thr3ads.net - samba - [Samba] HELP: Samba + Windows Server 2003 SP2 AD/DC [Jan 2009]

If this information is useful, please help other people find it:
Share via:
Henrik Dige Semark
2009-Jan-05 22:57 UTC
[Samba] HELP: Samba + Windows Server 2003 SP2 AD/DC

Hey, I don't know if this is the right list to ask this question in, but I
have tried on the IRC (irc.freenode.net #samba) and people on there advised me
to try here instead.


I have: 
Debian 4.0r4 
Samba version 3.0.24 - mail.birke-gym.dk - 10.3.16.1
krb5 Version 1.4.4-7etch6
Kernel Version 2.6.18-6-amd64

A Windows Server 2003 SP2 with AD/DC - bgdc.birke-gym.dk - 10.3.17.1

--------------------------------------------------------------------------------------

When I try to connect my samba to the DC I get this output:

# net ads join -U Administrator --debuglevel=10
[2009/01/05 23:30:39, 5] lib/debug.c:debug_dump_status(391)
  INFO: Current debug levels:
    all: True/10
    tdb: False/0
    printdrivers: False/0
    lanman: False/0
    smb: False/0
    rpc_parse: False/0
    rpc_srv: False/0
    rpc_cli: False/0
    passdb: False/0
    sam: False/0
    auth: False/0
    winbind: False/0
    vfs: False/0
    idmap: False/0
    quota: False/0
    acls: False/0
    locking: False/0
    msdfs: False/0
    dmapi: False/0
[2009/01/05 23:30:39, 3] param/loadparm.c:lp_load(4953)
  lp_load: refreshing parameters
[2009/01/05 23:30:39, 3] param/loadparm.c:init_globals(1418)
  Initialising global parameters
[2009/01/05 23:30:39, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2009/01/05 23:30:39, 3] param/loadparm.c:do_section(3695)
  Processing section "[global]"
  doing parameter server string = Debian 4.0 - Samba %v - BDC
  doing parameter workgroup = UNDERVISNING
  doing parameter security = ADS
  doing parameter idmap uid = 500-10000000
  doing parameter idmap gid = 500-10000000
  doing parameter template shell = /bin/bash
  doing parameter winbind use default domain = yes
  doing parameter winbind separator = %
  doing parameter winbind enum users = yes
  doing parameter winbind enum groups = yes
  doing parameter template homedir = /home/%D/%U
  doing parameter client use spnego = yes
  doing parameter password server = bgdc.birke-gym.dk
  doing parameter encrypt passwords = Yes
  doing parameter realm = UNDERVISNING.LOCAL
  doing parameter nt acl support = true
  doing parameter os level = 1000
  doing parameter preferred master = no
  doing parameter domain master = no
  doing parameter local master = no
  doing parameter domain logons = no
  doing parameter hide special files = Yes
  doing parameter hide unreadable = Yes
  doing parameter log level = 10
  doing parameter log file = /var/log/samba/UNDERVISNING
[2009/01/05 23:30:39, 4] param/loadparm.c:lp_load(4984)
  pm_process() returned Yes
[2009/01/05 23:30:39, 7] param/loadparm.c:lp_servicenumber(5120)
  lp_servicenumber: couldn't find homes
[2009/01/05 23:30:39, 10] param/loadparm.c:set_server_role(4229)
  set_server_role: role = ROLE_DOMAIN_MEMBER
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2LE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2LE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16LE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16LE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS-2BE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS-2BE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-16BE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-16BE
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF8
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF8
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UTF-8
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UTF-8
