Hi all:
=20
After I upgraded to samba 3.0.23d, I can=A1=A6t use net ads info to retrieve DC
information.
=20
In my previous version (3.0.21c), I can use net ads info and get the
information:
LDAP server: 172.23.26.204
LDAP server name: nas-2003
Realm: NAS.LOCAL
Bind Path: dc=3DNAS,dc=3DLOCAL
LDAP port: 389
Server time: Mon, 22 Jan 2007 09:51:02 GMT
KDC server: 172.23.26.204
Server time offset: -60
=20
After upgrade to 3.0.23d:
Didn't find the ldap server!
=20
The detailed information is as follows:
It seem there=A1=A6s some problem with protocol negotiation. My openldap version
is 2.1.22. I also tried 2.3.32, but also fail.=20
Could someone help me out?
=20
Thanks,
Latrell.
=20
=20
[2007/01/22 18:00:24, 3] param/loadparm.c:lp_load(4945)
lp_load: refreshing parameters
[2007/01/22 18:00:24, 3] param/loadparm.c:init_globals(1410)
Initialising global parameters
[2007/01/22 18:00:24, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2007/01/22 18:00:24, 3] param/loadparm.c:do_section(3687)
Processing section "[global]"
[2007/01/22 18:00:24, 3] lib/module.c:do_smb_load_module(49)
Error loading module '/usr/lib/charset/ANSI_X3.4-1968.so':
/usr/lib/charset/ANSI_X3.4-1968.so: cannot open shared object file: No such file
or directory
[2007/01/22 18:00:24, 2] lib/interface.c:add_interface(81)
added interface ip=3D172.23.26.152 bcast=3D172.23.26.255 nmask=3D255.255.255.0
[2007/01/22 18:00:24, 3] libsmb/namequery.c:get_dc_list(1426)
get_dc_list: preferred server list: "172.23.26.204, NAS.LOCAL *"
[2007/01/22 18:00:24, 1] libads/cldap.c:recv_cldap_netlogon(240)
Failed to parse cldap reply
[2007/01/22 18:00:24, 3] libads/ldap.c:ads_try_connect(136)
ads_try_connect: CLDAP request 172.23.26.204 failed.
Didn't find the ldap server!
[2007/01/22 18:00:24, 2] utils/net.c:main(988)
return code =3D -1
=20
[smb.conf]
[global]
dos charset =3D UTF8
display charset =3D UTF8
unix charset =3D UTF8
server string =3D %h
netbios name =3D NSAF933
write ok =3D yes
guest account =3D smbguest
map to guest =3D bad user
encrypt passwords =3D yes
map archive =3D no
client use spnego =3D no
auth methods =3D guest sam_ignoredomain winbind:ntdomain
host msdfs =3D yes
winbind use default domain =3D yes
=20
workgroup =3D NAS
security =3D ads
password server =3D NAS.LOCAL *
idmap uid =3D 100000-500000
idmap gid =3D 100000-500000
winbind cache time =3D 15
template homedir =3D /tmp/users/home/%D/%U
template shell =3D /bin/bash
=20
Gerald (Jerry) Carter
2007-Jan-22 14:08 UTC
[Samba] net ads info can't find the ldap server.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Latrell Wang ¤ýÄmºõ wrote:> Failed to parse cldap replyCan you send me a raw sniff from Wireshark? And a level 10 debug log from 'net ads info'? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+ dsmGJx76nEC30nf7qX64tko=BHrj -----END PGP SIGNATURE-----
Hi Jerry: I've sent you yesterday, but it seems something wrong. I send it again. Thanks, Latrell. -----Original Message----- From: samba-bounces+zorg=probesys.com@lists.samba.org [mailto:samba-bounces+zorg=probesys.com@lists.samba.org] On Behalf Of Gerald (Jerry) Carter Sent: Monday, January 22, 2007 10:08 PM To: Latrell Wang ¤ýÄmºõ Cc: samba@lists.samba.org Subject: Re: [Samba] net ads info can't find the ldap server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Latrell Wang ¤ýÄmºõ wrote:> Failed to parse cldap replyCan you send me a raw sniff from Wireshark? And a level 10 debug log from 'net ads info'? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+ dsmGJx76nEC30nf7qX64tko=BHrj -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
I looked into the source code, and have some observations: 1. I don't wrote the realm in my smb.conf, because I get the realm form net ads info. Once I set realm in the smb.conf, net ads info worked. Does it mean the realm is needed in smb.conf? In libads\Ldap.c, the ads_try connect() do not have the realm value (ads->server.realm). Is there anything wrong in my environment? Or the realm must be in smb.conf? 2. When I try to join domain, using net ads join -Uadministrator%password, I got the following message: Using short domain name -- NAS Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'NSAF933' in realm 'NAS.LOCAL' I found the problem is in util\net_ads.c. The function net_set_machine_spn() do=20 Line:1001 status =3D ads_gen_mod(ads_s, new_dn, mods). It returns 20 and let the ADS_ERROR_OK() check fail. Mark the line join domain will be successfully. Please give me some advise. Thanks, Latrell -----Original Message----- From: Latrell Wang =A4=FD=C4m=BA=F5=20 Sent: Wednesday, January 24, 2007 9:26 AM To: 'Gerald (Jerry) Carter' Cc: samba@lists.samba.org Subject: RE: [Samba] net ads info can't find the ldap server. Hi Jerry: I've sent you yesterday, but it seems something wrong. I send it again. Thanks, Latrell. -----Original Message----- From: samba-bounces+zorg=3Dprobesys.com@lists.samba.org [mailto:samba-bounces+zorg=3Dprobesys.com@lists.samba.org] On Behalf Of Gerald (Jerry) Carter Sent: Monday, January 22, 2007 10:08 PM To: Latrell Wang =A4=FD=C4m=BA=F5 Cc: samba@lists.samba.org Subject: Re: [Samba] net ads info can't find the ldap server. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Latrell Wang =A4=FD=C4m=BA=F5 wrote:> Failed to parse cldap replyCan you send me a raw sniff from Wireshark? And a level 10 debug log from 'net ads info'? cheers, jerry -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+ dsmGJx76nEC30nf7qX64tko=3D =3DBHrj -----END PGP SIGNATURE----- --=20 To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba