On 10.03.2015 20:20, Rowland Penny wrote:> > OK, the first will not work (well not yet), the second should, I > take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before > the join ? > > You could try 'net ads join -U Administrator' and enter the > password when prompted, I personally have never seen the point in > using kerberos during the join, either way you have to enter the > Administrator password :-) > > Rowland >OK, new try... I did kinit Administrator at AD.DILKEN.EU, but I have always to enter the passowrd with or without kerberos. Now I try it without -k: net ads join -UAdministrator -d 10 Result: INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lp_load_ex: refreshing parameters Initialising global parameters INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 params.c:pm_process() - Processing configuration file "/usr/local/etc/smb4.conf" Processing section "[global]" doing parameter netbios name = fileserver doing parameter workgroup = AD doing parameter security = ADS doing parameter realm = AD.DILKEN.EU doing parameter dedicated keytab file = /usr/local/etc/krb5.keytab doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g doing parameter server role = member server doing parameter winbind refresh tickets = yes doing parameter use sendfile = true doing parameter idmap config *:backend = tdb doing parameter idmap config *:range = 2000-9999 doing parameter idmap config AD:backend = ad doing parameter idmap config AD:schema_mode = rfc2307 doing parameter idmap config AD:range = 10000-99999 doing parameter winbind nss info = rfc2307 doing parameter winbind trusted domains only = no doing parameter winbind use default domain = yes doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter log level = 10 doing parameter read only = no doing parameter inherit permissions = No doing parameter inherit acls = No doing parameter inherit owner = No doing parameter force unknown acl user = No doing parameter store dos attributes = Yes doing parameter map read only = No doing parameter vfs objects = zfsacl doing parameter nfs4:mode = special doing parameter nfs4:acedup = merge doing parameter nfs4:chown = yes pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="FILESERVER" added interface nfe0 ip=192.168.2.87 bcast=192.168.2.255 netmask=255.255.255.0 Registering messaging pointer for type 2 - private_data=0x0 Registering messaging pointer for type 9 - private_data=0x0 Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=0x0 Registering messaging pointer for type 12 - private_data=0x0 Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=0x0 Registering messaging pointer for type 5 - private_data=0x0 Enter Administrator's password: libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'FILESERVER' domain_name : * domain_name : 'AD.DILKEN.EU' account_ou : NULL admin_account : 'Administrator' machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) Opening cache file at /var/db/samba4/gencache.tdb Opening cache file at /var/db/samba4/gencache_notrans.tdb sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" dsgetdcname_internal: domain_name: AD.DILKEN.EU, domain_guid: (null), site_name: Neuoetting, flags: 0x40001011 debug_dsdcinfo_flags: 0x40001011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME dsgetdcname_rediscover ads_dns_lookup_srv: 1 records returned in the answer section. ads_dns_parse_rr_srv: Parsed dc2.ad.dilken.eu [0, 100, 389] LDAP ping to dc2.ad.dilken.eu &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000003fc (1020) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 56b6b4e7-d3f5-448d-ae4b-5b68a3662b2f forest : 'ad.dilken.eu' dns_domain : 'ad.dilken.eu' pdc_dns_name : 'dc2.ad.dilken.eu' domain_name : 'AD' pdc_name : 'DC2' user_name : '' server_site : 'Neuoetting' client_site : 'Neuoetting' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) Did not store value for DSGETDCNAME/DOMAIN/AD, we already got it sitename_store: realm = [AD], sitename = [Neuoetting], expire [2147483647] Did not store value