Hi all I'm desperate now. On one of the sites I cannot connect Ubuntu to Windows AD 2003. Error below. On exactly the same setup but on a different network and also on VirtualBox VMs everything works as expected. Looks like something on the network then or mission parameter. Error is about KDC but I can successfully do kinit and get ticket. I can also successfully run: sudo net ads info Failing command: myuser at myserver:~$ sudo net ads join createcomputer="MyStructure/Internal/Servers/UnManaged" -S serverDC1001.dan2003.sample.domain.com -U SUPER-USER -d10 INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 lp_load_ex: refreshing parameters Initialising global parameters INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter workgroup = DAN2003 doing parameter realm = DAN2003.SAMPLE.DOMAIN.COM doing parameter server string = MySpecial server %h doing parameter security = ADS doing parameter map to guest = Bad User doing parameter obey pam restrictions = Yes doing parameter pam password change = Yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter unix password sync = Yes doing parameter syslog = 0 doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter server max protocol = SMB2 doing parameter min receivefile size = 13638 doing parameter max xmit = 131072 doing parameter socket options = TCP_NODELAY SO_RCVBUF=262144 SO_SNDBUF=262144 IPTOS_LOWDELAY SO_KEEPALIVE doing parameter load printers = No doing parameter printcap name = /dev/null doing parameter disable spoolss = Yes doing parameter dns proxy = No doing parameter usershare allow guests = Yes doing parameter panic action = /usr/share/samba/panic-action %d doing parameter template homedir = /dev/null doing parameter template shell = /bin/true doing parameter winbind enum users = Yes doing parameter winbind enum groups = Yes doing parameter winbind use default domain = Yes doing parameter idmap config * : range = 100000-200000 doing parameter idmap config * : backend = tdb doing parameter aio read size = 1 doing parameter aio write size = 1 doing parameter aio write behind = true doing parameter use sendfile = Yes doing parameter write cache size = 12826144 doing parameter printing = bsd doing parameter print command = lpr -r -P'%p' %s doing parameter lpq command = lpq -P'%p' doing parameter lprm command = lprm -P'%p' %j pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="MYSERVER" added interface bond0 ip=10.80.100.74 bcast=10.80.100.255 netmask=255.255.255.0 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) Enter SUPER-USER's password: libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'serverDC1001.dan2003.sample.domain.com' machine_name : 'MYSERVER' domain_name : * domain_name : 'DAN2003.SAMPLE.DOMAIN.COM' account_ou : 'MyStructure/Internal/Servers/UnManaged' admin_account : 'SUPER-USER' machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/cache/samba/gencache_notrans.tdb sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20 (sitename (null)) name serverDC1001.dan2003.sample.domain.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs Connecting to 10.80.8.88 at port 445 Socket options: SO_KEEPALIVE = 1 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 16 IPTOS_THROUGHPUT = 16 SO_SNDBUF = 262142 SO_RCVBUF = 262142 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Doing spnego session setup (blob length=120) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore negotiate: struct NEGOTIATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmNegotiate (1) NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 DomainNameLen : 0x0008 (8) DomainNameMaxLen : 0x0008 (8) DomainName : * DomainName : 'DAN2003' WorkstationLen : 0x000e (14) WorkstationMaxLen : 0x000e (14) Workstation : * Workstation : 'MYSERVER' challenge: struct CHALLENGE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmChallenge (0x2) TargetNameLen : 0x0010 (16) TargetNameMaxLen : 0x0010 (16) TargetName : * TargetName : 'DAN2003' NegotiateFlags : 0x62898215 (1653178901) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 1: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 1: NTLMSSP_NEGOTIATE_TARGET_INFO 1: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 ServerChallenge : d19c394ddd43af69 Reserved : 0000000000000000 TargetInfoLen : 0x00da (218) TargetNameInfoMaxLen : 0x00da (218) TargetInfo : * TargetInfo: struct AV_PAIR_LIST count : 0x00000007 (7) pair: ARRAY(7) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'DAN2003' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'SERVERDC1001' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x002e (46) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'dan2003.sample.domain.