Hi all
I'm desperate now.
On one of the sites I cannot connect Ubuntu to Windows AD 2003.
Error below.
On exactly the same setup but on a different network and also on VirtualBox
VMs everything works as expected.
Looks like something on the network then or mission parameter.
Error is about KDC but I can successfully do kinit and get ticket.
I can also successfully run:
sudo net ads info
Failing command:
myuser at myserver:~$ sudo net ads join
createcomputer="MyStructure/Internal/Servers/UnManaged" -S
serverDC1001.dan2003.sample.domain.com -U SUPER-USER -d10
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
lp_load_ex: refreshing parameters
Initialising global parameters
INFO: Current debug levels:
all: 10
tdb: 10
printdrivers: 10
lanman: 10
smb: 10
rpc_parse: 10
rpc_srv: 10
rpc_cli: 10
passdb: 10
sam: 10
auth: 10
winbind: 10
vfs: 10
idmap: 10
quota: 10
acls: 10
locking: 10
msdfs: 10
dmapi: 10
registry: 10
scavenger: 10
dns: 10
ldb: 10
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = DAN2003
doing parameter realm = DAN2003.SAMPLE.DOMAIN.COM
doing parameter server string = MySpecial server %h
doing parameter security = ADS
doing parameter map to guest = Bad User
doing parameter obey pam restrictions = Yes
doing parameter pam password change = Yes
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n
*Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
doing parameter unix password sync = Yes
doing parameter syslog = 0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter server max protocol = SMB2
doing parameter min receivefile size = 13638
doing parameter max xmit = 131072
doing parameter socket options = TCP_NODELAY SO_RCVBUF=262144
SO_SNDBUF=262144 IPTOS_LOWDELAY SO_KEEPALIVE
doing parameter load printers = No
doing parameter printcap name = /dev/null
doing parameter disable spoolss = Yes
doing parameter dns proxy = No
doing parameter usershare allow guests = Yes
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter template homedir = /dev/null
doing parameter template shell = /bin/true
doing parameter winbind enum users = Yes
doing parameter winbind enum groups = Yes
doing parameter winbind use default domain = Yes
doing parameter idmap config * : range = 100000-200000
doing parameter idmap config * : backend = tdb
doing parameter aio read size = 1
doing parameter aio write size = 1
doing parameter aio write behind = true
doing parameter use sendfile = Yes
doing parameter write cache size = 12826144
doing parameter printing = bsd
doing parameter print command = lpr -r -P'%p' %s
doing parameter lpq command = lpq -P'%p'
doing parameter lprm command = lprm -P'%p' %j
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="MYSERVER"
added interface bond0 ip=10.80.100.74 bcast=10.80.100.255
netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Enter SUPER-USER's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name :
'serverDC1001.dan2003.sample.domain.com'
machine_name : 'MYSERVER'
domain_name : *
domain_name : 'DAN2003.SAMPLE.DOMAIN.COM'
account_ou :
'MyStructure/Internal/Servers/UnManaged'
admin_account : 'SUPER-USER'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/cache/samba/gencache_notrans.tdb
sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM
internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20
(sitename (null))
name serverDC1001.dan2003.sample.domain.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Connecting to 10.80.8.88 at port 445
Socket options:
SO_KEEPALIVE = 1
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 16
IPTOS_THROUGHPUT = 16
SO_SNDBUF = 262142
SO_RCVBUF = 262142
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
negotiate: struct NEGOTIATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmNegotiate (1)
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
DomainNameLen : 0x0008 (8)
DomainNameMaxLen : 0x0008 (8)
DomainName : *
DomainName : 'DAN2003'
WorkstationLen : 0x000e (14)
WorkstationMaxLen : 0x000e (14)
Workstation : *
Workstation : 'MYSERVER'
challenge: struct CHALLENGE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmChallenge (0x2)
TargetNameLen : 0x0010 (16)
TargetNameMaxLen : 0x0010 (16)
TargetName : *