for AD_SITENAME/DOMAIN/AD, we already got it Adding cache entry with key=[DSGETDCNAME/DOMAIN/AD.DILKEN.EU] and timeout=[Di M?r 10 21:25:28 2015 CET] (900 seconds ahead) sitename_store: realm = [ad.dilken.eu], sitename = [Neuoetting], expire = [2147483647] Did not store value for AD_SITENAME/DOMAIN/AD.DILKEN.EU, we already got it sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" internal_resolve_name: looking up dc2.ad.dilken.eu#20 (sitename Neuoetting) Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Do Jan 1 01:00:00 1970 CET] (-1426018228 seconds in the past) no entry for dc2.ad.dilken.eu#20 found. resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error was No such file or directory resolve_wins: WINS server resolution selected and no WINS servers listed. resolve_hosts: Attempting host lookup for name dc2.ad.dilken.eu<0x20> remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 1 address for dc2.ad.dilken.eu#20: 192.168.2.2 Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Di M?r 10 21:21:28 2015 CET] (660 seconds ahead) internal_resolve_name: returning 1 addresses: 192.168.2.2:0 Connecting to 192.168.2.2 at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 4 TCP_KEEPCNT = 0 TCP_KEEPIDLE = 0 TCP_KEEPINTVL = 0 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 66608 SO_RCVBUF = 66608 SO_SNDLOWAT = 2048 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 Doing spnego session setup (blob length=96) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0002 (2) DomainNameMaxLen : 0x0002 (2) DomainName : * DomainName : 'AD' WorkstationLen : 0x000a (10) WorkstationMaxLen : 0x000a (10) Workstation : * Workstation : 'FILESERVER' challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0004 (4) TargetNameMaxLen : 0x0004 (4) TargetName : * TargetName : 'AD' NegotiateFlags : 0x60898215 (1619624469) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : 5de2f6f04d891106 Reserved : 0000000000000000 TargetInfoLen : 0x0056 (86) TargetNameInfoMaxLen : 0x0056 (86) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000005 (5) pair: ARRAY(5) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0004 (4) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'AD' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0006 (6) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'DC2' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x0018 (24) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'ad.dilken.eu' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0020 (32) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'dc2.ad.dilken.eu' pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Got challenge flags: Got NTLMSSP neg_flags=0x60898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH Bus error (Speicherabzug geschrieben) The final result is the same as above. Greetings, Roman
On 10/03/15 20:14, Roman Dilken wrote:> On 10.03.2015 20:20, Rowland Penny wrote: > >> OK, the first will not work (well not yet), the second should, I >> take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before >> the join ? >> >> You could try 'net ads join -U Administrator' and enter the >> password when prompted, I personally have never seen the point in >> using kerberos during the join, either way you have to enter the >> Administrator password :-) >> >> Rowland >> > OK, new try... I did kinit Administrator at AD.DILKEN.EU, but I have > always to enter the passowrd with or without kerberos. > > Now I try it without -k: > > net ads join -UAdministrator -d 10 > > Result: > > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > params.c:pm_process() - Processing configuration file > "/usr/local/etc/smb4.conf" > Processing section "[global]" > doing parameter netbios name = fileserver > doing parameter workgroup = AD > doing parameter security = ADS > doing parameter realm = AD.DILKEN.EU > doing parameter dedicated keytab file = /usr/local/etc/krb5.keytab > doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g > doing parameter server role = member