thr3ads.net - samba - [Samba] Join AD: no logon server [Oct 2008]

If this information is useful, please help other people find it:
Share via:

Tam McLaughlin

2008-Oct-23 08:04 UTC

[Samba] Join AD: no logon server

Hello,

I am trying to join my server to a Win2k AD domain.
I have configured kerberos and can get a ticket but when I try to join the
AD I get the error "Failed to join domain: No logon servers" as
detailed
below.

I have searched the archives and google and followed some suggestions to get
my files into the correct format but still have a problem.

I am using Samba version 3.0.32-0.fc8 on Fedora 8, kernel 2.6.25.11-60.fc8

I have detailed my krb5.conf, smb.conf, kinit cmd and debug output from my
net ads join cmd below.

Can anyone offer me any pointers?
Is there anything I can get the windows admin to check?

Thanks

Tam


===============/etc/krb5.conf
===============[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = NSUK.NSC.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 forwardable = yes

[realms]
 NSUK.NSC.COM = {
  kdc            = nsuk-ukdc3.nsuk.nsc.com
  admin_server   = nsuk-ukdc3.nsuk.nsc.com
  default_domain = nsuk.nsc.com
 }

[domain_realm]
 .nsuk.nsc.com = NSUK.NSC.COM
 nsuk.nsc.com = NSUK.NSC.COM

[appdefaults]
 pam = {
   debug = false
ticket_lifetime = 36000
   renew_lifetime = 36000
   forwardable = true
   krb4_convert = false
 }


============================/etc/samba/smb.conf
============================
[global]
        workgroup = NSUK
        netbios name = uklnxws01
        security = ads
        realm = NSUK.NSC.COM
        password server = 10.191.2.29
        encrypt passwords = yes
        domain master = no
        domain logons = no
        local master = no
        preferred master = no


=========kinit
=========#kinit  adminbm@NSUK.NSC.COM
Password for adminbm@NSUK.NSC.COM:
#klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: adminbm@NSUK.NSC.COM

Valid starting     Expires            Service principal
10/22/08 16:49:56  10/23/08 02:50:04  krbtgt/NSUK.NSC.COM@NSUK.NSC.COM
        renew until 10/23/08 16:49:56
Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached


========================other
========================
cat /etc/hosts
10.191.2.29     nsuk-ukdc3   nsuk-ukdc3.nsuk.nsc.com

cat /etc/resolv.conf
domain nsc.com
nameserver 10.191.2.29
nameserver x.x.x.x
nameserver y.y.y.y


nslookup nsuk-ukdc3.nsuk.nsc.com  & 10.191.2.29

returns ok

but

nslookup nsuk-ukdc3

does not unless I use nsuk-ukdc.nsuk.nsc.com

================================
I have tried using: net ads join in a number of combinations including
without the -S and createcomputer but the debug output is effectively the
same:

# net ads  join  createcomputer="servers/unix" -Snsuk-
ukdc3.uk.nsc.com -d10
[2008/10/22 16:51:35, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0

  Processing section "[global]"
  doing parameter workgroup = NSUK
  doing parameter netbios name = uklnxws01
[2008/10/22 16:51:35, 4] param/loadparm.c:handle_netbios_name(3153)
  handle_netbios_name: set global_myname to: UKLNXWS01
  doing parameter server string = Samba Server Version %v
  doing parameter security = ads
  doing parameter realm = NSUK.NSC.COM
  doing parameter password server = 10.191.2.29
  doing parameter encrypt passwords = yes
  doing parameter domain master = no
  doing parameter domain logons = no
  doing parameter local master = no
  doing parameter preferred master = no

2008/10/22 16:51:35, 4] param/loadparm.c:lp_load(5095)
  pm_process() returned Yes
[2008/10/22 16:51:35, 7] param/loadparm.c:lp_servicenumber(5233)
  lp_servicenumber: couldn't find homes
[2008/10/22 16:51:35, 10] param/loadparm.c:set_server_role(4339)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2008/10/22 16:51:35, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2LE