TargetName : 'DAN2003'
NegotiateFlags : 0x62898215 (1653178901)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
1: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
1: NTLMSSP_NEGOTIATE_TARGET_INFO
1: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
ServerChallenge : d19c394ddd43af69
Reserved : 0000000000000000
TargetInfoLen : 0x00da (218)
TargetNameInfoMaxLen : 0x00da (218)
TargetInfo : *
TargetInfo: struct AV_PAIR_LIST
count : 0x00000007 (7)
pair: ARRAY(7)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName (0x2)
AvLen : 0x0010 (16)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'DAN2003'
pair: struct AV_PAIR
AvId : MsvAvNbComputerName (0x1)
AvLen : 0x0016 (22)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName : 'SERVERDC1001'
pair: struct AV_PAIR
AvId : MsvAvDnsDomainName (0x4)
AvLen : 0x002e (46)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName :
'dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvDnsComputerName
(0x3)
AvLen : 0x0046 (70)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName :
'SERVERDC1001.dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvDnsTreeName (0x5)
AvLen : 0x001c (28)
Value : union
ntlmssp_AvValue(case 0x5)
AvDnsTreeName : 'sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvTimestamp (0x7)
AvLen : 0x0008 (8)
Value : union
ntlmssp_AvValue(case 0x7)
AvTimestamp : Tue Apr 14 12:28:04 2015
UTC
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
Version: struct ntlmssp_VERSION
ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6)
ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1)
ProductBuild : 0x1db1 (7601)
Reserved : 000000
NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF)
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
authenticate: struct AUTHENTICATE_MESSAGE
Signature : 'NTLMSSP'
MessageType : NtLmAuthenticate (3)
LmChallengeResponseLen : 0x0018 (24)
LmChallengeResponseMaxLen: 0x0018 (24)
LmChallengeResponse : *
LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24)
v1: struct LM_RESPONSE
Response :
de06e6edc8275e8aa58a9e95067f4cbc5bb6ac5b0279a515
NtChallengeResponseLen : 0x0106 (262)
NtChallengeResponseMaxLen: 0x0106 (262)
NtChallengeResponse : *
NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 262)
v2: struct NTLMv2_RESPONSE
Response : a5e98b1ba196aa8513fdbecb1a53a3ac
Challenge: struct NTLMv2_CLIENT_CHALLENGE
RespType : 0x01 (1)
HiRespType : 0x01 (1)
Reserved1 : 0x0000 (0)
Reserved2 : 0x00000000 (0)
TimeStamp : Tue Apr 14 12:28:03 2015 UTC
ChallengeFromClient : 1ca419ea47cceec3
Reserved3 : 0x00000000 (0)
AvPairs: struct AV_PAIR_LIST
count : 0x00000007 (7)
pair: ARRAY(7)
pair: struct AV_PAIR
AvId : MsvAvNbDomainName
(0x2)
AvLen : 0x0010 (16)
Value : union
ntlmssp_AvValue(case 0x2)
AvNbDomainName : 'DAN2003'
pair: struct AV_PAIR
AvId :
MsvAvNbComputerName (0x1)
AvLen : 0x0016 (22)
Value : union
ntlmssp_AvValue(case 0x1)
AvNbComputerName :
'SERVERDC1001'
pair: struct AV_PAIR
AvId :
MsvAvDnsDomainName (0x4)
AvLen : 0x002e (46)
Value : union
ntlmssp_AvValue(case 0x4)
AvDnsDomainName :
'dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId :
MsvAvDnsComputerName (0x3)
AvLen : 0x0046 (70)
Value : union
ntlmssp_AvValue(case 0x3)
AvDnsComputerName :
'SERVERDC1001.dan2003.sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvDnsTreeName
(0x5)
AvLen : 0x001c (28)
Value : union
ntlmssp_AvValue(case 0x5)
AvDnsTreeName :
'sample.domain.com'
pair: struct AV_PAIR
AvId : MsvAvTimestamp
(0x7)
AvLen : 0x0008 (8)
Value : union
ntlmssp_AvValue(case 0x7)
AvTimestamp : Tue Apr 14
12:28:04 2015 UTC
pair: struct AV_PAIR
AvId : MsvAvEOL (0x0)
AvLen : 0x0000 (0)
Value : union
ntlmssp_AvValue(case 0x0)
DomainNameLen : 0x0000 (0)
DomainNameMaxLen : 0x0000 (0)
DomainName : *
DomainName : ''
UserNameLen : 0x0012 (18)
UserNameMaxLen : 0x0012 (18)
UserName : *
UserName : 'SUPER-USER'
WorkstationLen : 0x001c (28)
WorkstationMaxLen : 0x001c (28)
Workstation : *
Workstation : 'MYSERVER'
EncryptedRandomSessionKeyLen: 0x0010 (16)
EncryptedRandomSessionKeyMaxLen: 0x0010 (16)
EncryptedRandomSessionKey: *
EncryptedRandomSessionKey: DATA_BLOB length=16
[0000] 48 09 D4 57 08 FC AD F2 DD B7 FB 1D 65 28 BC 8A H..W.... ....e(..