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset ASCII
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset ASCII
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset 646
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset 646
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset ISO-8859-1
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset ISO-8859-1
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(105)
  Attempting to register new charset UCS2-HEX
[2009/01/05 23:30:39, 5] lib/iconv.c:smb_register_charset(113)
  Registered charset UCS2-HEX
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/charcnv.c:charset_name(81)
  Substituting charset 'UTF-8' for LOCALE
[2009/01/05 23:30:39, 5] lib/util.c:init_names(286)
  Netbios name list:-
  my_netbios_names[0]="MAIL"
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=194.182.87.97 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=194.182.87.2 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=194.182.87.98 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=194.182.87.121 bcast=194.182.87.127 nmask=255.255.255.128
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=10.3.255.1 bcast=10.3.255.255 nmask=255.255.255.0
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=10.3.16.1 bcast=10.3.31.255 nmask=255.255.240.0
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=10.3.2.250 bcast=10.3.3.255 nmask=255.255.254.0
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=10.3.2.1 bcast=10.3.3.255 nmask=255.255.254.0
[2009/01/05 23:30:39, 2] lib/interface.c:add_interface(81)
  added interface ip=10.8.0.1 bcast=10.8.0.255 nmask=255.255.255.0
Administrator's password:
[2009/01/05 23:30:44, 6] libads/ldap.c:ads_find_dc(224)
  ads_find_dc: looking for realm 'UNDERVISNING.LOCAL'
[2009/01/05 23:30:44, 8] libsmb/namequery.c:get_sorted_dc_list(1551)
  get_sorted_dc_list: attempting lookup using [ads]
[2009/01/05 23:30:44, 5] lib/gencache.c:gencache_init(61)
  Opening cache file at /var/run/samba/gencache.tdb
[2009/01/05 23:30:44, 10] lib/gencache.c:gencache_get(329)
  Cache entry with key = SAF/DOMAIN/UNDERVISNING.LOCAL couldn't be found
[2009/01/05 23:30:44, 5] libsmb/namequery.c:saf_fetch(105)
  saf_fetch: failed to find server for "UNDERVISNING.LOCAL" domain
[2009/01/05 23:30:44, 3] libsmb/namequery.c:get_dc_list(1426)
  get_dc_list: preferred server list: ", bgdc.birke-gym.dk"
[2009/01/05 23:30:44, 10] libsmb/namequery.c:internal_resolve_name(1132)
  internal_resolve_name: looking up bgdc.birke-gym.dk#20
[2009/01/05 23:30:44, 10] lib/gencache.c:gencache_get(304)
  Returning valid cache entry: key = NBT/BGDC.BIRKE-GYM.DK#20, value =
10.3.17.1:0, timeout = Mon Jan  5 23:34:00 2009
[2009/01/05 23:30:44, 5] libsmb/namecache.c:namecache_fetch(201)
  name bgdc.birke-gym.dk#20 found.
[2009/01/05 23:30:44, 10] libsmb/namequery.c:remove_duplicate_addrs2(408)
  remove_duplicate_addrs2: looking for duplicate address/port pairs
[2009/01/05 23:30:44, 4] libsmb/namequery.c:get_dc_list(1529)
  get_dc_list: returning 1 ip addresses in an ordered list
[2009/01/05 23:30:44, 4] libsmb/namequery.c:get_dc_list(1530)
  get_dc_list: 10.3.17.1:389
[2009/01/05 23:30:44, 5] libads/ldap.c:ads_try_connect(127)
  ads_try_connect: sending CLDAP request to 10.3.17.1 (realm:
UNDERVISNING.LOCAL)
[2009/01/05 23:30:44, 10] libsmb/namequery.c:saf_store(71)
  saf_store: domain = [UNDERVISNING], server = [10.3.17.1], expire =
[1231195544]
[2009/01/05 23:30:44, 10] lib/gencache.c:gencache_set(140)
  Adding cache entry with key = SAF/DOMAIN/UNDERVISNING; value = 10.3.17.1 and
timeout = Mon Jan  5 23:45:44 2009
   (900 seconds ahead)
[2009/01/05 23:30:44, 3] libads/ldap.c:ads_connect(287)
  Connected to LDAP server 10.3.17.1