server > doing parameter winbind refresh tickets = yes > doing parameter use sendfile = true > doing parameter idmap config *:backend = tdb > doing parameter idmap config *:range = 2000-9999 > doing parameter idmap config AD:backend = ad > doing parameter idmap config AD:schema_mode = rfc2307 > doing parameter idmap config AD:range = 10000-99999 > doing parameter winbind nss info = rfc2307 > doing parameter winbind trusted domains only = no > doing parameter winbind use default domain = yes > doing parameter winbind enum users = yes > doing parameter winbind enum groups = yes > doing parameter log level = 10 > doing parameter read only = no > doing parameter inherit permissions = No > doing parameter inherit acls = No > doing parameter inherit owner = No > doing parameter force unknown acl user = No > doing parameter store dos attributes = Yes > doing parameter map read only = No > doing parameter vfs objects = zfsacl > doing parameter nfs4:mode = special > doing parameter nfs4:acedup = merge > doing parameter nfs4:chown = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="FILESERVER" > added interface nfe0 ip=192.168.2.87 bcast=192.168.2.255 > netmask=255.255.255.0 > Registering messaging pointer for type 2 - private_data=0x0 > Registering messaging pointer for type 9 - private_data=0x0 > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=0x0 > Registering messaging pointer for type 12 - private_data=0x0 > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=0x0 > Registering messaging pointer for type 5 - private_data=0x0 > Enter Administrator's password: > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'FILESERVER' > domain_name : * > domain_name : 'AD.DILKEN.EU' > account_ou : NULL > admin_account : 'Administrator' > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > Opening cache file at /var/db/samba4/gencache.tdb > Opening cache file at /var/db/samba4/gencache_notrans.tdb > sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" > dsgetdcname_internal: domain_name: AD.DILKEN.EU, domain_guid: (null), > site_name: Neuoetting, flags: 0x40001011 > debug_dsdcinfo_flags: 0x40001011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED > DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME > dsgetdcname_rediscover > ads_dns_lookup_srv: 1 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed dc2.ad.dilken.eu [0, 100, 389] > LDAP ping to dc2.ad.dilken.eu > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000003fc (1020) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 56b6b4e7-d3f5-448d-ae4b-5b68a3662b2f > forest : 'ad.dilken.eu' > dns_domain : 'ad.dilken.eu' > pdc_dns_name : 'dc2.ad.dilken.eu' > domain_name : 'AD' > pdc_name : 'DC2' > user_name : '' > server_site : 'Neuoetting' > client_site : 'Neuoetting' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > Did not store value for DSGETDCNAME/DOMAIN/AD, we already got it > sitename_store: realm = [AD], sitename = [Neuoetting], expire > [2147483647] > Did not store value for AD_SITENAME/DOMAIN/AD, we already got it > Adding cache entry with key=[DSGETDCNAME/DOMAIN/AD.DILKEN.EU] and > timeout=[Di M?r 10 21:25:28 2015 CET] (900 seconds ahead) > sitename_store: realm = [ad.dilken.eu], sitename = [Neuoetting], > expire = [2147483647] > Did not store value for AD_SITENAME/DOMAIN/AD.DILKEN.EU, we already got it > sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" > internal_resolve_name: looking up dc2.ad.dilken.eu#20 (sitename > Neuoetting) > Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Do > Jan 1 01:00:00 1970 CET] (-1426018228 seconds in the past) > no entry for dc2.ad.dilken.eu#20 found. > resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> > startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error > was No such file or directory > resolve_wins: WINS server resolution selected and no WINS servers listed. > resolve_hosts: Attempting host lookup for name dc2.ad.dilken.eu<0x20> > remove_duplicate_addrs2: looking for duplicate address/port pairs > namecache_store: storing 1 address for dc2.ad.dilken.eu#20: 192.168.2.2 > Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Di > M?r 10 21:21:28 2015 CET] (660 seconds ahead) > internal_resolve_name: returning 1 addresses: 192.168.2.2:0 > Connecting to 192.168.2.2 at port 445 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 4 > TCP_KEEPCNT = 0 > TCP_KEEPIDLE = 0 > TCP_KEEPINTVL = 0 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 66608 > SO_RCVBUF = 66608 > SO_SNDLOWAT = 2048 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > Doing spnego session setup (blob length=96) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0002 (2) > DomainNameMaxLen : 0x0002 (2) > DomainName : * > DomainName : 'AD' > WorkstationLen : 0x000a (10) > WorkstationMaxLen : 0x000a (10) > Workstation : * > Workstation : 'FILESERVER' > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0004 (4) > TargetNameMaxLen : 0x0004 (4) > TargetName : * > TargetName : 'AD' > NegotiateFlags : 0x60898215 (1619624469) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 1: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : 5de2f6f04d891106 > Reserved : 0000000000000000 > TargetInfoLen : 0x0056 (86) > TargetNameInfoMaxLen : 0x0056 (86) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000005 (5) > pair: ARRAY(5) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0004 (4) > Value : union > ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'AD' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName > (0x1) > AvLen : 0x0006 (6) > Value : union > ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'DC2' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName > (0x4) > AvLen : 0x0018 (24) > Value : union > ntlmssp_AvValue(case 0x4) > AvDnsDomainName : 'ad.dilken.eu' > pair: struct AV_PAIR > AvId : > MsvAvDnsComputerName (0x3) > AvLen : 0x0020 (32) > Value : union > ntlmssp_AvValue(case 0x3) > AvDnsComputerName : 'dc2.ad.dilken.eu' > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union > ntlmssp_AvValue(case 0x0) > Got challenge flags: > Got NTLMSSP neg_flags=0x60898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > Bus error (Speicherabzug geschrieben) > > The final result is the same as above. > > Greetings, > > RomanIt looks like it cannot find a DC. You never did say what you are trying to join to, Samba 4 AD server, windows AD server or what ? What does /etc.resolv.conf point to ?? Is it your AD DC server ? Rowland
Oh, I have a pair of samba-4.1.17-DC's, raspberry-pi and dc2 to which make the domain ad.dilken.eu on site Neuoetting. resolv.conf points to the two dc's: search ad.dilken.eu nameserver 192.168.2.33 nameserver 192.168.2.2 In the output I find some relations to dc2 resp. 192.168.2.2, but perhaps it doesn't work as expected.. Greetings Am 10.03.2015 um 21:23 schrieb Rowland Penny:> On 10/03/15 20:14, Roman Dilken wrote: >> On 10.03.2015 20:20, Rowland Penny wrote: >> >>> OK, the first will not work (well not yet), the second should, I >>> take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before >>> the join ? >>> >>> You could try 'net ads join -U Administrator' and enter the >>> password when prompted, I personally have never seen the point in >>> using kerberos during the join, either way you have to enter the >>> Administrator password :-) >>> >>> Rowland >>> >> OK, new try... I did kinit Administrator at AD.DILKEN.EU, but I have >> always to enter the passowrd with or without kerberos. >> >> Now I try it without -k: >> >> net ads join -UAdministrator -d 10 >> >> Result: >> >> INFO: Current debug levels: >> all: 10 >> tdb: 10 >> printdrivers: 10 >> lanman: 10 >> smb: 10 >> rpc_parse: 10 >> rpc_srv: 10 >> rpc_cli: 10 >> passdb: 10 >> sam: 10 >> auth: 10 >> winbind: 10 >> vfs: 10 >> idmap: 10 >> quota: 10 >> acls: 10 >> locking: 10 >> msdfs: 10 >> dmapi: 10 >> registry: 10 >> scavenger: 10 >> dns: 10 >> ldb: 10 >> lp_load_ex: refreshing parameters >> Initialising global parameters >> INFO: Current debug levels: >> all: 10 >> tdb: 10 >> printdrivers: 