samba wrote:
>>>>> On 01/03/2021 15:04, K. R. Foley wrote:
>>>>>>
>>>>>> The firewall is disabled on the client PC. The client
and the
>>>>>> server are on 2 separate subnets separated by a VPN. I
am not
>>>>>> aware of any filtering going on between the two, but I
can't say
>>>>>> for sure without checking. Is there a list of ports
somewhere
>>>>>> that I can check to make sure that they are all being
routed over
>>>>>> the VPN? I have already checked everything that I can
see in
>>>>>> netstat on the server.
>>>>>
>>>>>
>>>>> For port usage, see these wiki pages:
>>>>>
>>>>> https://wiki.samba.org/index.php/Samba_NT4_PDC_Port_Usage
>>>>>
>>>>>
https://wiki.samba.org/index.php/Samba_Domain_Member_Port_Usage
>>>>>
>>>>> https://wiki.samba.org/index.php/Samba_AD_DC_Port_Usage
>>>>>
>>>>>>
>>>>>> Keep in mind that the client can join the domain fine
if I enable
>>>>>> SMB1 on the client. I don't want to use SMB1. That
is why I am
>>>>>> trying to figure this out. The client seems to think
that the
>>>>>> server is asking for SMB1.
>>>>>
>>>>>
>>>>> This is what I am struggling with, by default SMBv1 is
turned off
>>>>> from Samba 4.11.0 , if you want to use SMBv1 then you have
to
>>>>> explicitly set it in smb.conf. You haven't set it, so
your DC
>>>>> shouldn't be using it, perhaps it is the client that is
using it ?
>>>>>
>>>>> Rowland
>>>>>
>>>> I have disabled SMB1 using "Disable-WindowsOptionalFeature
-Online
>>>> -FeatureName SMB1Protocol". If I enable it, it works.
>>>>
>>>> kr
>>>>
>>>
>>> When you join to a domain, the client searches for a DC, I am now
>>> wondering if something else (that is SMBv1 aware) is replying and
>>> causing the error message, perhaps the old PDC ?
>>>
>>> Rowland
>>>
>> Here is the debug from the Windows client. The domain for the old
>> domain is different.
>>
>> 03/01/2021 09:43:27:468 NetpDoDomainJoin
>> 03/01/2021 09:43:27:468 NetpDoDomainJoin: using current computer names
>> 03/01/2021 09:43:27:468 NetpDoDomainJoin:
>> NetpGetComputerNameEx(NetBios) returned 0x0
>> 03/01/2021 09:43:27:468 NetpDoDomainJoin:
>> NetpGetComputerNameEx(DnsHostName) returned 0x0
>> 03/01/2021 09:43:27:468 NetpMachineValidToJoin: 'KR-DEV'
>> 03/01/2021 09:43:27:468 NetpMachineValidToJoin: status: 0x0
>> 03/01/2021 09:43:27:468 NetpJoinDomain
>> 03/01/2021 09:43:27:468 ??? HostName: KR-Dev
>> 03/01/2021 09:43:27:468 ??? NetbiosName: KR-DEV
>> 03/01/2021 09:43:27:468 ??? Domain: local.richardshapiro.com
>> 03/01/2021 09:43:27:468 ??? MachineAccountOU: (NULL)
>> 03/01/2021 09:43:27:468 ??? Account:
>> local.richardshapiro.com\administrator
>> 03/01/2021 09:43:27:468 ??? Options: 0x25
>> 03/01/2021 09:43:27:484 NetpValidateName: checking to see if
>> 'local.richardshapiro.com' is valid as type 3 name
>> 03/01/2021 09:43:27:484 NetpValidateName:
'local.richardshapiro.com'
>> is not a valid NetBIOS domain name: 0x7b
>> 03/01/2021 09:43:27:577 NetpCheckDomainNameIsValid [ Exists ] for
>> 'local.richardshapiro.com' returned 0x0
>> 03/01/2021 09:43:27:577 NetpValidateName: name
>> 'local.richardshapiro.com' is valid for type 3
>> 03/01/2021 09:43:27:577 NetpDsGetDcName: trying to find DC in domain
>> 'local.richardshapiro.com', flags: 0x1020
>> 03/01/2021 09:43:28:046 NetpDsGetDcName: failed to find a DC having
>> account 'KR-DEV$': 0x525, last error is 0x0
>> 03/01/2021 09:43:28:046 NetpDsGetDcName: found DC
>> '\\ss-prod.local.richardshapiro.com' in the specified domain
>> 03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDsGetDcName returned:
>> 0x0
>> 03/01/2021 09:43:28:046 NetpDisableIDNEncoding: using FQDN
>> local.richardshapiro.com from dcinfo
>> 03/01/2021 09:43:28:046 NetpDisableIDNEncoding:
>> DnsDisableIdnEncoding(UNTILREBOOT) on
