Hi,
SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1)
When I try to join (net ads join -U Administrator), I get :
Failed to join domain: failed to set machine spn: Can't contact LDAP server
My Pre-2000 domain name is CLSC_COTENEIGES
My DNS ADS name is clsccdn.rtss.qc.ca
DNS is ok, I've created an A/PTR record for linux box, ADS seems ok also
(netdiag/dcdiag)
i've tryied adding both servers into /etc/hosts... no results (upper case,
lower case..)
I've tryied a couple of things, like modifying my /etc/hosts, /etc/krb5.conf
all seems ok....
When turning debug on (-v10), relevants lines at the ends... :
[2008/10/22 22:11:10, 5] libads/ldap.c:ads_try_connect(188)
ads_try_connect: sending CLDAP request to cls06dlm00036.clsccdn.rtss.qc.ca
(realm: clsccdn.rtss.qc.ca)
[2008/10/22 22:11:10, 3] libads/ldap.c:ads_connect(430)
Successfully contacted LDAP server 10.48.128.36
[2008/10/22 22:11:11, 3] libads/ldap.c:ads_connect(480)
Connected to LDAP server cls06dlm00036.clsccdn.rtss.qc.ca
[2008/10/22 22:11:11, 4] libads/ldap.c:ads_current_time(2607)
time offset is -38 seconds
[2008/10/22 22:11:11, 4] libads/sasl.c:ads_sasl_bind(1112)
Found SASL mechanism GSS-SPNEGO
!!! LDAP works !!!
then
ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT
[2008/10/22 22:11:11, 5] lib/util.c:show_msg(642)
[2008/10/22 22:11:11, 5] lib/util.c:show_msg(652)
size=35
smb_com=0x71
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=51205
smb_tid=4099
smb_pid=12818
smb_uid=6146
smb_mid=23
smt_wct=0
smb_bcc=0
[2008/10/22 22:11:11, 1] libnet/libnet_join.c:libnet_Join(1801)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'CLSC_COTENEIGES'
dns_domain_name : 'clsccdn.rtss.qc.ca'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-669208389-835535488-317593308
modified_config : 0x00 (0)
error_string : 'failed to set machine spn:
Can't contact LDAP server'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
My krb5.conf :
[libdefaults]
default_realm = CLSCCDN.RTSS.QC.CA
clockskew = 300
dns_lookup_realm = false
dns_lookup_kdc = false
[realms]
CLSCCDN.RTSS.QC.CA = {
kdc = cls06dlm00036.clsccdn.rtss.qc.ca:88
default_domain = clsccdn.rtss.qc.ca
admin_server = cls06dlm00036.clsccdn.rtss.qc.ca:749
}
EXAMPLE.COM = {
kdc = kerberos.example.com
admin_server = kerberos.example.com
}
[logging]
kdc = FILE:/var/log/krb5/krb5kdc.log
admin_server = FILE:/var/log/krb5/kadmind.log
default = SYSLOG:NOTICE:DAEMON
[domain_realm]
.clsccdn.rtss.qc.ca = CLSCCDN.RTSS.QC.CA
[appdefaults]
pam = {
debug = true
validate = false
ticket_lifetime = 1d
renew_lifetime = 1d
forwardable = true
proxiable = false
retain_after_close = false
minimum_uid = 1
try_first_pass = true
}
THanks list for the help !!
Marc
Marc-Andre Vallee, CLE10, CLP, VCP, CLA, CNA
Coordonnateur des services Linux
Complys technologies inc.
Solutions informatiques sur mesure pour votre entreprise.
Montreal : (514) 645-2875 #103 Quebec : (418) 648-9270 #103
http://www.complys.com
AVIS DE CONFIDENTIALITE: L' information transmise avec ce courrier
electronique est de nature privilegie et confidentielle. Elle est destinee
l'usage exclusif de son destinataire. Si vous n'etes pas le destinataire
vise, vous etes par la presente avise qu'il est strictement interdit
d'utiliser cette information, de la copier, la distribuer ou la diffuser.
Veuillez s'il vous plait contacter l'expediteur initial du courrier
electronique et le detruire de votre ordinateur.