  Netbios name list:-
  my_netbios_names[0]="UKLNXWS01"
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
  added interface ip=10.191.164.102 bcast=10.191.164.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.122.1 bcast=192.168.122.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.87.1 bcast=192.168.87.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 2] lib/interface.c:add_interface(81)
  added interface ip=192.168.104.1 bcast=192.168.104.255 nmask=255.255.255.0
[2008/10/22 16:51:35, 5] lib/gencache.c:gencache_init(61)
  Opening cache file at /var/lib/samba/gencache.tdb
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:35, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for NSUK.NSC.COM
[2008/10/22 16:51:35, 4] libsmb/namequery_dc.c:ads_dc_name(73)
  ads_dc_name: domain=NSUK
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:35, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for NSUK.NSC.COM
[2008/10/22 16:51:35, 6] libads/ldap.c:ads_find_dc(294)
  ads_find_dc: looking for realm 'NSUK.NSC.COM'
[2008/10/22 16:51:35, 8] libsmb/namequery.c:get_sorted_dc_list(1644)
  get_sorted_dc_list: attempting lookup for name NSUK.NSC.COM (sitename
NULL) using [ads]
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = SAF/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:35, 5] libsmb/namequery.c:saf_fetch(133)
  saf_fetch: failed to find server for "NSUK.NSC.COM" domain
[2008/10/22 16:51:35, 3] libsmb/namequery.c:get_dc_list(1495)
  get_dc_list: preferred server list: ", 10.191.2.29"
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:35, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for NSUK.NSC.COM
[2008/10/22 16:51:35, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2008/10/22 16:51:35, 4] libsmb/namequery.c:get_dc_list(1605)
  get_dc_list: returning 1 ip addresses in an ordered list
[2008/10/22 16:51:35, 4] libsmb/namequery.c:get_dc_list(1606)
  get_dc_list: 10.191.2.29:389
[2008/10/22 16:51:35, 5] libads/ldap.c:ads_try_connect(180)
  ads_try_connect: sending CLDAP request to 10.191.2.29 (realm: NSUK.NSC.COM
)
[2008/10/22 16:51:35, 1] libads/cldap.c:recv_cldap_netlogon(247)
  Failed to parse cldap reply
[2008/10/22 16:51:35, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request 10.191.2.29 failed.
[2008/10/22 16:51:35, 10]
libsmb/conncache.c:add_failed_connection_entry(140)
  add_failed_connection_entry: added domain NSUK.NSC.COM (10.191.2.29) to
failed conn cache
[2008/10/22 16:51:35, 8] libsmb/namequery.c:get_sorted_dc_list(1644)
  get_sorted_dc_list: attempting lookup for name NSUK (sitename NULL) using
[lmhosts wins host bcast]
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = SAF/DOMAIN/NSUK couldn't be found
[2008/10/22 16:51:35, 5] libsmb/namequery.c:saf_fetch(133)
  saf_fetch: failed to find server for "NSUK" domain
[2008/10/22 16:51:35, 3] libsmb/namequery.c:get_dc_list(1495)
  get_dc_list: preferred server list: ", 10.191.2.29"
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:35, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for NSUK.NSC.COM
[2008/10/22 16:51:35, 10] libsmb/namequery.c:remove_duplicate_addrs2(435)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2008/10/22 16:51:35, 4] libsmb/namequery.c:get_dc_list(1605)
  get_dc_list: returning 1 ip addresses in an ordered list
[2008/10/22 16:51:35, 4] libsmb/namequery.c:get_dc_list(1606)
  get_dc_list: 10.191.2.29:389
[2008/10/22 16:51:35, 10] libsmb/namequery.c:name_status_find(303)
  name_status_find: looking up NSUK#1c at 10.191.2.29
[2008/10/22 16:51:35, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = NBT/NSUK#1C.20.10.191.2.29 couldn't be found
[2008/10/22 16:51:35, 5] libsmb/namecache.c:namecache_status_fetch(346)
  namecache_status_fetch: no entry for NBT/NSUK#1C.20.10.191.2.29 found.
[2008/10/22 16:51:35, 10] lib/util_sock.c:open_socket_in(831)
  bind succeeded on port 0
2008/10/22 16:51:35, 5] libsmb/nmblib.c:send_udp(779)