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0046 (70) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'SERVERDC1001.dan2003.sample.domain.com' pair: struct AV_PAIR AvId : MsvAvDnsTreeName (0x5) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x5) AvDnsTreeName : 'sample.domain.com' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Tue Apr 14 12:28:04 2015 UTC pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) Version: struct ntlmssp_VERSION ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) ProductBuild : 0x1db1 (7601) Reserved : 000000 NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH authenticate: struct AUTHENTICATE_MESSAGE Signature : 'NTLMSSP' MessageType : NtLmAuthenticate (3) LmChallengeResponseLen : 0x0018 (24) LmChallengeResponseMaxLen: 0x0018 (24) LmChallengeResponse : * LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) v1: struct LM_RESPONSE Response : de06e6edc8275e8aa58a9e95067f4cbc5bb6ac5b0279a515 NtChallengeResponseLen : 0x0106 (262) NtChallengeResponseMaxLen: 0x0106 (262) NtChallengeResponse : * NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 262) v2: struct NTLMv2_RESPONSE Response : a5e98b1ba196aa8513fdbecb1a53a3ac Challenge: struct NTLMv2_CLIENT_CHALLENGE RespType : 0x01 (1) HiRespType : 0x01 (1) Reserved1 : 0x0000 (0) Reserved2 : 0x00000000 (0) TimeStamp : Tue Apr 14 12:28:03 2015 UTC ChallengeFromClient : 1ca419ea47cceec3 Reserved3 : 0x00000000 (0) AvPairs: struct AV_PAIR_LIST count : 0x00000007 (7) pair: ARRAY(7) pair: struct AV_PAIR AvId : MsvAvNbDomainName (0x2) AvLen : 0x0010 (16) Value : union ntlmssp_AvValue(case 0x2) AvNbDomainName : 'DAN2003' pair: struct AV_PAIR AvId : MsvAvNbComputerName (0x1) AvLen : 0x0016 (22) Value : union ntlmssp_AvValue(case 0x1) AvNbComputerName : 'SERVERDC1001' pair: struct AV_PAIR AvId : MsvAvDnsDomainName (0x4) AvLen : 0x002e (46) Value : union ntlmssp_AvValue(case 0x4) AvDnsDomainName : 'dan2003.sample.domain.com' pair: struct AV_PAIR AvId : MsvAvDnsComputerName (0x3) AvLen : 0x0046 (70) Value : union ntlmssp_AvValue(case 0x3) AvDnsComputerName : 'SERVERDC1001.dan2003.sample.domain.com' pair: struct AV_PAIR AvId : MsvAvDnsTreeName (0x5) AvLen : 0x001c (28) Value : union ntlmssp_AvValue(case 0x5) AvDnsTreeName : 'sample.domain.com' pair: struct AV_PAIR AvId : MsvAvTimestamp (0x7) AvLen : 0x0008 (8) Value : union ntlmssp_AvValue(case 0x7) AvTimestamp : Tue Apr 14 12:28:04 2015 UTC pair: struct AV_PAIR AvId : MsvAvEOL (0x0) AvLen : 0x0000 (0) Value : union ntlmssp_AvValue(case 0x0) DomainNameLen : 0x0000 (0) DomainNameMaxLen : 0x0000 (0) DomainName : * DomainName : '' UserNameLen : 0x0012 (18) UserNameMaxLen : 0x0012 (18) UserName : * UserName : 'SUPER-USER' WorkstationLen : 0x001c (28) WorkstationMaxLen : 0x001c (28) Workstation : * Workstation : 'MYSERVER' EncryptedRandomSessionKeyLen: 0x0010 (16) EncryptedRandomSessionKeyMaxLen: 0x0010 (16) EncryptedRandomSessionKey: * EncryptedRandomSessionKey: DATA_BLOB length=16 [0000] 48 09 D4 57 08 FC AD F2 DD B7 FB 1D 65 28 BC 8A H..W.... ....e(.. NegotiateFlags : 0x60088215 (1611170325) 1: NTLMSSP_NEGOTIATE_UNICODE 0: NTLMSSP_NEGOTIATE_OEM 1: NTLMSSP_REQUEST_TARGET 1: NTLMSSP_NEGOTIATE_SIGN 0: NTLMSSP_NEGOTIATE_SEAL 0: NTLMSSP_NEGOTIATE_DATAGRAM 0: NTLMSSP_NEGOTIATE_LM_KEY 0: NTLMSSP_NEGOTIATE_NETWARE 1: NTLMSSP_NEGOTIATE_NTLM 0: NTLMSSP_NEGOTIATE_NT_ONLY 0: NTLMSSP_ANONYMOUS 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0: NTLMSSP_TARGET_TYPE_DOMAIN 0: NTLMSSP_TARGET_TYPE_SERVER 0: NTLMSSP_TARGET_TYPE_SHARE 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY 0: NTLMSSP_NEGOTIATE_IDENTIFY 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY 0: NTLMSSP_NEGOTIATE_TARGET_INFO 0: NTLMSSP_NEGOTIATE_VERSION 1: NTLMSSP_NEGOTIATE_128 1: NTLMSSP_NEGOTIATE_KEY_EXCH 0: NTLMSSP_NEGOTIATE_56 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH cli_init_creds: user SUPER-USER domain Bind RPC Pipe: host serverDC1001.dan2003.sample.domain.com auth_type 0, auth_level 1 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND (11) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0048 (72) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 11) bind: struct dcerpc_bind max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00000000 (0) num_contexts : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ctx_list context_id : 0x0000 (0) num_transfer_syntaxes : 0x01 (1) abstract_syntax: struct ndr_syntax_id uuid : 12345778-1234-abcd-ef00-0123456789ab if_version : 0x00000000 (0) transfer_syntaxes: ARRAY(1) transfer_syntaxes: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 52 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_BIND_ACK (12) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0044 (68) auth_length : 0x0000 (0) call_id : 0x00000001 (1) u : union dcerpc_payload(case 12) bind_ack: struct dcerpc_bind_ack max_xmit_frag : 0x10b8 (4280) max_recv_frag : 0x10b8 (4280) assoc_group_id : 0x00069674 (431732) secondary_address_size : 0x000c (12) secondary_address : '\pipe\lsass' _pad1 : DATA_BLOB length=2 [0000] 71 71 qq num_results : 0x01 (1) ctx_list: ARRAY(1) ctx_list: struct dcerpc_ack_ctx result : 0x0000 (0) reason : 0x0000 (0) syntax: struct ndr_syntax_id uuid : 8a885d04-1ceb-11c9-9fe8-08002b104860 if_version : 0x00000002 (2) auth_info : DATA_BLOB length=0 rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 68 bytes. check_bind_response: accepted! cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine serverDC1001.dan2003.sample.domain.com and bound anonymously. lsa_OpenPolicy: struct lsa_OpenPolicy in: struct lsa_OpenPolicy system_name : * system_name : 0x005c (92) attr : * attr: struct lsa_ObjectAttribute len : 0x00000018 (24) root_dir : NULL object_name : NULL attributes : 0x00000000 (0) sec_desc : NULL sec_qos : * sec_qos: struct lsa_QosInfo len : 0x0000000c (12) impersonation_level : 0x0002 (2) context_mode : 0x01 (1) effective_only : 0x00 (0) access_mask : 0x02000000 (33554432) 0: LSA_POLICY_VIEW_LOCAL_INFORMATION 0: LSA_POLICY_VIEW_AUDIT_INFORMATION 0: LSA_POLICY_GET_PRIVATE_INFORMATION 0: LSA_POLICY_TRUST_ADMIN 0: LSA_POLICY_CREATE_ACCOUNT 0: LSA_POLICY_CREATE_SECRET 0: LSA_POLICY_CREATE_PRIVILEGE 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS 0: LSA_POLICY_AUDIT_LOG_ADMIN 0: LSA_POLICY_SERVER_ADMIN 0: LSA_POLICY_LOOKUP_NAMES 0: LSA_POLICY_NOTIFICATION &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x0000002c (44) context_id : 0x0000 (0) opnum : 0x0006 (6) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000002 (2) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 7E 29 EA FB 47 80 8A 49 9C 2F 88 A6 ....~).. G..I./.. [0010] 65 A8 5D 72 00 00 00 00 e.]r.... Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes. lsa_OpenPolicy: struct lsa_OpenPolicy out: struct lsa_OpenPolicy handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : fbea297e-8047-498a-9c2f-88a665a85d72 result : NT_STATUS_OK lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 in: struct lsa_QueryInfoPolicy2 handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : fbea297e-8047-498a-9c2f-88a665a85d72 level : LSA_POLICY_INFO_DNS (12) &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000016 (22) context_id : 0x0000 (0) opnum : 0x002e (46) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 220 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x00ec (236) auth_length : 0x0000 (0) call_id : 0x00000003 (3) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x000000d4 (212) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=212 [0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........ [0010] 2E 00 30 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ..0..... ........ [0020] 72 C5 DE 51 A1 3A D6 45 AA C3 E3 27 E8 31 0B 54 r..Q.:.E ...'.1.T [0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........ [0040] 4E 00 41 00 54 00 49 00 4F 00 4E 00 41 00 4C 00 N.A.T.I. O.N.A.L. [0050] 18 00 00 00 00 00 00 00 17 00 00 00 6E 00 61 00 ........ ....n.a. [0060] 74 00 69 00 6F 00 6E 00 61 00 6C 00 2E 00 63 00 t.i.o.n. a.l...c. [0070] 6F 00 72 00 65 00 2E 00 62 00 62 00 63 00 2E 00 o.r.e... b.b.c... [0080] 63 00 6F 00 2E 00 75 00 6B 00 00 00 0F 00 00 00 c.o...u. k....... [0090] 00 00 00 00 0E 00 00 00 63 00 6F 00 72 00 65 00 ........ c.o.r.e. [00A0] 2E 00 62 00 62 00 63 00 2E 00 63 00 6F 00 2E 00 ..b.b.c. ..c.o... [00B0] 75 00 6B 00 04 00 00 00 01 04 00 00 00 00 00 05 u.k..... ........ [00C0] 15 00 00 00 6B D6 62 04 16 C0 EA 32 82 8B A6 28 ....k.b. ...2...( [00D0] 00 00 00 00 .... Got pdu len 236, data_len 212, ss_len 0 rpc_api_pipe: got frag len of 236 at offset 0: NT_STATUS_OK rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 212 bytes. lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 out: struct lsa_QueryInfoPolicy2 info : * info : * info : union lsa_PolicyInformation(case 12) dns: struct lsa_DnsDomainInfo name: struct lsa_StringLarge length : 0x0010 (16) size : 0x0012 (18) string : * string : 'DAN2003' dns_domain: struct lsa_StringLarge length : 0x002e (46) size : 0x0030 (48) string : * string : 'dan2003.sample.domain.com' dns_forest: struct lsa_StringLarge length : 0x001c (28) size : 0x001e (30) string : * string : 'sample.domain.com' domain_guid : 51dec572-3aa1-45d6-aac3-e327e8310b54 sid : * sid : S-1-5-21-73586283-854245398-682003330 result : NT_STATUS_OK lsa_Close: struct lsa_Close in: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : fbea297e-8047-498a-9c2f-88a665a85d72 &r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_REQUEST (0) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0018 (24) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 0) request: struct dcerpc_request alloc_hint : 0x00000014 (20) context_id : 0x0000 (0) opnum : 0x0000 (0) object : union dcerpc_object(case 0) empty: struct dcerpc_empty _pad : DATA_BLOB length=0 stub_and_verifier : DATA_BLOB length=0 rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, param_disp=0, data_offset=84, data_pad=0, data_disp=0 rpc_read_send: data_to_read: 32 r: struct ncacn_packet rpc_vers : 0x05 (5) rpc_vers_minor : 0x00 (0) ptype : DCERPC_PKT_RESPONSE (2) pfc_flags : 0x03 (3) drep: ARRAY(4) [0] : 0x10 (16) [1] : 0x00 (0) [2] : 0x00 (0) [3] : 0x00 (0) frag_length : 0x0030 (48) auth_length : 0x0000 (0) call_id : 0x00000004 (4) u : union dcerpc_payload(case 2) response: struct dcerpc_response alloc_hint : 0x00000018 (24) context_id : 0x0000 (0) cancel_count : 0x00 (0) _pad : DATA_BLOB length=1 [0000] 00 . stub_and_verifier : DATA_BLOB length=24 [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ [0010] 00 00 00 00 00 00 00 00 ........ Got pdu len 48, data_len 24, ss_len 0 rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes. lsa_Close: struct lsa_Close out: struct lsa_Close handle : * handle: struct policy_handle handle_type : 0x00000000 (0) uuid : 00000000-0000-0000-0000-000000000000 result : NT_STATUS_OK create_local_private_krb5_conf_for_domain: fname /var/cache/samba/smb_krb5/krb5.conf.DAN2003, realm dan2003.sample.domain.com, domain = DAN2003 saf_fetch: Returning "SERVERDC1001.dan2003.sample.domain.com" for "dan2003.sample.domain.com" domain get_dc_list: preferred server list: "SERVERDC1001.dan2003.sample.domain.com, *" internal_resolve_name: looking up dan2003.sample.domain.com#1c (sitename (null)) name dan2003.sample.domain.com#1C found. remove_duplicate_addrs2: looking for duplicate address/port pairs Adding 11 DC's from auto lookup sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM internal_resolve_name: looking up SERVERDC1001.dan2003.sample.domain.com#20 (sitename (null)) name SERVERDC1001.dan2003.sample.domain.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.80.8.88 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.124.23.5 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.184.32.187 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.161.8.2 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.184.32.58 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.84.136.29 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.80.8.88 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.52.69.202 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.76.8.118 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.94.76.240 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.72.136.53 check_negative_conn_cache returning result 0 for domain dan2003.sample.domain.com server 10.68.140.2 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 11 ip addresses in an ordered list get_dc_list: 10.80.8.88:389 10.124.23.5:389 10.184.32.187:389 10.161.8.2:389 10.184.32.58:389 10.84.136.29:389 10.52.69.202:389 10.76.8.118:389 10.94.76.240:389 10.72.136.53:389 10.68.140.2:389 &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000317c (12668) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 0: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54 forest : 'sample.domain.com' dns_domain : 'dan2003.sample.domain.com' pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com' domain_name : 'DAN2003' pdc_name : 'SERVERDC1001' user_name : '' server_site : 'UK-Lanc-BH-LAN-Main' client_site : '' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) get_kdc_ip_string: Returning kdc = 10.80.8.88 create_local_private_krb5_conf_for_domain: wrote file /var/cache/samba/smb_krb5/krb5.conf.DAN2003 with realm DAN2003.SAMPLE.DOMAIN.COM KDC list = kdc = 10.80.8.88 sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20 (sitename (null)) name serverDC1001.dan2003.sample.domain.com#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs ads_try_connect: sending CLDAP request to 10.80.8.88 (realm: dan2003.sample.domain.com) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x0000317c (12668) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 0: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54 forest : 'sample.domain.com' dns_domain : 'dan2003.sample.domain.com' pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com' domain_name : 'DAN2003' pdc_name : 'SERVERDC1001' user_name : '' server_site : 'UK-Lanc-BH-LAN-Main' client_site : '' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: deleting empty sitename! Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003]) sitename_store: deleting empty sitename! Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM]) Successfully contacted LDAP server 10.80.8.88 Opening connection to LDAP server 'SERVERDC1001.dan2003.sample.domain.com:389', timeout 15 seconds Connected to LDAP server 'SERVERDC1001.dan2003.sample.domain.com:389' Connected to LDAP server SERVERDC1001.dan2003.sample.domain.com ads_sitename_match: no match between server: UK-Lanc-BH-LAN-Main and client: NULL ads_closest_dc: client belongs to no site saf_store: domain = [DAN2003], server [SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386] Did not store value for SAF/DOMAIN/DAN2003, we already got it saf_store: domain = [dan2003.sample.domain.com], server [SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386] Did not store value for SAF/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM, we already got it KDC time offset is 0 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name not_defined_in_RFC4178 at please_ignore ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling kinit kerberos_kinit_password: as SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM using [MEMORY:net_ads] as ccache and config [/var/cache/samba/smb_krb5/krb5.conf.DAN2003] kerberos_kinit_password SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM failed: Cannot contact any KDC for requested realm libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'DAN2003' dns_domain_name : 'dan2003.sample.domain.com' forest_name : 'sample.domain.com' dn : NULL domain_sid : * domain_sid : S-1-5-21-73586283-854245398-682003330 modified_config : 0x00 (0) error_string : 'failed to connect to AD: Cannot contact any KDC for requested realm' domain_is_ad : 0x01 (1) result : WERR_DEFAULT_JOIN_REQUIRED Failed to join domain: failed to connect to AD: Cannot contact any KDC for requested realm return code = -1 myuser at myserver:~$ myuser at myserver:~$ myuser at myserver:~$ myuser at myserver:~$ -- View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555.html Sent from the Samba - General mailing list archive at Nabble.com.
Rowland Penny
2015-Apr-17 12:01 UTC
[Samba] Cannot join Ubuntu12.04 Samba 4.1.17 to domain
On 17/04/15 12:29, ivenhov wrote:> Hi all > > I'm desperate now. > > On one of the sites I cannot connect Ubuntu to Windows AD 2003. > Error below. > On exactly the same setup but on a different network and also on VirtualBox > VMs everything works as expected. > Looks like something on the network then or mission parameter. > Error is about KDC but I can successfully do kinit and get ticket. > I can also successfully run: > sudo net ads info > > Failing command: > > myuser at myserver:~$ sudo net ads join > createcomputer="MyStructure/Internal/Servers/UnManaged" -S > serverDC1001.dan2003.sample.domain.com -U SUPER-USER -d10 > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > Processing section "[global]" > doing parameter workgroup = DAN2003 > doing parameter realm = DAN2003.SAMPLE.DOMAIN.COM > doing parameter server string = MySpecial server %h > doing parameter security = ADS > doing parameter map to guest = Bad User > doing parameter obey pam restrictions = Yes > doing parameter pam password change = Yes > doing parameter passwd program = /usr/bin/passwd %u > doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > doing parameter unix password sync = Yes > doing parameter syslog = 0 > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 1000 > doing parameter server max protocol = SMB2 > doing parameter min receivefile size = 13638 > doing parameter max xmit = 131072 > doing parameter socket options = TCP_NODELAY SO_RCVBUF=262144 > SO_SNDBUF=262144 IPTOS_LOWDELAY SO_KEEPALIVE > doing parameter load printers = No > doing parameter printcap name = /dev/null > doing parameter disable spoolss = Yes > doing parameter dns proxy = No > doing parameter usershare allow guests = Yes > doing parameter panic action = /usr/share/samba/panic-action %d > doing parameter template homedir = /dev/null > doing parameter template shell = /bin/true > doing parameter winbind enum users = Yes > doing parameter winbind enum groups = Yes > doing parameter winbind use default domain = Yes > doing parameter idmap config * : range = 100000-200000 > doing parameter idmap config * : backend = tdb > doing parameter aio read size = 1 > doing parameter aio write size = 1 > doing parameter aio write behind = true > doing parameter use sendfile = Yes > doing parameter write cache size = 12826144 > doing parameter printing = bsd > doing parameter print command = lpr -r -P'%p' %s > doing parameter lpq command = lpq -P'%p' > doing parameter lprm command = lprm -P'%p' %j > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="MYSERVER" > added interface bond0 ip=10.80.100.74 bcast=10.80.100.255 > netmask=255.255.255.0 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > Enter SUPER-USER's password: > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : > 'serverDC1001.dan2003.sample.domain.com' > machine_name : 'MYSERVER' > domain_name : * > domain_name : 'DAN2003.SAMPLE.DOMAIN.COM' > account_ou : > 'MyStructure/Internal/Servers/UnManaged' > admin_account : 'SUPER-USER' > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/cache/samba/gencache_notrans.tdb > sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM > internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20 > (sitename (null)) > name serverDC1001.dan2003.sample.domain.