Roland Hebertinger
2008-Nov-03 18:55 UTC
[Samba] Re: join fails samba 3.2 & ADS 2003R2 SP2
Marc-Andre Vallee <Marc-Andre.Vallee <at> complys.com> writes:> > Hi, > > SLES10 SP2 x86_64 + Samba from repo (samba-3.2.4-8.1) > When I try to join (net ads join -U Administrator), I get : > Failed to join domain: failed to set machine spn: Can't contact LDAP serverAny news on this one? I have the same problem with a slightly different setup. I'm using a Samba 3.2.4 running on SLES 10 SP2 and try to join an AD running on a Windows 2008. Here's my output: # net ads join -U Administrator -d 3 [2008/11/03 19:35:42, 3] param/loadparm.c:lp_load_ex(8754) lp_load_ex: refreshing parameters [2008/11/03 19:35:42, 3] param/loadparm.c:init_globals(4597) Initialising global parameters [2008/11/03 19:35:42, 3] param/params.c:pm_process(569) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2008/11/03 19:35:42, 3] param/loadparm.c:do_section(7417) Processing section "[global]" [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=fe80::214:5eff:fed8:9816%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth1 ip=fe80::214:5eff:fed8:9818%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.28 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.144 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.145 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth0 ip=192.168.1.195 bcast=192.168.1.255 netmask=255.255.255.0 [2008/11/03 19:35:42, 2] lib/interface.c:add_interface(337) added interface eth1 ip=10.168.1.195 bcast=10.168.1.255 netmask=255.255.255.0 Enter Administrator's password: [2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1770) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'SR-HOME-1' domain_name : * domain_name : 'VERLAG.VN.IDOWA.DE' account_ou : NULL admin_account : 'Administrator' admin_password : * machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) secure_channel_type : SEC_CHAN_WKSTA (2) [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_start_connection(1632) Connecting to host=sr-dc-1.verlag.vn.idowa.de [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_lmhosts(1162) resolve_lmhosts: Attempting lmhosts lookup for name sr-dc-1.verlag.vn.idowa.de<0x20> [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1026) resolve_wins: Attempting wins lookup for name sr-dc-1.verlag.vn.idowa.de<0x20> [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_wins(1030) resolve_wins: WINS server resolution selected and no WINS servers listed. [2008/11/03 19:35:46, 3] libsmb/namequery.c:resolve_hosts(1244) resolve_hosts: Attempting host lookup for name sr-dc-1.verlag.vn.idowa.de<0x20> [2008/11/03 19:35:46, 3] lib/util_sock.c:open_socket_out(1331) Connecting to 192.168.1.82 at port 445 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(804) Doing spnego session setup (blob length=124) [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 48018 1 2 2 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 2 840 113554 1 2 2 3 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(831) got OID=1 3 6 1 4 1 311 2 2 10 [2008/11/03 19:35:46, 3] libsmb/cliconnect.c:cli_session_setup_spnego(839) got principal=not_defined_in_RFC4178@please_ignore [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1025) Got challenge flags: [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x62898215 [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1047) NTLMSSP: Set final flags: [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2008/11/03 19:35:46, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) NTLMSSP Sign/Seal - Initialising with flags: [2008/11/03 19:35:46, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) Got NTLMSSP neg_flags=0x60088215 [2008/11/03 19:35:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \lsarpc fnum 0x4000 bind request returned ok. [2008/11/03 19:35:46, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2086) rpc_pipe_bind: Remote machine sr-dc-1.verlag.vn.idowa.de pipe \samr fnum 0x4001 bind request returned ok. [2008/11/03 19:35:46, 3] libads/ldap.c:ads_connect(430) Successfully contacted LDAP server 192.168.1.82 [2008/11/03 19:35:46, 3] libads/ldap.c:ads_connect(480) Connected to LDAP server sr-dc-1.verlag.vn.idowa.de [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2 [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3 [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(780) ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10 [2008/11/03 19:35:46, 3] libads/sasl.c:ads_sasl_spnego_bind(789) ads_sasl_spnego_bind: got server principal name not_defined_in_RFC4178@please_ignore [2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_krb5_mk_req(671) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(604) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Tue, 04 Nov 2008 05:35:33 CET [2008/11/03 19:35:46, 3] libsmb/clikrb5.c:ads_krb5_mk_req(713) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2008/11/03 19:35:46, 1] libnet/libnet_join.c:libnet_Join(1801) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'VERLAG' dns_domain_name : 'verlag.vn.idowa.de' dn : NULL domain_sid : * domain_sid : S-1-5-21-1576172290-2542936531-3051237126 modified_config : 0x00 (0) error_string : 'failed to set machine spn: Can't contact LDAP server' domain_is_ad : 0x01 (1) result : WERR_GENERAL_FAILURE Failed to join domain: failed to set machine spn: Can't contact LDAP server [2008/11/03 19:35:46, 2] utils/net.c:main(1172) return code = -1 =================================== smb.conf: (adopted from the default one after installation of the rpms, changed lines marked with >) [global]> workgroup = VERLAG > realm = VERLAG.VN.IDOWA.DE > netbios name = sr-home-1 > security = ADS > password server = sr-dc-1.verlag.vn.idowa.deprinting = cups printcap name = cups printcap cache time = 750 cups options = raw map to guest = Bad User logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = Yes ==================================== krb5.conf: [libdefaults] default_realm = VERLAG.VN.IDOWA.DE clockskew = 300 [realms] VERLAG.VN.IDOWA.DE = { kdc = SR-DC-1.VERLAG.VN.IDOWA.DE admin_server = SR-DC-1.VERLAG.VN.IDOWA.DE kpasswd_server = SR-DC-1.VERLAG.VN.IDOWA.DE } [domain_realm] .verlag.vn.idowa.de = VERLAG.VN.IDOWA.DE [logging] default = SYSLOG:NOTICE:DAEMON kdc = FILE:/var/log/kdc.log kadmind = FILE:/var/log/kadmind.log [appdefaults] pam = { ticket_lifetime = 1d renew_lifetime = 1d forwardable = true proxiable = false retain_after_close = false minimum_uid = 0 debug = false } Any hint what to try or any idea where to search for further information is appreciated! -- Mit freundlichen Gr?ssen Roland Hebertinger Leiter EDV Technik Server / Netze =========================================================Straubinger Tagblatt EDV-Abteilung FON: +49.9421.940381 Ludwigsplatz 30 FAX: +49.9421.9406236 D-94315 Straubing http://www.idowa.de Email: rh@idowa.de ========================================================= Zeitungsgruppe Straubinger Tagblatt / Landshuter Zeitung Cl. Attenkofer'sche Buch- und Kunstdruckerei Verlagsbuchhandlung Straubing KG Registergericht: Amtsgericht Straubing, HRA 1118 ==========================================================
Apparently Analagous Threads
- Failed to join domain: failed to precreate account in ou (null): Out of memory
- 3.3.4 2008 Domain Join Error
- Compiling SAMBA on Solaris 10 to use AD on Windows 2008 server
- Cannot join Ubuntu12.04 Samba 4.1.17 to domain
- Samba 4.1.6-Ubuntu on 14.04 domain join seems successful with caveats, testjoin reports no logon servers...