NegotiateFlags : 0x60088215 (1611170325)
1: NTLMSSP_NEGOTIATE_UNICODE
0: NTLMSSP_NEGOTIATE_OEM
1: NTLMSSP_REQUEST_TARGET
1: NTLMSSP_NEGOTIATE_SIGN
0: NTLMSSP_NEGOTIATE_SEAL
0: NTLMSSP_NEGOTIATE_DATAGRAM
0: NTLMSSP_NEGOTIATE_LM_KEY
0: NTLMSSP_NEGOTIATE_NETWARE
1: NTLMSSP_NEGOTIATE_NTLM
0: NTLMSSP_NEGOTIATE_NT_ONLY
0: NTLMSSP_ANONYMOUS
0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED
0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED
0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL
1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN
0: NTLMSSP_TARGET_TYPE_DOMAIN
0: NTLMSSP_TARGET_TYPE_SERVER
0: NTLMSSP_TARGET_TYPE_SHARE
1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
0: NTLMSSP_NEGOTIATE_IDENTIFY
0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY
0: NTLMSSP_NEGOTIATE_TARGET_INFO
0: NTLMSSP_NEGOTIATE_VERSION
1: NTLMSSP_NEGOTIATE_128
1: NTLMSSP_NEGOTIATE_KEY_EXCH
0: NTLMSSP_NEGOTIATE_56
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
cli_init_creds: user SUPER-USER domain
Bind RPC Pipe: host serverDC1001.dan2003.sample.domain.com auth_type 0,
auth_level 1
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND (11)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0048 (72)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 11)
bind: struct dcerpc_bind
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00000000 (0)
num_contexts : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ctx_list
context_id : 0x0000 (0)
num_transfer_syntaxes : 0x01 (1)
abstract_syntax: struct ndr_syntax_id
uuid :
12345778-1234-abcd-ef00-0123456789ab
if_version : 0x00000000 (0)
transfer_syntaxes: ARRAY(1)
transfer_syntaxes: struct ndr_syntax_id
uuid :
8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 52
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_BIND_ACK (12)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0044 (68)
auth_length : 0x0000 (0)
call_id : 0x00000001 (1)
u : union dcerpc_payload(case 12)
bind_ack: struct dcerpc_bind_ack
max_xmit_frag : 0x10b8 (4280)
max_recv_frag : 0x10b8 (4280)
assoc_group_id : 0x00069674 (431732)
secondary_address_size : 0x000c (12)
secondary_address : '\pipe\lsass'
_pad1 : DATA_BLOB length=2
[0000] 71 71 qq
num_results : 0x01 (1)
ctx_list: ARRAY(1)
ctx_list: struct dcerpc_ack_ctx
result : 0x0000 (0)
reason : 0x0000 (0)
syntax: struct ndr_syntax_id
uuid :
8a885d04-1ceb-11c9-9fe8-08002b104860
if_version : 0x00000002 (2)
auth_info : DATA_BLOB length=0
rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 68 bytes.
check_bind_response: accepted!
cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine
serverDC1001.dan2003.sample.domain.com and bound anonymously.
lsa_OpenPolicy: struct lsa_OpenPolicy
in: struct lsa_OpenPolicy
system_name : *
system_name : 0x005c (92)
attr : *
attr: struct lsa_ObjectAttribute
len : 0x00000018 (24)
root_dir : NULL
object_name : NULL
attributes : 0x00000000 (0)
sec_desc : NULL
sec_qos : *
sec_qos: struct lsa_QosInfo
len : 0x0000000c (12)
impersonation_level : 0x0002 (2)
context_mode : 0x01 (1)
effective_only : 0x00 (0)
access_mask : 0x02000000 (33554432)
0: LSA_POLICY_VIEW_LOCAL_INFORMATION
0: LSA_POLICY_VIEW_AUDIT_INFORMATION
0: LSA_POLICY_GET_PRIVATE_INFORMATION
0: LSA_POLICY_TRUST_ADMIN
0: LSA_POLICY_CREATE_ACCOUNT
0: LSA_POLICY_CREATE_SECRET
0: LSA_POLICY_CREATE_PRIVILEGE
0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS
0: LSA_POLICY_SET_AUDIT_REQUIREMENTS
0: LSA_POLICY_AUDIT_LOG_ADMIN
0: LSA_POLICY_SERVER_ADMIN
0: LSA_POLICY_LOOKUP_NAMES
0: LSA_POLICY_NOTIFICATION
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x0000002c (44)
context_id : 0x0000 (0)
opnum : 0x0006 (6)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000002 (2)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 7E 29 EA FB 47 80 8A 49 9C 2F 88 A6 ....~).. G..I./..
[0010] 65 A8 5D 72 00 00 00 00 e.]r....
Got pdu len 48, data_len 24, ss_len 0
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes.
lsa_OpenPolicy: struct lsa_OpenPolicy
out: struct lsa_OpenPolicy
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
fbea297e-8047-498a-9c2f-88a665a85d72
result : NT_STATUS_OK
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
in: struct lsa_QueryInfoPolicy2
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
fbea297e-8047-498a-9c2f-88a665a85d72
level : LSA_POLICY_INFO_DNS (12)
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000016 (22)
context_id : 0x0000 (0)
opnum : 0x002e (46)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 220
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x00ec (236)
auth_length : 0x0000 (0)
call_id : 0x00000003 (3)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x000000d4 (212)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=212
[0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........
[0010] 2E 00 30 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ..0..... ........
[0020] 72 C5 DE 51 A1 3A D6 45 AA C3 E3 27 E8 31 0B 54 r..Q.:.E ...'.1.T
[0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........
[0040] 4E 00 41 00 54 00 49 00 4F 00 4E 00 41 00 4C 00 N.A.T.I. O.N.A.L.
[0050] 18 00 00 00 00 00 00 00 17 00 00 00 6E 00 61 00 ........ ....n.a.
[0060] 74 00 69 00 6F 00 6E 00 61 00 6C 00 2E 00 63 00 t.i.o.n. a.l...c.
[0070] 6F 00 72 00 65 00 2E 00 62 00 62 00 63 00 2E 00 o.r.e... b.b.c...
[0080] 63 00 6F 00 2E 00 75 00 6B 00 00 00 0F 00 00 00 c.o...u. k.......
[0090] 00 00 00 00 0E 00 00 00 63 00 6F 00 72 00 65 00 ........ c.o.r.e.
[00A0] 2E 00 62 00 62 00 63 00 2E 00 63 00 6F 00 2E 00 ..b.b.c. ..c.o...
[00B0] 75 00 6B 00 04 00 00 00 01 04 00 00 00 00 00 05 u.k..... ........
[00C0] 15 00 00 00 6B D6 62 04 16 C0 EA 32 82 8B A6 28 ....k.b. ...2...(
[00D0] 00 00 00 00 ....