'local.richardshapiro.com'
>> succeeded
>> 03/01/2021 09:43:28:046 NetpJoinDomainOnDs: NetpDisableIDNEncoding
>> returned: 0x0
>> 03/01/2021 09:43:28:140 NetUseAdd to
>> \\ss-prod.local.richardshapiro.com\IPC$ returned 384
>> 03/01/2021 09:43:28:140 NetpJoinDomainOnDs: status of connecting to
>> dc '\\ss-prod.local.richardshapiro.com': 0x180
>> 03/01/2021 09:43:28:140 NetpJoinDomainOnDs: Function exits with
>> status of: 0x180
>> 03/01/2021 09:43:28:140 NetpResetIDNEncoding:
>> DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com'
>> returned 0x0
>> 03/01/2021 09:43:28:140 NetpJoinDomainOnDs: NetpResetIDNEncoding on
>> 'local.richardshapiro.com': 0x0
>> 03/01/2021 09:43:28:140 NetpDoDomainJoin: status: 0x180
>> 03/01/2021 09:43:28:155
>> -----------------------------------------------------------------
>> 03/01/2021 09:43:28:155 NetpDoDomainJoin
>> 03/01/2021 09:43:28:155 NetpDoDomainJoin: using current computer names
>> 03/01/2021 09:43:28:155 NetpDoDomainJoin:
>> NetpGetComputerNameEx(NetBios) returned 0x0
>> 03/01/2021 09:43:28:155 NetpDoDomainJoin:
>> NetpGetComputerNameEx(DnsHostName) returned 0x0
>> 03/01/2021 09:43:28:155 NetpMachineValidToJoin: 'KR-DEV'
>> 03/01/2021 09:43:28:155 NetpMachineValidToJoin: status: 0x0
>> 03/01/2021 09:43:28:155 NetpJoinDomain
>> 03/01/2021 09:43:28:155 ??? HostName: KR-Dev
>> 03/01/2021 09:43:28:155 ??? NetbiosName: KR-DEV
>> 03/01/2021 09:43:28:155 ??? Domain: local.richardshapiro.com
>> 03/01/2021 09:43:28:155 ??? MachineAccountOU: (NULL)
>> 03/01/2021 09:43:28:155 ??? Account:
>> local.richardshapiro.com\administrator
>> 03/01/2021 09:43:28:155 ??? Options: 0x27
>> 03/01/2021 09:43:28:155 NetpValidateName: checking to see if
>> 'local.richardshapiro.com' is valid as type 3 name
>> 03/01/2021 09:43:28:155 NetpValidateName:
'local.richardshapiro.com'
>> is not a valid NetBIOS domain name: 0x7b
>> 03/01/2021 09:43:28:281 NetpCheckDomainNameIsValid [ Exists ] for
>> 'local.richardshapiro.com' returned 0x0
>> 03/01/2021 09:43:28:281 NetpValidateName: name
>> 'local.richardshapiro.com' is valid for type 3
>> 03/01/2021 09:43:28:281 NetpDsGetDcName: trying to find DC in domain
>> 'local.richardshapiro.com', flags: 0x1020
>> 03/01/2021 09:43:28:749 NetpDsGetDcName: failed to find a DC having
>> account 'KR-DEV$': 0x525, last error is 0x0
>> 03/01/2021 09:43:28:749 NetpDsGetDcName: found DC
>> '\\ss-prod.local.richardshapiro.com' in the specified domain
>> 03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDsGetDcName returned:
>> 0x0
>> 03/01/2021 09:43:28:749 NetpDisableIDNEncoding: using FQDN
>> local.richardshapiro.com from dcinfo
>> 03/01/2021 09:43:28:749 NetpDisableIDNEncoding:
>> DnsDisableIdnEncoding(UNTILREBOOT) on
'local.richardshapiro.com'
>> succeeded
>> 03/01/2021 09:43:28:749 NetpJoinDomainOnDs: NetpDisableIDNEncoding
>> returned: 0x0
>> 03/01/2021 09:43:28:765 NetUseAdd to
>> \\ss-prod.local.richardshapiro.com\IPC$ returned 384
>> 03/01/2021 09:43:28:765 NetpJoinDomainOnDs: status of connecting to
>> dc '\\ss-prod.local.richardshapiro.com': 0x180
>> 03/01/2021 09:43:28:765 NetpJoinDomainOnDs: Function exits with
>> status of: 0x180
>> 03/01/2021 09:43:28:765 NetpResetIDNEncoding:
>> DnsDisableIdnEncoding(RESETALL) on 'local.richardshapiro.com'
>> returned 0x0
>> 03/01/2021 09:43:28:765 NetpJoinDomainOnDs: NetpResetIDNEncoding on
>> 'local.richardshapiro.com': 0x0
>> 03/01/2021 09:43:28:765 NetpDoDomainJoin: status: 0x180
>>
>> kr
>
>
> OK, When you do the join, are you using
> 'local.richardshapiro.com\administrator' as the join user ?
>
> If so, try 'LOCAL\administrator' instead.
>
> Rowland
>
>
Is there a way to run a command? on the server (ie. smbclient) that will
tell what protocols are supported?
kr