Oh, I have a pair of samba-4.1.17-DC's, raspberry-pi and dc2 to which make the domain ad.dilken.eu on site Neuoetting. resolv.conf points to the two dc's: search ad.dilken.eu nameserver 192.168.2.33 nameserver 192.168.2.2 In the output I find some relations to dc2 resp. 192.168.2.2, but perhaps it doesn't work as expected.. Greetings Am 10.03.2015 um 21:23 schrieb Rowland Penny:> On 10/03/15 20:14, Roman Dilken wrote: >> On 10.03.2015 20:20, Rowland Penny wrote: >> >>> OK, the first will not work (well not yet), the second should, I >>> take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before >>> the join ? >>> >>> You could try 'net ads join -U Administrator' and enter the >>> password when prompted, I personally have never seen the point in >>> using kerberos during the join, either way you have to enter the >>> Administrator password :-) >>> >>> Rowland >>> >> OK, new try... I did kinit Administrator at AD.DILKEN.EU, but I have >> always to enter the passowrd with or without kerberos. >> >> Now I try it without -k: >> >> net ads join -UAdministrator -d 10 >> >> Result: >> >> INFO: Current debug levels: >> all: 10 >> tdb: 10 >> printdrivers: 10 >> lanman: 10 >> smb: 10 >> rpc_parse: 10 >> rpc_srv: 10 >> rpc_cli: 10 >> passdb: 10 >> sam: 10 >> auth: 10 >> winbind: 10 >> vfs: 10 >> idmap: 10 >> quota: 10 >> acls: 10 >> locking: 10 >> msdfs: 10 >> dmapi: 10 >> registry: 10 >> scavenger: 10 >> dns: 10 >> ldb: 10 >> lp_load_ex: refreshing parameters >> Initialising global parameters >> INFO: Current debug levels: >> all: 10 >> tdb: 10 >> printdrivers: 10 >> lanman: 10 >> smb: 10 >> rpc_parse: 10 >> rpc_srv: 10 >> rpc_cli: 10 >> passdb: 10 >> sam: 10 >> auth: 10 >> winbind: 10 >> vfs: 10 >> idmap: 10 >> quota: 10 >> acls: 10 >> locking: 10 >> msdfs: 10 >> dmapi: 10 >> registry: 10 >> scavenger: 10 >> dns: 10 >> ldb: 10 >> params.c:pm_process() - Processing configuration file >> "/usr/local/etc/smb4.conf" >> Processing section "[global]" >> doing parameter netbios name = fileserver >> doing parameter workgroup = AD >> doing parameter security = ADS >> doing parameter realm = AD.DILKEN.EU >> doing parameter dedicated keytab file = /usr/local/etc/krb5.keytab >> doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g >> doing parameter server role = member server >> doing parameter winbind refresh tickets = yes >> doing parameter use sendfile = true >> doing parameter idmap config *:backend = tdb >> doing parameter idmap config *:range = 2000-9999 >> doing parameter idmap config AD:backend = ad >> doing parameter idmap config AD:schema_mode = rfc2307 >> doing parameter idmap config AD:range = 10000-99999 >> doing parameter winbind nss info = rfc2307 >> doing parameter winbind trusted domains only = no >> doing parameter winbind use default domain = yes >> doing parameter winbind enum users = yes >> doing parameter winbind enum groups = yes >> doing parameter log level = 10 >> doing parameter read only = no >> doing parameter inherit permissions = No >> doing parameter inherit acls = No >> doing parameter inherit owner = No >> doing parameter force unknown acl user = No >> doing parameter store dos attributes = Yes >> doing parameter map read only = No >> doing parameter vfs objects = zfsacl >> doing parameter nfs4:mode = special >> doing parameter nfs4:acedup = merge >> doing parameter nfs4:chown = yes >> pm_process() returned Yes >> lp_servicenumber: couldn't find homes >> Netbios name list:- >> my_netbios_names[0]="FILESERVER" >> added interface nfe0 ip=192.168.2.87 bcast=192.168.2.255 >> netmask=255.255.255.0 >> Registering messaging pointer for type 2 - private_data=0x0 >> Registering messaging pointer for type 9 - private_data=0x0 >> Registered MSG_REQ_POOL_USAGE >> Registering messaging pointer for type 11 - private_data=0x0 >> Registering messaging pointer for type 12 - private_data=0x0 >> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >> Registering messaging pointer for type 1 - private_data=0x0 >> Registering messaging pointer for type 5 - private_data=0x0 >> Enter Administrator's password: >> libnet_Join: >> libnet_JoinCtx: struct libnet_JoinCtx >> in: struct libnet_JoinCtx >> dc_name : NULL >> machine_name : 'FILESERVER' >> domain_name : * >> domain_name : 'AD.DILKEN.EU' >> account_ou : NULL >> admin_account : 'Administrator' >> machine_password : NULL >> join_flags : 0x00000023 (35) >> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS >> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME >> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT >> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN >> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED >> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE >> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED >> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE >> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE >> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE >> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE >> os_version : NULL >> os_name : NULL >> create_upn : 0x00 (0) >> upn : NULL >> modify_config : 0x00 (0) >> ads : NULL >> debug : 0x01 (1) >> use_kerberos : 0x00 (0) >> secure_channel_type : SEC_CHAN_WKSTA (2) >> Opening cache file at /var/db/samba4/gencache.tdb >> Opening cache file at /var/db/samba4/gencache_notrans.tdb >> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" >> dsgetdcname_internal: domain_name: AD.DILKEN.EU, domain_guid: (null), >> site_name: Neuoetting, flags: 0x40001011 >> debug_dsdcinfo_flags: 0x40001011 >> DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED >> DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME >> dsgetdcname_rediscover >> ads_dns_lookup_srv: 1 records returned in the answer section. >> ads_dns_parse_rr_srv: Parsed dc2.ad.dilken.eu [0, 100, 389] >> LDAP ping to dc2.ad.dilken.eu >> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX >> command : LOGON_SAM_LOGON_RESPONSE_EX (23) >> sbz : 0x0000 (0) >> server_type : 0x000003fc (1020) >> 0: NBT_SERVER_PDC >> 1: NBT_SERVER_GC >> 1: NBT_SERVER_LDAP >> 1: NBT_SERVER_DS >> 1: NBT_SERVER_KDC >> 1: NBT_SERVER_TIMESERV >> 1: NBT_SERVER_CLOSEST >> 1: NBT_SERVER_WRITABLE >> 1: NBT_SERVER_GOOD_TIMESERV >> 0: NBT_SERVER_NDNC >> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 >> 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 >> 0: NBT_SERVER_ADS_WEB_SERVICE >> 0: NBT_SERVER_HAS_DNS_NAME >> 0: NBT_SERVER_IS_DEFAULT_NC >> 0: NBT_SERVER_FOREST_ROOT >> domain_uuid : 56b6b4e7-d3f5-448d-ae4b-5b68a3662b2f >> forest : 'ad.dilken.eu' >> dns_domain : 'ad.dilken.eu' >> pdc_dns_name : 'dc2.ad.dilken.eu' >> domain_name : 'AD' >> pdc_name : 'DC2' >> user_name : '' >> server_site : 'Neuoetting' >> client_site : 'Neuoetting' >> sockaddr_size : 0x00 (0) >> sockaddr: struct nbt_sockaddr >> sockaddr_family : 0x00000000 (0) >> pdc_ip : (null) >> remaining : DATA_BLOB length=0 >> next_closest_site : NULL >> nt_version : 0x00000005 (5) >> 1: NETLOGON_NT_VERSION_1 >> 0: NETLOGON_NT_VERSION_5 >> 1: NETLOGON_NT_VERSION_5EX >> 0: NETLOGON_NT_VERSION_5EX_WITH_IP >> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE >> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL >> 0: NETLOGON_NT_VERSION_PDC >> 0: NETLOGON_NT_VERSION_IP >> 0: NETLOGON_NT_VERSION_LOCAL >> 