Got pdu len 236, data_len 212, ss_len 0
rpc_api_pipe: got frag len of 236 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 212
bytes.
lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2
out: struct lsa_QueryInfoPolicy2
info : *
info : *
info : union
lsa_PolicyInformation(case 12)
dns: struct lsa_DnsDomainInfo
name: struct lsa_StringLarge
length : 0x0010 (16)
size : 0x0012 (18)
string : *
string : 'DAN2003'
dns_domain: struct lsa_StringLarge
length : 0x002e (46)
size : 0x0030 (48)
string : *
string :
'dan2003.sample.domain.com'
dns_forest: struct lsa_StringLarge
length : 0x001c (28)
size : 0x001e (30)
string : *
string :
'sample.domain.com'
domain_guid :
51dec572-3aa1-45d6-aac3-e327e8310b54
sid : *
sid :
S-1-5-21-73586283-854245398-682003330
result : NT_STATUS_OK
lsa_Close: struct lsa_Close
in: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
fbea297e-8047-498a-9c2f-88a665a85d72
&r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_REQUEST (0)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0018 (24)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 0)
request: struct dcerpc_request
alloc_hint : 0x00000014 (20)
context_id : 0x0000 (0)
opnum : 0x0000 (0)
object : union dcerpc_object(case 0)
empty: struct dcerpc_empty
_pad : DATA_BLOB length=0
stub_and_verifier : DATA_BLOB length=0
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com
num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0,
data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2,
param_disp=0, data_offset=84, data_pad=0, data_disp=0
rpc_read_send: data_to_read: 32
r: struct ncacn_packet
rpc_vers : 0x05 (5)
rpc_vers_minor : 0x00 (0)
ptype : DCERPC_PKT_RESPONSE (2)
pfc_flags : 0x03 (3)
drep: ARRAY(4)
[0] : 0x10 (16)
[1] : 0x00 (0)
[2] : 0x00 (0)
[3] : 0x00 (0)
frag_length : 0x0030 (48)
auth_length : 0x0000 (0)
call_id : 0x00000004 (4)
u : union dcerpc_payload(case 2)
response: struct dcerpc_response
alloc_hint : 0x00000018 (24)
context_id : 0x0000 (0)
cancel_count : 0x00 (0)
_pad : DATA_BLOB length=1
[0000] 00 .
stub_and_verifier : DATA_BLOB length=24
[0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........
[0010] 00 00 00 00 00 00 00 00 ........
Got pdu len 48, data_len 24, ss_len 0
rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK
rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes.
lsa_Close: struct lsa_Close
out: struct lsa_Close
handle : *
handle: struct policy_handle
handle_type : 0x00000000 (0)
uuid :
00000000-0000-0000-0000-000000000000
result : NT_STATUS_OK
create_local_private_krb5_conf_for_domain: fname
/var/cache/samba/smb_krb5/krb5.conf.DAN2003, realm dan2003.sample.domain.com,
domain = DAN2003
saf_fetch: Returning "SERVERDC1001.dan2003.sample.domain.com" for
"dan2003.sample.domain.com" domain
get_dc_list: preferred server list:
"SERVERDC1001.dan2003.sample.domain.com,
*"
internal_resolve_name: looking up dan2003.sample.domain.com#1c (sitename
(null))
name dan2003.sample.domain.com#1C found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
Adding 11 DC's from auto lookup
sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM
internal_resolve_name: looking up SERVERDC1001.dan2003.sample.domain.com#20
(sitename (null))
name SERVERDC1001.dan2003.sample.domain.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.80.8.88
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.124.23.5
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.184.32.187
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.161.8.2
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.184.32.58
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.84.136.29
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.80.8.88
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.52.69.202
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.76.8.118
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.94.76.240
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.72.136.53
check_negative_conn_cache returning result 0 for domain
dan2003.sample.domain.com server 10.68.140.2
remove_duplicate_addrs2: looking for duplicate address/port pairs
get_dc_list: returning 11 ip addresses in an ordered list
get_dc_list: 10.80.8.88:389 10.124.23.5:389 10.184.32.187:389 10.161.8.2:389
10.184.32.58:389 10.84.136.29:389 10.52.69.202:389 10.76.8.118:389
10.94.76.240:389 10.72.136.53:389 10.68.140.2:389
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000317c (12668)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
0: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
0: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54
forest : 'sample.domain.com'
dns_domain : 'dan2003.sample.domain.com'
pdc_dns_name :
'SERVERDC1001.dan2003.sample.domain.com'
domain_name : 'DAN2003'
pdc_name : 'SERVERDC1001'
user_name : ''
server_site : 'UK-Lanc-BH-LAN-Main'
client_site : ''
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
get_kdc_ip_string: Returning kdc = 10.80.8.88
create_local_private_krb5_conf_for_domain: wrote file
/var/cache/samba/smb_krb5/krb5.conf.DAN2003 with realm
DAN2003.SAMPLE.DOMAIN.COM KDC list = kdc = 10.80.8.88
sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM
internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20
(sitename (null))
name serverDC1001.dan2003.sample.domain.com#20 found.