==== STOPS HERE FOR ABOUT 30 SEC ===
[2009/01/05 23:30:49, 0] utils/net_ads.c:ads_startup(289)
  ads_connect: Operations error
[2009/01/05 23:30:49, 2] utils/net.c:main(988)
  return code = -1

--------------------------------------------------------------------------------------

Windows Server Event log:
======Windows Server Event - [22:56:34]



Successful Network Logon:

    User Name:    BGDC$

    Domain:        UNDERVISNING

    Logon ID:        (0x0,0x1C82893)

    Logon Type:    3

    Logon Process:    Kerberos

    Authentication Package:    Kerberos

    Workstation Name:   
    Logon GUID:    {791dbfae-1330-1cc3-24ee-538ed69bc9d8}

    Caller User Name:    -

    Caller Domain:    -

    Caller Logon ID:    -

    Caller Process ID: -

    Transited Services: -

    Source Network Address:    10.3.17.1

    Source Port:    4831





For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.



=====================================


Windows Server Event - [22:56:34]

Special privileges assigned to new logon:

    User Name:    BGDC$

    Domain:        UNDERVISNING

    Logon ID:        (0x0,0x1C82893)

    Privileges:    SeSecurityPrivilege

           SeBackupPrivilege

           SeRestorePrivilege

           SeTakeOwnershipPrivilege

           SeDebugPrivilege

           SeSystemEnvironmentPrivilege

           SeLoadDriverPrivilege

           SeImpersonatePrivilege

           SeEnableDelegationPrivilege



For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.



=====================================


Windows Server Event - [23:01:34]

User Logoff:

    User Name:    BGDC$

    Domain:        UNDERVISNING

    Logon ID:        (0x0,0x1C82893)

    Logon Type:    3





For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.


--------------------------------------------------------------------------------------

My klist:
======# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: Administrator@UNDERVISNING.LOCAL

Valid starting     Expires            Service principal
01/04/09 16:36:47  01/04/09 23:16:47 
krbtgt/UNDERVISNING.LOCAL@UNDERVISNING.LOCAL


Kerberos 4 ticket cache: /tmp/tkt0
klist: You have no tickets cached

--------------------------------------------------------------------------------------

smb.conf
======cat /etc/samba/smb.conf | grep -v "#"
[global]
  server string = Debian 4.0 - Samba %v - BDC

  workgroup = UNDERVISNING

  security = ADS

  idmap uid = 500-10000000
  idmap gid = 500-10000000
  template shell = /bin/bash

  winbind use default domain = yes
  winbind separator = %
  winbind enum users = yes
  winbind enum groups = yes
  template homedir = /home/%D/%U

  client use spnego = yes

  password server = bgdc.birke-gym.dk
  encrypt passwords = Yes
  realm =  UNDERVISNING.LOCAL

  nt acl support = true
  os level = 1000

  preferred master = no
  domain master = no
  local master = no
  domain logons = no

  hide special files = Yes
  hide unreadable = Yes

log level = 10
log file = /var/log/samba/UNDERVISNING


[homes]
  comment = Home Directories
  valid users = %U
  browseable = no
  writable = yes

--------------------------------------------------------------------------------------

# testparm
Load smb config files from /etc/samba/smb.conf
Processing section "[homes]"
Loaded services file OK.
Server role: ROLE_DOMAIN_MEMBER
Press enter to see a dump of your service definitions
^C

--------------------------------------------------------------------------------------

krb5.conf
=====
[logging]
        default = FILE:/var/log/krb5libs.log
        #kdc = FILE:/var/log/krb5kdc.log
        #admin_server = FILE:/var/log/kadmind.log

[libdefaults]
        ticket_lifetime = 24000
        default_realm = UNDERVISNING.LOCAL

        default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc
        default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc

[realms]
#================ Birke-gym.dk ========================       
UNDERVISNING.LOCAL = {
                kdc = bgdc.birke-gym.dk
                admin_server = bgdc.birke-gym.dk
                default_domain = UNDERVISNING.LOCAL
                }

[domain_realm]
        .undervisning.local = UNDERVISNING.LOCAL
        undervisning.local = UNDERVISNING.LOCAL

[login]
        krb4_convert = true
        krb4_get_tickets = false

--------------------------------------------------------------------------------------

# cat /etc/hosts
127.0.0.1 localhost mail
127.0.1.1 mail.birke-gym.dk mail

10.3.17.1 bgdc.birke-gym.dk bgdc

--------------------------------------------------------------------------------------

Any suggestion ?

And how mutch do I have to setup on the Windows Server ? I have createt a krb.
trust on it and I use the pass I gave there, but is there more I have to set ?

Sorry for my bad english, and if there is anything plz feel free to write, all
help is resived with love

----
Med Venlig Hilsen / Best regards
Henrik Dige Semark


_________________________________________________________________
Spil det nye spil Atomic Subattle med dine venner i Windows Live Messenger
http://www2.messengerplayground.dk/spil/84
Possibly Parallel Threads

Search for more seemingly similar threads
samba - Jan 2009 - HELP: Samba + Windows Server 2003 SP2 AD/DC

[Samba] HELP: Samba + Windows Server 2003 SP2 AD/DC

Possibly Parallel Threads

Wisdom of the Ancients