0: NETLOGON_NT_VERSION_GC >> lmnt_token : 0xffff (65535) >> lm20_token : 0xffff (65535) >> Did not store value for DSGETDCNAME/DOMAIN/AD, we already got it >> sitename_store: realm = [AD], sitename = [Neuoetting], expire >> [2147483647] >> Did not store value for AD_SITENAME/DOMAIN/AD, we already got it >> Adding cache entry with key=[DSGETDCNAME/DOMAIN/AD.DILKEN.EU] and >> timeout=[Di M?r 10 21:25:28 2015 CET] (900 seconds ahead) >> sitename_store: realm = [ad.dilken.eu], sitename = [Neuoetting], >> expire = [2147483647] >> Did not store value for AD_SITENAME/DOMAIN/AD.DILKEN.EU, we already got it >> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" >> internal_resolve_name: looking up dc2.ad.dilken.eu#20 (sitename >> Neuoetting) >> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Do >> Jan 1 01:00:00 1970 CET] (-1426018228 seconds in the past) >> no entry for dc2.ad.dilken.eu#20 found. >> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> >> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> >> startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error >> was No such file or directory >> resolve_wins: WINS server resolution selected and no WINS servers listed. >> resolve_hosts: Attempting host lookup for name dc2.ad.dilken.eu<0x20> >> remove_duplicate_addrs2: looking for duplicate address/port pairs >> namecache_store: storing 1 address for dc2.ad.dilken.eu#20: 192.168.2.2 >> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Di >> M?r 10 21:21:28 2015 CET] (660 seconds ahead) >> internal_resolve_name: returning 1 addresses: 192.168.2.2:0 >> Connecting to 192.168.2.2 at port 445 >> Socket options: >> SO_KEEPALIVE = 0 >> SO_REUSEADDR = 0 >> SO_BROADCAST = 0 >> TCP_NODELAY = 4 >> TCP_KEEPCNT = 0 >> TCP_KEEPIDLE = 0 >> TCP_KEEPINTVL = 0 >> IPTOS_LOWDELAY = 0 >> IPTOS_THROUGHPUT = 0 >> SO_REUSEPORT = 0 >> SO_SNDBUF = 66608 >> SO_RCVBUF = 66608 >> SO_SNDLOWAT = 2048 >> SO_RCVLOWAT = 1 >> SO_SNDTIMEO = 0 >> SO_RCVTIMEO = 0 >> Doing spnego session setup (blob length=96) >> got OID=1.2.840.48018.1.2.2 >> got OID=1.2.840.113554.1.2.2 >> got OID=1.3.6.1.4.1.311.2.2.10 >> got principal=not_defined_in_RFC4178 at please_ignore >> negotiate: struct NEGOTIATE_MESSAGE >> Signature : 'NTLMSSP' >> MessageType : NtLmNegotiate (1) >> NegotiateFlags : 0x60088215 (1611170325) >> 1: NTLMSSP_NEGOTIATE_UNICODE >> 0: NTLMSSP_NEGOTIATE_OEM >> 1: NTLMSSP_REQUEST_TARGET >> 1: NTLMSSP_NEGOTIATE_SIGN >> 0: NTLMSSP_NEGOTIATE_SEAL >> 0: NTLMSSP_NEGOTIATE_DATAGRAM >> 0: NTLMSSP_NEGOTIATE_LM_KEY >> 0: NTLMSSP_NEGOTIATE_NETWARE >> 1: NTLMSSP_NEGOTIATE_NTLM >> 0: NTLMSSP_NEGOTIATE_NT_ONLY >> 0: NTLMSSP_ANONYMOUS >> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL >> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> 0: NTLMSSP_TARGET_TYPE_DOMAIN >> 0: NTLMSSP_TARGET_TYPE_SERVER >> 0: NTLMSSP_TARGET_TYPE_SHARE >> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >> 0: NTLMSSP_NEGOTIATE_IDENTIFY >> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY >> 0: NTLMSSP_NEGOTIATE_TARGET_INFO >> 0: NTLMSSP_NEGOTIATE_VERSION >> 1: NTLMSSP_NEGOTIATE_128 >> 1: NTLMSSP_NEGOTIATE_KEY_EXCH >> 0: NTLMSSP_NEGOTIATE_56 >> DomainNameLen : 0x0002 (2) >> DomainNameMaxLen : 0x0002 (2) >> DomainName : * >> DomainName : 'AD' >> WorkstationLen : 0x000a (10) >> WorkstationMaxLen : 0x000a (10) >> Workstation : * >> Workstation : 'FILESERVER' >> challenge: struct CHALLENGE_MESSAGE >> Signature : 'NTLMSSP' >> MessageType : NtLmChallenge (0x2) >> TargetNameLen : 0x0004 (4) >> TargetNameMaxLen : 0x0004 (4) >> TargetName : * >> TargetName : 'AD' >> NegotiateFlags : 0x60898215 (1619624469) >> 1: NTLMSSP_NEGOTIATE_UNICODE >> 0: NTLMSSP_NEGOTIATE_OEM >> 1: NTLMSSP_REQUEST_TARGET >> 1: NTLMSSP_NEGOTIATE_SIGN >> 0: NTLMSSP_NEGOTIATE_SEAL >> 0: NTLMSSP_NEGOTIATE_DATAGRAM >> 0: NTLMSSP_NEGOTIATE_LM_KEY >> 0: NTLMSSP_NEGOTIATE_NETWARE >> 1: NTLMSSP_NEGOTIATE_NTLM >> 0: NTLMSSP_NEGOTIATE_NT_ONLY >> 0: NTLMSSP_ANONYMOUS >> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED >> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL >> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> 1: NTLMSSP_TARGET_TYPE_DOMAIN >> 0: NTLMSSP_TARGET_TYPE_SERVER >> 0: NTLMSSP_TARGET_TYPE_SHARE >> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >> 0: NTLMSSP_NEGOTIATE_IDENTIFY >> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY >> 1: NTLMSSP_NEGOTIATE_TARGET_INFO >> 0: NTLMSSP_NEGOTIATE_VERSION >> 1: NTLMSSP_NEGOTIATE_128 >> 1: NTLMSSP_NEGOTIATE_KEY_EXCH >> 0: NTLMSSP_NEGOTIATE_56 >> ServerChallenge : 5de2f6f04d891106 >> Reserved : 0000000000000000 >> TargetInfoLen : 0x0056 (86) >> TargetNameInfoMaxLen : 0x0056 (86) >> TargetInfo : * >> TargetInfo: struct AV_PAIR_LIST >> count : 0x00000005 (5) >> pair: ARRAY(5) >> pair: struct AV_PAIR >> AvId : MsvAvNbDomainName (0x2) >> AvLen : 0x0004 (4) >> Value : union >> ntlmssp_AvValue(case 0x2) >> AvNbDomainName : 'AD' >> pair: struct AV_PAIR >> AvId : MsvAvNbComputerName >> (0x1) >> AvLen : 0x0006 (6) >> Value : union >> ntlmssp_AvValue(case 0x1) >> AvNbComputerName : 'DC2' >> pair: struct AV_PAIR >> AvId : MsvAvDnsDomainName >> (0x4) >> AvLen : 0x0018 (24) >> Value : union >> ntlmssp_AvValue(case 0x4) >> AvDnsDomainName : 'ad.dilken.eu' >> pair: struct AV_PAIR >> AvId : >> MsvAvDnsComputerName (0x3) >> AvLen : 0x0020 (32) >> Value : union >> ntlmssp_AvValue(case 0x3) >> AvDnsComputerName : 'dc2.ad.dilken.eu' >> pair: struct AV_PAIR >> AvId : MsvAvEOL (0x0) >> AvLen : 0x0000 (0) >> Value : union >> ntlmssp_AvValue(case 0x0) >> Got challenge flags: >> Got NTLMSSP neg_flags=0x60898215 >> NTLMSSP_NEGOTIATE_UNICODE >> NTLMSSP_REQUEST_TARGET >> NTLMSSP_NEGOTIATE_SIGN >> NTLMSSP_NEGOTIATE_NTLM >> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> NTLMSSP_NEGOTIATE_NTLM2 >> NTLMSSP_NEGOTIATE_TARGET_INFO >> NTLMSSP_NEGOTIATE_128 >> NTLMSSP_NEGOTIATE_KEY_EXCH >> NTLMSSP: Set final flags: >> Got NTLMSSP neg_flags=0x60088215 >> NTLMSSP_NEGOTIATE_UNICODE >> NTLMSSP_REQUEST_TARGET >> NTLMSSP_NEGOTIATE_SIGN >> NTLMSSP_NEGOTIATE_NTLM >> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >> NTLMSSP_NEGOTIATE_NTLM2 >> NTLMSSP_NEGOTIATE_128 >> NTLMSSP_NEGOTIATE_KEY_EXCH >> Bus error (Speicherabzug geschrieben) >> >> The final result is the same as above. >> >> Greetings, >> >> Roman > > It looks like it cannot find a DC. > > You never did say what you are trying to join to, Samba 4 AD server, windows AD server or what ? > > What does /etc.resolv.conf point to ?? > > Is it your AD DC server ? > > Rowland > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba
On 10/03/15 20:29, Roman Dilken wrote:> Oh, I have a pair of samba-4.1.17-DC's, raspberry-pi and dc2 to which make the domain ad.dilken.eu on site Neuoetting. > > resolv.conf points to the two dc's: > > search ad.dilken.eu > nameserver 192.168.2.33 > nameserver 192.168.2.2 > > In the output I find some relations to dc2 resp. 192.168.2.2, but perhaps it doesn't work as expected.. > > Greetings > > Am 10.03.2015 um 21:23 schrieb Rowland Penny: > >> On 10/03/15 20:14, Roman Dilken wrote: >>> On 10.03.2015 20:20, Rowland Penny wrote: >>> >>>> OK, the first will not work (well not yet), the second should, I >>>> take it you ran 'kinit Administrator at AD.DILKEN.EU' as root before >>>> the join ? >>>> >>>> You could try 'net ads