10 >> lanman: 10 >> smb: 10 >> rpc_parse: 10 >> rpc_srv: 10 >> rpc_cli: 10 >> passdb: 10 >> sam: 10 >> auth: 10 >> winbind: 10 >> vfs: 10 >> idmap: 10 >> quota: 10 >> acls: 10 >> locking: 10 >> msdfs: 10 >> dmapi: 10 >> registry: 10 >> scavenger: 10 >> dns: 10 >> ldb: 10 >> params.c:pm_process() - Processing configuration file >> "/usr/local/etc/smb4.conf" >> Processing section "[global]" >> doing parameter netbios name = fileserver >> doing parameter workgroup = AD >> doing parameter security = ADS >> doing parameter realm = AD.DILKEN.EU >> doing parameter dedicated keytab file = /usr/local/etc/krb5.keytab >> doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g >> doing parameter server role = member server >> doing parameter winbind refresh tickets = yes >> doing parameter use sendfile = true >> doing parameter idmap config *:backend = tdb >> doing parameter idmap config *:range = 2000-9999 >> doing parameter idmap config AD:backend = ad >> doing parameter idmap config AD:schema_mode = rfc2307 >> doing parameter idmap config AD:range = 10000-99999 >> doing parameter winbind nss info = rfc2307 >> doing parameter winbind trusted domains only = no >> doing parameter winbind use default domain = yes >> doing parameter winbind enum users = yes >> doing parameter winbind enum groups = yes >> doing parameter log level = 10 >> doing parameter read only = no >> doing parameter inherit permissions = No >> doing parameter inherit acls = No >> doing parameter inherit owner = No >> doing parameter force unknown acl user = No >> doing parameter store dos attributes = Yes >> doing parameter map read only = No >> doing parameter vfs objects = zfsacl >> doing parameter nfs4:mode = special >> doing parameter nfs4:acedup = merge >> doing parameter nfs4:chown = yes >> pm_process() returned Yes >> lp_servicenumber: couldn't find homes >> Netbios name list:- >> my_netbios_names[0]="FILESERVER" >> added interface nfe0 ip=192.168.2.87 bcast=192.168.2.255 >> netmask=255.255.255.0 >> Registering messaging pointer for type 2 - private_data=0x0 >> Registering messaging pointer for type 9 - private_data=0x0 >> Registered MSG_REQ_POOL_USAGE >> Registering messaging pointer for type 11 - private_data=0x0 >> Registering messaging pointer for type 12 - private_data=0x0 >> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >> Registering messaging pointer for type 1 - private_data=0x0 >> Registering messaging pointer for type 5 - private_data=0x0 >> Enter Administrator's password: >> libnet_Join: >> libnet_JoinCtx: struct libnet_JoinCtx >> in: struct libnet_JoinCtx >> dc_name : NULL >> machine_name : 'FILESERVER' >> domain_name : * >> domain_name : 'AD.DILKEN.EU' >> account_ou : NULL >> admin_account : 'Administrator' >> machine_password : NULL >> join_flags : 0x00000023 (35) >> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS >> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME >> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT >> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN >> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED >> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE >> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED >> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE >> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE >> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE >> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE >> os_version : NULL >> os_name : NULL >> create_upn : 0x00 (0) >> upn : NULL >> modify_config : 0x00 (0) >> ads : NULL >> debug : 0x01 (1) >> use_kerberos : 0x00 (0) >> secure_channel_type : SEC_CHAN_WKSTA (2) >> Opening cache file at /var/db/samba4/gencache.tdb >> Opening cache file at /var/db/samba4/gencache_notrans.tdb >> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" >> dsgetdcname_internal: domain_name: AD.DILKEN.EU, domain_guid: (null), >> site_name: Neuoetting, flags: 0x40001011 >> debug_dsdcinfo_flags: 0x40001011 >> DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED >> DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME >> dsgetdcname_rediscover >> ads_dns_lookup_srv: 1 records returned in the answer section. >> ads_dns_parse_rr_srv: Parsed dc2.ad.dilken.eu [0, 100, 389] >> LDAP ping to dc2.ad.dilken.eu >> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX >> command : LOGON_SAM_LOGON_RESPONSE_EX (23) >> sbz : 0x0000 (0) >> server_type : 0x000003fc (1020) >> 0: NBT_SERVER_PDC >> 1: NBT_SERVER_GC >> 1: NBT_SERVER_LDAP >> 1: NBT_SERVER_DS >> 1: NBT_SERVER_KDC >> 1: NBT_SERVER_TIMESERV >> 1: NBT_SERVER_CLOSEST >> 1: NBT_SERVER_WRITABLE >> 1: NBT_SERVER_GOOD_TIMESERV >> 0: NBT_SERVER_NDNC >> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 >> 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 >> 0: NBT_SERVER_ADS_WEB_SERVICE >> 0: NBT_SERVER_HAS_DNS_NAME >> 0: NBT_SERVER_IS_DEFAULT_NC >> 0: NBT_SERVER_FOREST_ROOT >> domain_uuid : 56b6b4e7-d3f5-448d-ae4b-5b68a3662b2f >> forest : 'ad.dilken.eu' >> dns_domain : 'ad.dilken.eu' >> pdc_dns_name : 'dc2.ad.dilken.eu' >> domain_name : 'AD' >> pdc_name : 'DC2' >> user_name : '' >> server_site : 'Neuoetting' >> client_site : 'Neuoetting' >> sockaddr_size : 0x00 (0) >> sockaddr: struct nbt_sockaddr >> sockaddr_family : 0x00000000 (0) >> pdc_ip : (null) >> remaining : DATA_BLOB length=0 >> next_closest_site : NULL >> nt_version : 0x00000005 (5) >> 1: NETLOGON_NT_VERSION_1 >> 0: NETLOGON_NT_VERSION_5 >> 1: NETLOGON_NT_VERSION_5EX >> 0: NETLOGON_NT_VERSION_5EX_WITH_IP >> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE >> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL >> 0: NETLOGON_NT_VERSION_PDC >> 0: NETLOGON_NT_VERSION_IP >> 0: NETLOGON_NT_VERSION_LOCAL >> 0: NETLOGON_NT_VERSION_GC >> lmnt_token : 0xffff (65535) >> lm20_token : 0xffff (65535) >> Did not store value for DSGETDCNAME/DOMAIN/AD, we already got it >> sitename_store: realm = [AD], sitename = [Neuoetting], expire >> [2147483647] >> Did not store value for AD_SITENAME/DOMAIN/AD, we already got it >> Adding cache entry with key=[DSGETDCNAME/DOMAIN/AD.DILKEN.EU] and >> timeout=[Di M?r 10 21:25:28 2015 CET] (900 seconds ahead) >> sitename_store: realm = [ad.dilken.eu], sitename = [Neuoetting], >> expire = [2147483647] >> Did not store value for AD_SITENAME/DOMAIN/AD.DILKEN.EU, we already got it >> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" >> internal_resolve_name: looking up dc2.ad.dilken.eu#20 (sitename >> Neuoetting) >> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Do >> Jan 1 01:00:00 1970 CET] (-1426018228 seconds in the past) >> no entry for dc2.ad.dilken.eu#20 found. >> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error >> was No such file or directory >> resolve_wins: WINS server resolution selected and no WINS servers listed. >> resolve_hosts: Attempting host lookup for name dc2.ad.dilken.eu<0x20> >> remove_duplicate_addrs2: looking for duplicate address/port pairs >> namecache_store: storing 1 address for dc2.ad.dilken.eu#20: 192.168.2.2 >> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Di >> M?r 10 21:21:28 2015 CET] (660 seconds ahead) >> internal_resolve_name: returning 1 addresses: 192.168.2.2:0 >> Connecting to 192.168.2.2 at port 445 >> Socket options: >> SO_KEEPALIVE = 0 >> SO_REUSEADDR = 0 >> SO_BROADCAST = 0 >> TCP_NODELAY = 4 >> TCP_KEEPCNT = 0 >> TCP_KEEPIDLE = 0 >> TCP_KEEPINTVL = 0 >> IPTOS_LOWDELAY = 0 >> IPTOS_THROUGHPUT = 0 >> SO_REUSEPORT = 0 >> SO_SNDBUF = 66608 >> SO_RCVBUF = 66608 >> SO_SNDLOWAT = 2048 >> SO_RCVLOWAT = 1 >> SO_SNDTIMEO = 0 >> SO_RCVTIMEO = 0 >> Doing spnego session setup (blob length=96) >> got OID=1.2.840.48018.1.2.2 >> got OID=1.2.840.113554.1.2.2 >> got OID=1.3.6.1.4.1.311.2.2.10 >> got principal=not_defined_in_RFC4178 at please_ignore >> negotiate: struct NEGOTIATE_MESSAGE >> Signature : 'NTLMSSP' >> MessageType : NtLmNegotiate (1) >> NegotiateFlags : 0x60088215 (1611170325) >> 1: NTLMSSP_NEGOTIATE_UNICODE >> 0: NTLMSSP_NEGOTIATE_OEM >> 1: NTLMSSP_REQUEST_TARGET >> 1: NTLMSSP_NEGOTIATE_SIGN >> 0: NTLMSSP_NEGOTIATE_SEAL >> 0: NTLMSSP_NEGOTIATE_DATAGRAM >> 0: NTLMSSP_NEGOTIATE_LM_KEY >> 0: NTLMSSP_NEGOTIATE_NETWARE >> 1: NTLMSSP_NEGOTIATE_NTLM >> 0: NTLMSSP_NEGOTIATE_NT_ONLY >> 0: NTLMSSP_ANONYMOUS >> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL >> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> 0: NTLMSSP_TARGET_TYPE_DOMAIN >> 0: NTLMSSP_TARGET_TYPE_SERVER >> 0: NTLMSSP_TARGET_TYPE_SHARE >> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >> 0: NTLMSSP_NEGOTIATE_IDENTIFY >> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY >> 0: NTLMSSP_NEGOTIATE_TARGET_INFO >> 0: NTLMSSP_NEGOTIATE_VERSION >> 1: NTLMSSP_NEGOTIATE_128 >> 1: NTLMSSP_NEGOTIATE_KEY_EXCH >> 0: NTLMSSP_NEGOTIATE_56 >> DomainNameLen : 0x0002 (2) >> DomainNameMaxLen : 0x0002 (2) >> DomainName : * >> DomainName : 'AD' >> WorkstationLen : 0x000a (10) >> WorkstationMaxLen : 0x000a (10) >> Workstation : * >> Workstation : 'FILESERVER' >> challenge: struct CHALLENGE_MESSAGE >> Signature : 'NTLMSSP' >> MessageType : NtLmChallenge (0x2) >> TargetNameLen : 0x0004 (4) >> TargetNameMaxLen : 0x0004 (4) >> TargetName : * >> TargetName : 'AD' >> NegotiateFlags : 0x60898215 (1619624469) >> 1: NTLMSSP_NEGOTIATE_UNICODE >> 0: NTLMSSP_NEGOTIATE_OEM >> 1: NTLMSSP_REQUEST_TARGET >> 1: NTLMSSP_NEGOTIATE_SIGN >> 0: NTLMSSP_NEGOTIATE_SEAL >> 0: NTLMSSP_NEGOTIATE_DATAGRAM >> 0: NTLMSSP_NEGOTIATE_LM_KEY >> 0: NTLMSSP_NEGOTIATE_NETWARE >> 1: NTLMSSP_NEGOTIATE_NTLM >> 0: NTLMSSP_NEGOTIATE_NT_ONLY >> 0: NTLMSSP_ANONYMOUS >> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL >> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> 1: NTLMSSP_TARGET_TYPE_DOMAIN >> 0: NTLMSSP_TARGET_TYPE_SERVER >> 0: NTLMSSP_TARGET_TYPE_SHARE >> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >> 0: NTLMSSP_NEGOTIATE_IDENTIFY >> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY >> 1: NTLMSSP_NEGOTIATE_TARGET_INFO >> 0: NTLMSSP_NEGOTIATE_VERSION >> 1: NTLMSSP_NEGOTIATE_128 >> 1: NTLMSSP_NEGOTIATE_KEY_EXCH >> 0: NTLMSSP_NEGOTIATE_56 >> ServerChallenge : 5de2f6f04d891106 >> Reserved : 0000000000000000 >> TargetInfoLen : 0x0056 (86) >> TargetNameInfoMaxLen : 0x0056 (86) >> TargetInfo : * >> TargetInfo: struct AV_PAIR_LIST >> count : 0x00000005 (5) >> pair: ARRAY(5) >> pair: struct AV_PAIR >> AvId : MsvAvNbDomainName (0x2) >> AvLen : 0x0004 (4) >> Value : union >> ntlmssp_AvValue(case 0x2) >> AvNbDomainName : 'AD' >> pair: struct AV_PAIR >> AvId : MsvAvNbComputerName >> (0x1) >> AvLen : 0x0006 (6) >> Value : union >> ntlmssp_AvValue(case 0x1) >> AvNbComputerName : 'DC2' >> pair: struct AV_PAIR >> AvId : MsvAvDnsDomainName >> (0x4) >> AvLen : 0x0018 (24) >> Value : union >> ntlmssp_AvValue(case 0x4) >> AvDnsDomainName : 'ad.dilken.eu' >> pair: struct AV_PAIR >> AvId : >> MsvAvDnsComputerName (0x3) >> AvLen : 0x0020 (32) >> Value : union >> ntlmssp_AvValue(case 0x3) >> AvDnsComputerName : 'dc2.ad.dilken.eu' >> pair: struct AV_PAIR >> AvId : MsvAvEOL (0x0) >> AvLen : 0x0000 (0) >> Value : union >> ntlmssp_AvValue(case 0x0) >> Got challenge flags: >> Got NTLMSSP neg_flags=0x60898215 >> NTLMSSP_NEGOTIATE_UNICODE >> NTLMSSP_REQUEST_TARGET >> NTLMSSP_NEGOTIATE_SIGN >> NTLMSSP_NEGOTIATE_NTLM >> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> NTLMSSP_NEGOTIATE_NTLM2 >> NTLMSSP_NEGOTIATE_TARGET_INFO >> NTLMSSP_NEGOTIATE_128 >> NTLMSSP_NEGOTIATE_KEY_EXCH >> NTLMSSP: Set final flags: >> Got NTLMSSP neg_flags=0x60088215 >> NTLMSSP_NEGOTIATE_UNICODE >> NTLMSSP_REQUEST_TARGET >> NTLMSSP_NEGOTIATE_SIGN >> NTLMSSP_NEGOTIATE_NTLM >> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> NTLMSSP_NEGOTIATE_NTLM2 >> NTLMSSP_NEGOTIATE_128 >> NTLMSSP_NEGOTIATE_KEY_EXCH >> Bus error (Speicherabzug geschrieben) >> >> The final result is the same as above. >> >> Greetings, >> >> Roman > > It looks like it cannot find a DC. > > You never did say what you are trying to join to, Samba 4 AD server, windows AD server or what ? > > What does /etc.resolv.conf point to ?? > > Is it your AD DC server ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba