thr3ads.net - samba - [Samba] 3.6.5 and "not_defined_in_RFC4178@please

If this information is useful, please help other people find it:
Share via:

alex.ranskis at free.fr

2012-May-21 16:17 UTC

[Samba] 3.6.5 and "not_defined_in_RFC4178@please_ignore" error

Hello,

We're having trouble joining an AD domain with 3.6.5

This message when running net join looks fishy :
"got principal=not_defined_in_RFC4178 at please_ignore"

OS : Solaris 10 x64
Kerberos : MIT krb5 1.10.1
DC servers are running Windows 2008

The error message is :
./net join -U aranskis
Enter aranskis's password:
Failed to join domain: failed to lookup DC info for domain 'CORP.NET'
over rpc: Logon failure
ADS join did not work, falling back to RPC...
Unable to find a suitable server for domain CORP
Unable to find a suitable server for domain CORP

with -d9, here's the hopefully relevant output :

ads_dns_lookup_srv: 18 records returned in the answer section.
namecache_store: storing 18 addresses for CORP.NET#1c: 10.219.244.253, [List of
DCs IP follows]
[..]
Successfully contacted LDAP server 10.219.244.253
[..]
got principal=not_defined_in_RFC4178 at please_ignore
[..]
SPNEGO login failed: Logon failure
failed session setup with NT_STATUS_LOGON_FAILURE
libnet_Join:
    libnet_JoinCtx: struct libnet_JoinCtx
        out: struct libnet_JoinCtx
            account_name             : NULL
            netbios_domain_name      : NULL
            dns_domain_name          : NULL
            forest_name              : NULL
            dn                       : NULL
            domain_sid               : NULL
                domain_sid               : (NULL SID)
            modified_config          : 0x00 (0)
            error_string             : 'failed to lookup DC info for domain
'CIB.NET' over rpc: Logon failure'
            domain_is_ad             : 0x00 (0)
            result                   : WERR_LOGON_FAILURE


relevant configuration options :

[global]
        realm=CORP.NET
        workgroup=CORP.NET
        security=ADS
        encrypt passwords = yes
        bind interfaces only = true
        interfaces = msusersncs



Any hints on the best way to try and figure out what is wrong when
trying to register in the AD ?
(the same config worked with samba 3.4.x, but the DCs were running Windows 2003)


Cheers,
Alex

Jim McDonough

2012-May-23 11:59 UTC

head link

[Samba] 3.6.5 and "not_defined_in_RFC4178@please_ignore" error

On Mon, May 21, 2012 at 12:17 PM,  <alex.ranskis at free.fr>
wrote:> We're having trouble joining an AD domain with 3.6.5
>
> This message when running net join looks fishy :
> "got principal=not_defined_in_RFC4178 at please_ignore"I'm sure it looks fishy, but it's not.  This is normal for newer
versions of windows (windows is sending it back).
>
> OS : Solaris 10 x64
> Kerberos : MIT krb5 1.10.1
> DC servers are running Windows 2008
>
> The error message is :
> ./net join -U aranskis
> Enter aranskis's password:
> Failed to join domain: failed to lookup DC info for domain
'CORP.NET'
> over rpc: Logon failure
> ADS join did not work, falling back to RPC...
> Unable to find a suitable server for domain CORP
> Unable to find a suitable server for domain CORP
>
> with -d9, here's the hopefully relevant output :
>
> ads_dns_lookup_srv: 18 records returned in the answer section.
> namecache_store: storing 18 addresses for CORP.NET#1c: 10.219.244.253,
[List of
> DCs IP follows]
> [..]
> Successfully contacted LDAP server 10.219.244.253
> [..]
> got principal=not_defined_in_RFC4178 at please_ignore
> [..]What's cut out here might be more helpful.  However, please see below
and try that first.
> SPNEGO login failed: Logon failure
> failed session setup with NT_STATUS_LOGON_FAILURE
> libnet_Join:
> ? ?libnet_JoinCtx: struct libnet_JoinCtx
> ? ? ? ?out: struct libnet_JoinCtx
> ? ? ? ? ? ?account_name ? ? ? ? ? ? : NULL
> ? ? ? ? ? ?netbios_domain_name ? ? ?: NULL
> ? ? ? ? ? ?dns_domain_name ? ? ? ? ?: NULL
> ? ? ? ? ? ?forest_name ? ? ? ? ? ? ?: NULL
> ? ? ? ? ? ?dn ? ? ? ? ? ? ? ? ? ? ? : NULL
> ? ? ? ? ? ?domain_sid ? ? ? ? ? ? ? : NULL
> ? ? ? ? ? ? ? ?domain_sid ? ? ? ? ? ? ? : (NULL SID)
> ? ? ? ? ? ?modified_config ? ? ? ? ?: 0x00 (0)
> ? ? ? ? ? ?error_string ? ? ? ? ? ? : 'failed to lookup DC info for
domain
> 'CIB.NET' over rpc: Logon failure'
> ? ? ? ? ? ?domain_is_ad ? ? ? ? ? ? : 0x00 (0)
> ? ? ? ? ? ?result ? ? ? ? ? ? ? ? ? : WERR_LOGON_FAILURE
>
>
> relevant configuration options :
>
> [global]
> ? ? ? ?realm=CORP.NET
> ? ? ? ?workgroup=CORP.NETPlease try changing this to just CORP (or whatever the "short" netbios
name is for the domain...not the dns name).
> ? ? ? ?security=ADS
> ? ? ? ?encrypt passwords = yes
> ? ? ? ?bind interfaces only = true
> ? ? ? ?interfaces = msusersncs
>
>
>
> Any hints on the best way to try and figure out what is wrong when
> trying to register in the AD ?
> (the same config worked with samba 3.4.x, but the DCs were running Windows
2003)

-- 
Jim McDonough
Samba Team
SUSE labs
jmcd at samba dot org
jmcd at themcdonoughs dot org

Possibly Parallel Threads

Search for more possibly parallel threads

samba - May 2012 - 3.6.5 and "not_defined_in_RFC4178@please_ignore" error

[Samba] 3.6.5 and "not_defined_in_RFC4178@please_ignore" error

[Samba] 3.6.5 and "not_defined_in_RFC4178@please_ignore" error

Possibly Parallel Threads