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Connecting to 10.80.8.88 at port 445 > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 16 > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 262142 > SO_RCVBUF = 262142 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=120) > got OID=1.3.6.1.4.1.311.2.2.30 > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.2.840.113554.1.2.2.3 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0008 (8) > DomainNameMaxLen : 0x0008 (8) > DomainName : * > DomainName : 'DAN2003' > WorkstationLen : 0x000e (14) > WorkstationMaxLen : 0x000e (14) > Workstation : * > Workstation : 'MYSERVER' > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0010 (16) > TargetNameMaxLen : 0x0010 (16) > TargetName : * > TargetName : 'DAN2003' > NegotiateFlags : 0x62898215 (1653178901) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 1: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : d19c394ddd43af69 > Reserved : 0000000000000000 > TargetInfoLen : 0x00da (218) > TargetNameInfoMaxLen : 0x00da (218) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000007 (7) > pair: ARRAY(7) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0010 (16) > Value : union > ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'DAN2003' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x0016 (22) > Value : union > ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SERVERDC1001' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x002e (46) > Value : union > ntlmssp_AvValue(case 0x4) > AvDnsDomainName : > 'dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName > (0x3) > AvLen : 0x0046 (70) > Value : union > ntlmssp_AvValue(case 0x3) > AvDnsComputerName : > 'SERVERDC1001.dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvDnsTreeName (0x5) > AvLen : 0x001c (28) > Value : union > ntlmssp_AvValue(case 0x5) > AvDnsTreeName : 'sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union > ntlmssp_AvValue(case 0x7) > AvTimestamp : Tue Apr 14 12:28:04 2015 > UTC > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union > ntlmssp_AvValue(case 0x0) > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) > ProductBuild : 0x1db1 (7601) > Reserved : 000000 > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) > Got challenge flags: > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : > de06e6edc8275e8aa58a9e95067f4cbc5bb6ac5b0279a515 > NtChallengeResponseLen : 0x0106 (262) > NtChallengeResponseMaxLen: 0x0106 (262) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 262) > v2: struct NTLMv2_RESPONSE > Response : a5e98b1ba196aa8513fdbecb1a53a3ac > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Tue Apr 14 12:28:03 2015 UTC > ChallengeFromClient : 1ca419ea47cceec3 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000007 (7) > pair: ARRAY(7) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName > (0x2) > AvLen : 0x0010 (16) > Value : union > ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'DAN2003' > pair: struct AV_PAIR > AvId : > MsvAvNbComputerName (0x1) > AvLen : 0x0016 (22) > Value : union > ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SERVERDC1001' > pair: struct AV_PAIR > AvId : > MsvAvDnsDomainName (0x4) > AvLen : 0x002e (46) > Value : union > ntlmssp_AvValue(case 0x4) > AvDnsDomainName : > 'dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : > MsvAvDnsComputerName (0x3) > AvLen : 0x0046 (70) > Value : union > ntlmssp_AvValue(case 0x3) > AvDnsComputerName : > 'SERVERDC1001.dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvDnsTreeName > (0x5) > AvLen : 0x001c (28) > Value : union > ntlmssp_AvValue(case 0x5) > AvDnsTreeName : > 'sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvTimestamp > (0x7) > AvLen : 0x0008 (8) > Value : union > ntlmssp_AvValue(case 0x7) > AvTimestamp : Tue Apr 14 > 12:28:04 2015 UTC > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union > ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > UserNameLen : 0x0012 (18) > UserNameMaxLen : 0x0012 (18) > UserName : * > UserName : 'SUPER-USER' > WorkstationLen : 0x001c (28) > WorkstationMaxLen : 0x001c (28) > Workstation : * > Workstation : 'MYSERVER' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [0000] 48 09 D4 57 08 FC AD F2 DD B7 FB 1D 65 28 BC 8A H..W.... ....e(.. > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > cli_init_creds: user SUPER-USER domain > Bind RPC Pipe: host serverDC1001.dan2003.sample.domain.com auth_type 0, > auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : > 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00069674 (431732) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 > [0000] 71 71 qq > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 68 bytes. > check_bind_response: accepted! > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine > serverDC1001.dan2003.sample.domain.com and bound anonymously. > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 7E 29 EA FB 47 80 8A 49 9C 2F 88 A6 ....