join -U Administrator' and enter the >>>> password when prompted, I personally have never seen the point in >>>> using kerberos during the join, either way you have to enter the >>>> Administrator password :-) >>>> >>>> Rowland >>>> >>> OK, new try... I did kinit Administrator at AD.DILKEN.EU, but I have >>> always to enter the passowrd with or without kerberos. >>> >>> Now I try it without -k: >>> >>> net ads join -UAdministrator -d 10 >>> >>> Result: >>> >>> INFO: Current debug levels: >>> all: 10 >>> tdb: 10 >>> printdrivers: 10 >>> lanman: 10 >>> smb: 10 >>> rpc_parse: 10 >>> rpc_srv: 10 >>> rpc_cli: 10 >>> passdb: 10 >>> sam: 10 >>> auth: 10 >>> winbind: 10 >>> vfs: 10 >>> idmap: 10 >>> quota: 10 >>> acls: 10 >>> locking: 10 >>> msdfs: 10 >>> dmapi: 10 >>> registry: 10 >>> scavenger: 10 >>> dns: 10 >>> ldb: 10 >>> lp_load_ex: refreshing parameters >>> Initialising global parameters >>> INFO: Current debug levels: >>> all: 10 >>> tdb: 10 >>> printdrivers: 10 >>> lanman: 10 >>> smb: 10 >>> rpc_parse: 10 >>> rpc_srv: 10 >>> rpc_cli: 10 >>> passdb: 10 >>> sam: 10 >>> auth: 10 >>> winbind: 10 >>> vfs: 10 >>> idmap: 10 >>> quota: 10 >>> acls: 10 >>> locking: 10 >>> msdfs: 10 >>> dmapi: 10 >>> registry: 10 >>> scavenger: 10 >>> dns: 10 >>> ldb: 10 >>> params.c:pm_process() - Processing configuration file >>> "/usr/local/etc/smb4.conf" >>> Processing section "[global]" >>> doing parameter netbios name = fileserver >>> doing parameter workgroup = AD >>> doing parameter security = ADS >>> doing parameter realm = AD.DILKEN.EU >>> doing parameter dedicated keytab file = /usr/local/etc/krb5.keytab >>> doing parameter nsupdate command = /usr/local/bin/samba-nsupdate -g >>> doing parameter server role = member server >>> doing parameter winbind refresh tickets = yes >>> doing parameter use sendfile = true >>> doing parameter idmap config *:backend = tdb >>> doing parameter idmap config *:range = 2000-9999 >>> doing parameter idmap config AD:backend = ad >>> doing parameter idmap config AD:schema_mode = rfc2307 >>> doing parameter idmap config AD:range = 10000-99999 >>> doing parameter winbind nss info = rfc2307 >>> doing parameter winbind trusted domains only = no >>> doing parameter winbind use default domain = yes >>> doing parameter winbind enum users = yes >>> doing parameter winbind enum groups = yes >>> doing parameter log level = 10 >>> doing parameter read only = no >>> doing parameter inherit permissions = No >>> doing parameter inherit acls = No >>> doing parameter inherit owner = No >>> doing parameter force unknown acl user = No >>> doing parameter store dos attributes = Yes >>> doing parameter map read only = No >>> doing parameter vfs objects = zfsacl >>> doing parameter nfs4:mode = special >>> doing parameter nfs4:acedup = merge >>> doing parameter nfs4:chown = yes >>> pm_process() returned Yes >>> lp_servicenumber: couldn't find homes >>> Netbios name list:- >>> my_netbios_names[0]="FILESERVER" >>> added interface nfe0 ip=192.168.2.87 bcast=192.168.2.255 >>> netmask=255.255.255.0 >>> Registering messaging pointer for type 2 - private_data=0x0 >>> Registering messaging pointer for type 9 - private_data=0x0 >>> Registered MSG_REQ_POOL_USAGE >>> Registering messaging pointer for type 11 - private_data=0x0 >>> Registering messaging pointer for type 12 - private_data=0x0 >>> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED >>> Registering messaging pointer for type 1 - private_data=0x0 >>> Registering messaging pointer for type 5 - private_data=0x0 >>> Enter Administrator's password: >>> libnet_Join: >>> libnet_JoinCtx: struct libnet_JoinCtx >>> in: struct libnet_JoinCtx >>> dc_name : NULL >>> machine_name : 'FILESERVER' >>> domain_name : * >>> domain_name : 'AD.DILKEN.EU' >>> account_ou : NULL >>> admin_account : 'Administrator' >>> machine_password : NULL >>> join_flags : 0x00000023 (35) >>> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS >>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME >>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT >>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN >>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED >>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE >>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED >>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE >>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE >>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE >>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE >>> os_version : NULL >>> os_name : NULL >>> create_upn : 0x00 (0) >>> upn : NULL >>> modify_config : 0x00 (0) >>> ads : NULL >>> debug : 0x01 (1) >>> use_kerberos : 0x00 (0) >>> secure_channel_type : SEC_CHAN_WKSTA (2) >>> Opening cache file at /var/db/samba4/gencache.tdb >>> Opening cache file at /var/db/samba4/gencache_notrans.tdb >>> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" >>> dsgetdcname_internal: domain_name: AD.DILKEN.EU, domain_guid: (null), >>> site_name: Neuoetting, flags: 0x40001011 >>> debug_dsdcinfo_flags: 0x40001011 >>> DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED >>> DS_WRITABLE_REQUIRED DS_RETURN_DNS_NAME >>> dsgetdcname_rediscover >>> ads_dns_lookup_srv: 1 records returned in the answer section. >>> ads_dns_parse_rr_srv: Parsed dc2.ad.dilken.eu [0, 100, 389] >>> LDAP ping to dc2.ad.dilken.eu >>> &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX >>> command : LOGON_SAM_LOGON_RESPONSE_EX (23) >>> sbz : 0x0000 (0) >>> server_type : 0x000003fc (1020) >>> 0: NBT_SERVER_PDC >>> 1: NBT_SERVER_GC >>> 1: NBT_SERVER_LDAP >>> 1: NBT_SERVER_DS >>> 1: NBT_SERVER_KDC >>> 1: NBT_SERVER_TIMESERV >>> 1: NBT_SERVER_CLOSEST >>> 1: NBT_SERVER_WRITABLE >>> 1: NBT_SERVER_GOOD_TIMESERV >>> 0: NBT_SERVER_NDNC >>> 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 >>> 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 >>> 0: NBT_SERVER_ADS_WEB_SERVICE >>> 0: NBT_SERVER_HAS_DNS_NAME >>> 0: NBT_SERVER_IS_DEFAULT_NC >>> 0: NBT_SERVER_FOREST_ROOT >>> domain_uuid : 56b6b4e7-d3f5-448d-ae4b-5b68a3662b2f >>> forest : 'ad.dilken.eu' >>> dns_domain : 'ad.dilken.eu' >>> pdc_dns_name : 'dc2.ad.dilken.eu' >>> domain_name : 'AD' >>> pdc_name : 'DC2' >>> user_name : '' >>> server_site : 'Neuoetting' >>> client_site : 'Neuoetting' >>> sockaddr_size : 0x00 (0) >>> sockaddr: struct nbt_sockaddr >>> sockaddr_family : 0x00000000 (0) >>> pdc_ip : (null) >>> remaining : DATA_BLOB length=0 >>> next_closest_site : NULL >>> nt_version : 0x00000005 (5) >>> 1: NETLOGON_NT_VERSION_1 >>> 0: NETLOGON_NT_VERSION_5 >>> 1: NETLOGON_NT_VERSION_5EX >>> 0: NETLOGON_NT_VERSION_5EX_WITH_IP >>> 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE >>> 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL >>> 0: NETLOGON_NT_VERSION_PDC >>> 0: NETLOGON_NT_VERSION_IP >>> 0: NETLOGON_NT_VERSION_LOCAL >>> 0: NETLOGON_NT_VERSION_GC >>> lmnt_token : 0xffff (65535) >>> lm20_token : 0xffff (65535) >>> Did not store value for DSGETDCNAME/DOMAIN/AD, we already got it >>> sitename_store: realm = [AD], sitename = [Neuoetting], expire >>> [2147483647] >>> Did not store value for AD_SITENAME/DOMAIN/AD, we already got it >>> Adding cache entry with key=[DSGETDCNAME/DOMAIN/AD.DILKEN.EU] and >>> timeout=[Di M?r 10 21:25:28 2015 CET] (900 seconds ahead) >>> sitename_store: realm = [ad.dilken.eu], sitename = [Neuoetting], >>> expire = [2147483647] >>> Did not store value for AD_SITENAME/DOMAIN/AD.DILKEN.EU, we already got it >>> sitename_fetch: Returning sitename for AD.DILKEN.EU: "Neuoetting" >>> internal_resolve_name: looking up dc2.ad.dilken.eu#20 (sitename >>> Neuoetting) >>> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Do >>> Jan 1 01:00:00 1970 CET] (-1426018228 seconds in the past) >>> no entry for dc2.ad.dilken.eu#20 found. >>> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> >>> resolve_lmhosts: Attempting lmhosts lookup for name dc2.ad.dilken.eu<0x20> >>> startlmhosts: Can't open lmhosts file /usr/local/etc/lmhosts. Error >>> was No such file or directory >>> resolve_wins: WINS server resolution selected and no WINS servers listed. >>> resolve_hosts: Attempting host lookup for name dc2.ad.dilken.eu<0x20> >>> remove_duplicate_addrs2: looking for duplicate address/port pairs >>> namecache_store: storing 1 address for dc2.ad.dilken.eu#20: 192.168.2.2 >>> Adding cache entry with key=[NBT/DC2.AD.DILKEN.EU#20] and timeout=[Di >>> M?r 10 21:21:28 2015 CET] (660 seconds ahead) >>> internal_resolve_name: returning 1 addresses: 192.168.2.2:0 >>> Connecting to 192.168.2.2 at port 445 >>> Socket options: >>> SO_KEEPALIVE = 0 >>> SO_REUSEADDR = 0 >>> SO_BROADCAST = 0 >>> TCP_NODELAY = 4 >>> TCP_KEEPCNT = 0 >>> TCP_KEEPIDLE = 0 >>> TCP_KEEPINTVL = 0 >>> IPTOS_LOWDELAY = 0 >>> IPTOS_THROUGHPUT = 0 >>> SO_REUSEPORT = 0 >>> SO_SNDBUF = 66608 >>> SO_RCVBUF = 66608 >>> SO_SNDLOWAT = 2048 >>> SO_RCVLOWAT = 1 >>> SO_SNDTIMEO = 0 >>> SO_RCVTIMEO = 0 >>> Doing spnego session setup (blob length=96) >>> got OID=1.2.840.48018.1.2.2 >>> got OID=1.2.840.113554.1.2.2 >>> got OID=1.3.6.1.4.1.311.2.2.10 >>> got principal=not_defined_in_RFC4178 at please_ignore >>> negotiate: struct NEGOTIATE_MESSAGE >>> Signature : 'NTLMSSP' >>> MessageType : NtLmNegotiate (1) >>> NegotiateFlags : 0x60088215 (1611170325) >>> 1: NTLMSSP_NEGOTIATE_UNICODE >>> 0: NTLMSSP_NEGOTIATE_OEM >>> 1: NTLMSSP_REQUEST_TARGET >>> 1: NTLMSSP_NEGOTIATE_SIGN >>> 0: NTLMSSP_NEGOTIATE_SEAL >>> 0: NTLMSSP_NEGOTIATE_DATAGRAM >>> 0: NTLMSSP_NEGOTIATE_LM_KEY >>> 0: NTLMSSP_NEGOTIATE_NETWARE >>> 1: NTLMSSP_NEGOTIATE_NTLM >>> 0: NTLMSSP_NEGOTIATE_NT_ONLY >>> 0: NTLMSSP_ANONYMOUS >>> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED >>> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED >>> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL >>> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> 0: NTLMSSP_TARGET_TYPE_DOMAIN >>> 0: NTLMSSP_TARGET_TYPE_SERVER >>> 0: NTLMSSP_TARGET_TYPE_SHARE >>> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> 0: NTLMSSP_NEGOTIATE_IDENTIFY >>> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY >>> 0: NTLMSSP_NEGOTIATE_TARGET_INFO >>> 0: NTLMSSP_NEGOTIATE_VERSION >>> 1: NTLMSSP_NEGOTIATE_128 >>> 1: NTLMSSP_NEGOTIATE_KEY_EXCH >>> 0: NTLMSSP_NEGOTIATE_56 >>> DomainNameLen : 0x0002 (2) >>> DomainNameMaxLen : 0x0002 (2) >>> DomainName : * >>> DomainName : 'AD' >>> WorkstationLen : 0x000a (10) >>> WorkstationMaxLen : 0x000a (10) >>> Workstation : * >>> Workstation : 'FILESERVER' >>> challenge: struct CHALLENGE_MESSAGE >>> Signature : 'NTLMSSP' >>> MessageType : NtLmChallenge (0x2) >>> TargetNameLen : 0x0004 (4) >>> TargetNameMaxLen : 0x0004 (4) >>> TargetName : * >>> TargetName : 'AD' >>> NegotiateFlags : 0x60898215 (1619624469) >>> 1: NTLMSSP_NEGOTIATE_UNICODE >>> 0: NTLMSSP_NEGOTIATE_OEM >>> 1: NTLMSSP_REQUEST_TARGET >>> 1: NTLMSSP_NEGOTIATE_SIGN >>> 0: NTLMSSP_NEGOTIATE_SEAL >>> 0: NTLMSSP_NEGOTIATE_DATAGRAM >>> 0: NTLMSSP_NEGOTIATE_LM_KEY >>> 0: NTLMSSP_NEGOTIATE_NETWARE >>> 1: NTLMSSP_NEGOTIATE_NTLM >>> 0: NTLMSSP_NEGOTIATE_NT_ONLY >>> 0: NTLMSSP_ANONYMOUS >>> 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED >>> 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED >>> 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL >>> 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> 1: NTLMSSP_TARGET_TYPE_DOMAIN >>> 0: NTLMSSP_TARGET_TYPE_SERVER >>> 0: NTLMSSP_TARGET_TYPE_SHARE >>> 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY >>> 0: NTLMSSP_NEGOTIATE_IDENTIFY >>> 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY >>> 1: NTLMSSP_NEGOTIATE_TARGET_INFO >>> 0: NTLMSSP_NEGOTIATE_VERSION >>> 1: NTLMSSP_NEGOTIATE_128 >>> 1: NTLMSSP_NEGOTIATE_KEY_EXCH >>> 0: NTLMSSP_NEGOTIATE_56 >>> ServerChallenge : 5de2f6f04d891106 >>> Reserved : 0000000000000000 >>> TargetInfoLen : 0x0056 (86) >>> TargetNameInfoMaxLen : 0x0056 (86) >>> TargetInfo : * >>> TargetInfo: struct AV_PAIR_LIST >>> count : 0x00000005 (5) >>> pair: ARRAY(5) >>> pair: struct AV_PAIR >>> AvId : MsvAvNbDomainName (0x2) >>> AvLen : 0x0004 (4) >>> Value : union >>> ntlmssp_AvValue(case 0x2) >>> AvNbDomainName : 'AD' >>> pair: struct AV_PAIR >>> AvId : MsvAvNbComputerName >>> (0x1) >>> AvLen : 0x0006 (6) >>> Value : union >>> ntlmssp_AvValue(case 0x1) >>> AvNbComputerName : 'DC2' >>> pair: struct AV_PAIR >>> AvId : MsvAvDnsDomainName >>> (0x4) >>> AvLen : 0x0018 (24) >>> Value : union >>> ntlmssp_AvValue(case 0x4) >>> AvDnsDomainName : 'ad.dilken.eu' >>> pair: struct AV_PAIR >>> AvId : >>> MsvAvDnsComputerName (0x3) >>> AvLen : 0x0020 (32) >>> Value : union >>> ntlmssp_AvValue(case 0x3) >>> AvDnsComputerName : 'dc2.ad.dilken.eu' >>> pair: struct AV_PAIR >>> AvId : MsvAvEOL (0x0) >>> AvLen : 0x0000 (0) >>> Value : union >>> ntlmssp_AvValue(case 0x0) >>> Got challenge flags: >>> Got NTLMSSP neg_flags=0x60898215 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_NTLM2 >>> NTLMSSP_NEGOTIATE_TARGET_INFO >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> NTLMSSP: Set final flags: >>> Got NTLMSSP neg_flags=0x60088215 >>> NTLMSSP_NEGOTIATE_UNICODE >>> NTLMSSP_REQUEST_TARGET >>> NTLMSSP_NEGOTIATE_SIGN >>> NTLMSSP_NEGOTIATE_NTLM >>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN >>> NTLMSSP_NEGOTIATE_NTLM2 >>> NTLMSSP_NEGOTIATE_128 >>> NTLMSSP_NEGOTIATE_KEY_EXCH >>> Bus error (Speicherabzug geschrieben) >>> >>> The final result is the same as above. >>> >>> Greetings, >>> >>> Roman >> It looks like it cannot find a DC. >> >> You never did say what you are trying to join to, Samba 4 AD server, windows AD server or what ? >> >> What does /etc.resolv.conf point to ?? >> >> Is it your AD DC server ? >> >> Rowland >> >> -- >> To unsubscribe from this list go to the following URL and read the >> instructions: https://lists.samba.org/mailman/options/sambaI wonder if it is a time problem, does 'date' return the same time (allowing for being run on different machines), they need to be very close together. Rowland
On 10.03.2015 21:43, Rowland Penny wrote:> > I wonder if it is a time problem, does 'date' return the same time > (allowing for being run on different machines), they need to be very > close together. > > Rowland >Time seems okay, the system is getting it from the first DC, but I found something interesting in the serverlog: Not authoritative for '_kerberos.dilken.eu', forwarding [2015/03/10 22:31:34.148561, 2] ../source4/dns_server/dns_query.c:629(dns_serve r_process_query_send) Seems that net ads does not correctly set domain name and/or realm. The DNS-question should be _kerberos.ad.dilken.eu for which the DNS is authoritative... Greetings, Roman