  Sending a packet of len 50 to (10.191.2.29) on port 137
[2008/10/22 16:51:35, 10] lib/util_sock.c:read_udp_socket(294)
  read_udp_socket: lastip 10.191.2.29 lastport 137 read: 319
[2008/10/22 16:51:35, 10] libsmb/nmblib.c:parse_nmb(506)
  parse_nmb: packet id = 10060
[2008/10/22 16:51:35, 5] libsmb/nmblib.c:read_packet(757)
  Received a packet of len 319 from (10.191.2.29) port 137
[2008/10/22 16:51:35, 4] libsmb/nmblib.c:debug_nmb_packet(112)
  nmb packet from 10.191.2.29(137) header: id=10060 opcode=Query(0)
response=Yes
      header: flags: bcast=No rec_avail=No rec_des=No trunc=No auth=Yes
      header: rcode=0 qdcount=0 ancount=1 nscount=0 arcount=0
answers: nmb_name=NSUK<1c> rr_type=33 rr_class=1 ttl=0
      answers   0 char .NSUK-UKDC3        hex
0B4E53554B2D554B4443332020202020
      answers  10 char .D.NSUK            hex
0044004E53554B202020202020202020
      answers  20 char   ...NSUK          hex
202000C4004E53554B20202020202020
      answers  30 char     ...NSUK-UKDC   hex
202020201CC4004E53554B2D554B4443
      answers  40 char 3      D.NSUK      hex
3320202020202044004E53554B202020
      answers  50 char         .D.NSUK-   hex
20202020202020201B44004E53554B2D
      answers  60 char UKDC3     .D.NSU   hex
554B44433320202020200344004E5355
      answers  70 char K           ...N   hex
4B20202020202020202020201EC4004E
      answers  80 char SUK           .D   hex
53554B20202020202020202020201D44
      answers  90 char ...__MSBROWSE__.   hex
0001025F5F4D5342524F5753455F5F02
      answers  a0 char ...ADMINDK         hex
01C40041444D494E444B202020202020
      answers  b0 char   .D.ADMINMS       hex
202003440041444D494E4D5320202020
      answers  c0 char     .D....4.....   hex
2020202003440000188B34C082000000
      answers  d0 char ................   hex
00000000000000000000000000000000
      answers  e0 char ................   hex
00000000000000000000000000000000
      answers  f0 char .....   hex 0000000000
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK-UKDC3#00: flags = 0x44
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK#00: flags = 0xc4
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK#1c: flags = 0xc4
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK-UKDC3#20: flags = 0x44
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK#1b: flags = 0x44
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK-UKDC3#03: flags = 0x44
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK#1e: flags = 0xc4
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  NSUK#1d: flags = 0x44
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  ^A^B__MSBROWSE__^B#01: flags = 0xc4
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  ADMINDK#03: flags = 0x44
[2008/10/22 16:51:35, 10] libsmb/namequery.c:parse_node_status(185)
  ADMINMS#03: flags = 0x44
[2008/10/22 16:51:35, 10] libsmb/namequery.c:name_status_find(342)
  name_status_find: name found, name NSUK-UKDC3 ip address is 10.191.2.29
[2008/10/22 16:51:35, 3] libsmb/namequery_dc.c:rpc_dc_name(194)
  rpc_dc_name: Returning DC NSUK-UKDC3 (10.191.2.29) for domain NSUK
[2008/10/22 16:51:35, 5] libads/ldap.c:ads_try_connect(180)
  ads_try_connect: sending CLDAP request to nsuk-ukdc3.uk.nsc.com (realm:
NSUK.NSC.COM)
[2008/10/22 16:51:38, 3] lib/util.c:interpret_addr(1332)
  sys_gethostbyname: Unknown host. nsuk-ukdc3.uk.nsc.com
[2008/10/22 16:51:38, 1] libads/cldap.c:recv_cldap_netlogon(219)
  no reply received to cldap netlogon
[2008/10/22 16:51:38, 3] libads/ldap.c:ads_try_connect(189)
  ads_try_connect: CLDAP request nsuk-ukdc3.uk.nsc.com failed.
[2008/10/22 16:51:38, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:38, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for NSUK.NSC.COM
[2008/10/22 16:51:38, 6] libads/ldap.c:ads_find_dc(294)
  ads_find_dc: looking for realm 'NSUK.NSC.COM'
[2008/10/22 16:51:38, 8] libsmb/namequery.c:get_sorted_dc_list(1644)
  get_sorted_dc_list: attempting lookup for name NSUK.NSC.COM (sitename