~).. G..I./.. > [0010] 65 A8 5D 72 00 00 00 00 e.]r.... > Got pdu len 48, data_len 24, ss_len 0 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > fbea297e-8047-498a-9c2f-88a665a85d72 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > fbea297e-8047-498a-9c2f-88a665a85d72 > level : LSA_POLICY_INFO_DNS (12) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x002e (46) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 220 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00ec (236) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000d4 (212) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=212 > [0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........ > [0010] 2E 00 30 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ..0..... ........ > [0020] 72 C5 DE 51 A1 3A D6 45 AA C3 E3 27 E8 31 0B 54 r..Q.:.E ...'.1.T > [0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........ > [0040] 4E 00 41 00 54 00 49 00 4F 00 4E 00 41 00 4C 00 N.A.T.I. O.N.A.L. > [0050] 18 00 00 00 00 00 00 00 17 00 00 00 6E 00 61 00 ........ ....n.a. > [0060] 74 00 69 00 6F 00 6E 00 61 00 6C 00 2E 00 63 00 t.i.o.n. a.l...c. > [0070] 6F 00 72 00 65 00 2E 00 62 00 62 00 63 00 2E 00 o.r.e... b.b.c... > [0080] 63 00 6F 00 2E 00 75 00 6B 00 00 00 0F 00 00 00 c.o...u. k....... > [0090] 00 00 00 00 0E 00 00 00 63 00 6F 00 72 00 65 00 ........ c.o.r.e. > [00A0] 2E 00 62 00 62 00 63 00 2E 00 63 00 6F 00 2E 00 ..b.b.c. ..c.o... > [00B0] 75 00 6B 00 04 00 00 00 01 04 00 00 00 00 00 05 u.k..... ........ > [00C0] 15 00 00 00 6B D6 62 04 16 C0 EA 32 82 8B A6 28 ....k.b. ...2...( > [00D0] 00 00 00 00 .... > Got pdu len 236, data_len 212, ss_len 0 > rpc_api_pipe: got frag len of 236 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 212 > bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union > lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x0010 (16) > size : 0x0012 (18) > string : * > string : 'DAN2003' > dns_domain: struct lsa_StringLarge > length : 0x002e (46) > size : 0x0030 (48) > string : * > string : > 'dan2003.sample.domain.com' > dns_forest: struct lsa_StringLarge > length : 0x001c (28) > size : 0x001e (30) > string : * > string : > 'sample.domain.com' > domain_guid : > 51dec572-3aa1-45d6-aac3-e327e8310b54 > sid : * > sid : > S-1-5-21-73586283-854245398-682003330 > result : NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > fbea297e-8047-498a-9c2f-88a665a85d72 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ > Got pdu len 48, data_len 24, ss_len 0 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > create_local_private_krb5_conf_for_domain: fname > /var/cache/samba/smb_krb5/krb5.conf.DAN2003, realm > dan2003.sample.domain.com, domain = DAN2003 > saf_fetch: Returning "SERVERDC1001.dan2003.sample.domain.com" for > "dan2003.sample.domain.com" domain > get_dc_list: preferred server list: "SERVERDC1001.dan2003.sample.domain.com, > *" > internal_resolve_name: looking up dan2003.sample.domain.com#1c (sitename > (null)) > name dan2003.sample.domain.com#1C found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Adding 11 DC's from auto lookup > sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM > internal_resolve_name: looking up SERVERDC1001.dan2003.sample.domain.com#20 > (sitename (null)) > name SERVERDC1001.dan2003.sample.domain.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.80.8.88 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.124.23.5 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.184.32.187 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.161.8.2 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.184.32.58 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.84.136.29 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.80.8.88 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.52.69.202 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.76.8.118 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.94.76.240 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.72.136.53 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.68.140.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 11 ip addresses in an ordered list > get_dc_list: 10.80.8.88:389 10.124.23.5:389 10.184.32.187:389 10.161.8.2:389 > 10.184.32.58:389 10.84.136.29:389 10.52.69.202:389 10.76.8.118:389 > 10.94.76.240:389 10.72.136.53:389 10.68.140.2:389 > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000317c (12668) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 0: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54 > forest : 'sample.domain.com' > dns_domain : 'dan2003.sample.domain.com' > pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com' > domain_name : 'DAN2003' > pdc_name : 'SERVERDC1001' > user_name : '' > server_site : 'UK-Lanc-BH-LAN-Main' > client_site : '' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > get_kdc_ip_string: Returning kdc = 10.80.8.88 > > create_local_private_krb5_conf_for_domain: wrote file > /var/cache/samba/smb_krb5/krb5.conf.DAN2003 with realm > DAN2003.SAMPLE.DOMAIN.COM KDC list = kdc = 10.80.8.88 > > sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM > internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20 > (sitename (null)) > name serverDC1001.dan2003.sample.domain.