NULL) using [ads]
[2008/10/22 16:51:38, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = SAF/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:38, 5] libsmb/namequery.c:saf_fetch(133)
  saf_fetch: failed to find server for "NSUK.NSC.COM" domain
[2008/10/22 16:51:38, 3] libsmb/namequery.c:get_dc_list(1495)
  get_dc_list: preferred server list: ", 10.191.2.29"
[2008/10/22 16:51:38, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:38, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for NSUK.NSC.COM
[2008/10/22 16:51:38, 10]
libsmb/conncache.c:check_negative_conn_cache_timeout(86)
  check_negative_conn_cache: returning negative entry for NSUK.NSC.COM,
10.191.2.29
[2008/10/22 16:51:38, 5] libsmb/namequery.c:get_dc_list(1585)
  get_dc_list: negative entry 10.191.2.29 removed from DC list
[2008/10/22 16:51:38, 4] libsmb/namequery.c:get_dc_list(1605)
  get_dc_list: returning 0 ip addresses in an ordered list
[2008/10/22 16:51:38, 4] libsmb/namequery.c:get_dc_list(1606)
  get_dc_list:
[2008/10/22 16:51:38, 6] libads/ldap.c:ads_find_dc(294)
  ads_find_dc: looking for domain 'NSUK.NSC.COM'
[2008/10/22 16:51:38, 8] libsmb/namequery.c:get_sorted_dc_list(1644)
  get_sorted_dc_list: attempting lookup for name NSUK.NSC.COM (sitename
NULL) using [lmhosts wins host bcast]
[2008/10/22 16:51:38, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = SAF/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:38, 5] libsmb/namequery.c:saf_fetch(133)
  saf_fetch: failed to find server for "NSUK.NSC.COM" domain
[2008/10/22 16:51:38, 3] libsmb/namequery.c:get_dc_list(1495)
  get_dc_list: preferred server list: ", 10.191.2.29"
[2008/10/22 16:51:38, 10] lib/gencache.c:gencache_get(212)
  Cache entry with key = AD_SITENAME/DOMAIN/NSUK.NSC.COM couldn't be found
[2008/10/22 16:51:38, 5] libads/dns.c:sitename_fetch(706)
  sitename_fetch: No stored sitename for NSUK.NSC.COM
[2008/10/22 16:51:38, 10]
libsmb/conncache.c:check_negative_conn_cache_timeout(86)
  check_negative_conn_cache: returning negative entry for NSUK.NSC.COM,
10.191.2.29
[2008/10/22 16:51:38, 5] libsmb/namequery.c:get_dc_list(1585)
  get_dc_list: negative entry 10.191.2.29 removed from DC list
[2008/10/22 16:51:38, 4] libsmb/namequery.c:get_dc_list(1605)
  get_dc_list: returning 0 ip addresses in an unordered list
[2008/10/22 16:51:38, 4] libsmb/namequery.c:get_dc_list(1606)
  get_dc_list:
[2008/10/22 16:51:38, 0] utils/net_ads.c:ads_startup_int(286)
  ads_connect: No logon servers
[2008/10/22 16:51:38, 1] utils/net_ads.c:net_ads_join(1470)
  error on ads_startup: No logon servers
[2008/10/22 16:51:38, 10] intl/lang_tdb.c:lang_tdb_init(138)
  lang_tdb_init: /usr/lib/samba/en_US.UTF-8.msg: No such file or directory
Failed to join domain: No logon servers
[2008/10/22 16:51:38, 2] utils/net.c:main(1075)
  return code = -1

Ray Van Dolson

2008-Oct-23 14:26 UTC

head link

[Samba] Join AD: no logon server

On Thu, Oct 23, 2008 at 01:03:56AM -0700, Tam McLaughlin
wrote:> Hello,
> 
> I am trying to join my server to a Win2k AD domain.
> I have configured kerberos and can get a ticket but when I try to join the
> AD I get the error "Failed to join domain: No logon servers" as
detailed
> below.
> 
> I have searched the archives and google and followed some suggestions to
get
> my files into the correct format but still have a problem.
> 
> I am using Samba version 3.0.32-0.fc8 on Fedora 8, kernel 2.6.25.11-60.fc8
> 
> I have detailed my krb5.conf, smb.conf, kinit cmd and debug output from my
> net ads join cmd below.
> 
> Can anyone offer me any pointers?
> Is there anything I can get the windows admin to check?
> 
> Thanks
> 
> Tam
>From looking at the debug info, it doesn't seem that 10.191.2.29 isanswering properly.

Ray

Maybe Matching Threads

Search for more maybe matching threads

samba - Oct 2008 - Join AD: no logon server

[Samba] Join AD: no logon server

[Samba] Join AD: no logon server

Maybe Matching Threads