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > ads_try_connect: sending CLDAP request to 10.80.8.88 (realm: > dan2003.sample.domain.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000317c (12668) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 0: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54 > forest : 'sample.domain.com' > dns_domain : 'dan2003.sample.domain.com' > pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com' > domain_name : 'DAN2003' > pdc_name : 'SERVERDC1001' > user_name : '' > server_site : 'UK-Lanc-BH-LAN-Main' > client_site : '' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > sitename_store: deleting empty sitename! > Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003]) > sitename_store: deleting empty sitename! > Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM]) > Successfully contacted LDAP server 10.80.8.88 > Opening connection to LDAP server > 'SERVERDC1001.dan2003.sample.domain.com:389', timeout 15 seconds > Connected to LDAP server 'SERVERDC1001.dan2003.sample.domain.com:389' > Connected to LDAP server SERVERDC1001.dan2003.sample.domain.com > ads_sitename_match: no match between server: UK-Lanc-BH-LAN-Main and client: > NULL > ads_closest_dc: client belongs to no site > saf_store: domain = [DAN2003], server > [SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386] > Did not store value for SAF/DOMAIN/DAN2003, we already got it > saf_store: domain = [dan2003.sample.domain.com], server > [SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386] > Did not store value for SAF/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM, we already got > it > KDC time offset is 0 seconds > Found SASL mechanism GSS-SPNEGO > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 > ads_sasl_spnego_bind: got server principal name > not_defined_in_RFC4178 at please_ignore > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) > ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling > kinit > kerberos_kinit_password: as SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM using > [MEMORY:net_ads] as ccache and config > [/var/cache/samba/smb_krb5/krb5.conf.DAN2003] > kerberos_kinit_password SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM failed: Cannot > contact any KDC for requested realm > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'DAN2003' > dns_domain_name : 'dan2003.sample.domain.com' > forest_name : 'sample.domain.com' > dn : NULL > domain_sid : * > domain_sid : > S-1-5-21-73586283-854245398-682003330 > modified_config : 0x00 (0) > error_string : 'failed to connect to AD: Cannot > contact any KDC for requested realm' > domain_is_ad : 0x01 (1) > result : WERR_DEFAULT_JOIN_REQUIRED > Failed to join domain: failed to connect to AD: Cannot contact any KDC for > requested realm > return code = -1 > myuser at myserver:~$ > myuser at myserver:~$ > myuser at myserver:~$ > myuser at myserver:~$ > > > > > -- > View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555.html > Sent from the Samba - General mailing list archive at Nabble.com.OK, what have you got in /etc/krb5.conf ? Does /etc/resolv.conf point to the AD DC ? Have you turned off dnsmasq in NetworkManager ? We will come to what you shouldn't have in smb.conf once you have joined the domain. Rowland
Hi Rowland I don't have krb5.conf at hand at the moment but I've checked it multiple times and I think is OK since I can get ticket via kinit. resolv.conf points to my DNS I can resolve AD hostname via host serverDC1001.dan2003.sample.domain.com and via host 10.80.8.88 Regarding NetworkManager, my machine is a headless server so dnsmasq does not apply I guess? Bit of a back story Initially I had Samba 3.6 on that machine and it was joined to the domain, then removed from domain. I've done disk backup of it, then put Samba Sernet 4.1.17 on it and attempted to joined which fails. After 2 days of struggle I rolled back to the snapshot 3.6 issues join command and it worked. I haven't changed config files between versions Thanks for any suggestions. D. -- View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555p4684559.html Sent from the Samba - General mailing list archive at Nabble.com.
Apparently Analagous Threads
- Cannot join Ubuntu12.04 Samba 4.1.17 to domain
- not able to connect to windows machine
- Debian Jessie joining AD as member fails with "The object name is not found."
- Debian Jessie joining AD as member fails with "The object name is not found."
- Problem with SPNEGO on full trust 2016 DC <> Samba 4.10.7 AD