remove_duplicate_addrs2: looking for duplicate address/port pairs
ads_try_connect: sending CLDAP request to 10.80.8.88 (realm:
dan2003.sample.domain.com)
&response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX
command : LOGON_SAM_LOGON_RESPONSE_EX (23)
sbz : 0x0000 (0)
server_type : 0x0000317c (12668)
0: NBT_SERVER_PDC
1: NBT_SERVER_GC
1: NBT_SERVER_LDAP
1: NBT_SERVER_DS
1: NBT_SERVER_KDC
1: NBT_SERVER_TIMESERV
0: NBT_SERVER_CLOSEST
1: NBT_SERVER_WRITABLE
0: NBT_SERVER_GOOD_TIMESERV
0: NBT_SERVER_NDNC
0: NBT_SERVER_SELECT_SECRET_DOMAIN_6
1: NBT_SERVER_FULL_SECRET_DOMAIN_6
1: NBT_SERVER_ADS_WEB_SERVICE
0: NBT_SERVER_HAS_DNS_NAME
0: NBT_SERVER_IS_DEFAULT_NC
0: NBT_SERVER_FOREST_ROOT
domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54
forest : 'sample.domain.com'
dns_domain : 'dan2003.sample.domain.com'
pdc_dns_name :
'SERVERDC1001.dan2003.sample.domain.com'
domain_name : 'DAN2003'
pdc_name : 'SERVERDC1001'
user_name : ''
server_site : 'UK-Lanc-BH-LAN-Main'
client_site : ''
sockaddr_size : 0x00 (0)
sockaddr: struct nbt_sockaddr
sockaddr_family : 0x00000000 (0)
pdc_ip : (null)
remaining : DATA_BLOB length=0
next_closest_site : NULL
nt_version : 0x00000005 (5)
1: NETLOGON_NT_VERSION_1
0: NETLOGON_NT_VERSION_5
1: NETLOGON_NT_VERSION_5EX
0: NETLOGON_NT_VERSION_5EX_WITH_IP
0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE
0: NETLOGON_NT_VERSION_AVOID_NT4EMUL
0: NETLOGON_NT_VERSION_PDC
0: NETLOGON_NT_VERSION_IP
0: NETLOGON_NT_VERSION_LOCAL
0: NETLOGON_NT_VERSION_GC
lmnt_token : 0xffff (65535)
lm20_token : 0xffff (65535)
sitename_store: deleting empty sitename!
Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003])
sitename_store: deleting empty sitename!
Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM])
Successfully contacted LDAP server 10.80.8.88
Opening connection to LDAP server
'SERVERDC1001.dan2003.sample.domain.com:389', timeout 15 seconds
Connected to LDAP server 'SERVERDC1001.dan2003.sample.domain.com:389'
Connected to LDAP server SERVERDC1001.dan2003.sample.domain.com
ads_sitename_match: no match between server: UK-Lanc-BH-LAN-Main and client:
NULL
ads_closest_dc: client belongs to no site
saf_store: domain = [DAN2003], server [SERVERDC1001.dan2003.sample.domain.com],
expire = [1429015386]
Did not store value for SAF/DOMAIN/DAN2003, we already got it
saf_store: domain = [dan2003.sample.domain.com], server
[SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386]
Did not store value for SAF/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM, we already got
it
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name not_defined_in_RFC4178 at
please_ignore
ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory)
ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling
kinit
kerberos_kinit_password: as SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM using
[MEMORY:net_ads] as ccache and config
[/var/cache/samba/smb_krb5/krb5.conf.DAN2003]
kerberos_kinit_password SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM failed: Cannot
contact any KDC for requested realm
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'DAN2003'
dns_domain_name : 'dan2003.sample.domain.com'
forest_name : 'sample.domain.com'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-73586283-854245398-682003330
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: Cannot
contact any KDC for requested realm'
domain_is_ad : 0x01 (1)
result : WERR_DEFAULT_JOIN_REQUIRED
Failed to join domain: failed to connect to AD: Cannot contact any KDC for
requested realm
return code = -1
myuser at myserver:~$
myuser at myserver:~$
myuser at myserver:~$
myuser at myserver:~$
--
View this message in context:
http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555.html
Sent from the Samba - General mailing list archive at Nabble.com.
Rowland Penny
2015-Apr-17 12:01 UTC
[Samba] Cannot join Ubuntu12.04 Samba 4.1.17 to domain
On 17/04/15 12:29, ivenhov wrote:> Hi all > > I'm desperate now. > > On one of the sites I cannot connect Ubuntu to Windows AD 2003. > Error below. > On exactly the same setup but on a different network and also on VirtualBox > VMs everything works as expected. > Looks like something on the network then or mission parameter. > Error is about KDC but I can successfully do kinit and get ticket. > I can also successfully run: > sudo net ads info > > Failing command: > > myuser at myserver:~$ sudo net ads join > createcomputer="MyStructure/Internal/Servers/UnManaged" -S > serverDC1001.dan2003.sample.domain.com -U SUPER-USER -d10 > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > Processing section "[global]" > doing parameter workgroup = DAN2003 > doing parameter realm = DAN2003.SAMPLE.DOMAIN.COM > doing parameter server string = MySpecial server %h > doing parameter security = ADS > doing parameter map to guest = Bad User > doing parameter obey pam restrictions = Yes > doing parameter pam password change = Yes > doing parameter passwd program = /usr/bin/passwd %u > doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > doing parameter unix password sync = Yes > doing parameter syslog = 0 > doing parameter log file = /var/log/samba/log.%m > doing parameter max log size = 1000 > doing parameter server max protocol = SMB2 > doing parameter min receivefile size = 13638 > doing parameter max xmit = 131072 > doing parameter socket options = TCP_NODELAY SO_RCVBUF=262144 > SO_SNDBUF=262144 IPTOS_LOWDELAY SO_KEEPALIVE > doing parameter load printers = No > doing parameter printcap name = /dev/null > doing parameter disable spoolss = Yes > doing parameter dns proxy = No > doing parameter usershare allow guests = Yes > doing parameter panic action = /usr/share/samba/panic-action %d > doing parameter template homedir = /dev/null > doing parameter template shell = /bin/true > doing parameter winbind enum users = Yes > doing parameter winbind enum groups = Yes > doing parameter winbind use default domain = Yes > doing parameter idmap config * : range = 100000-200000 > doing parameter idmap config * : backend = tdb > doing parameter aio read size = 1 > doing parameter aio write size = 1 > doing parameter aio write behind = true > doing parameter use sendfile = Yes > doing parameter write cache size = 12826144 > doing parameter printing = bsd > doing parameter print command = lpr -r -P'%p' %s > doing parameter lpq command = lpq -P'%p' > doing parameter lprm command = lprm -P'%p' %j > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="MYSERVER" > added interface bond0 ip=10.80.100.74 bcast=10.80.100.255 > netmask=255.255.255.0 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > Enter SUPER-USER's password: > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : > 'serverDC1001.dan2003.sample.domain.com' > machine_name : 'MYSERVER' > domain_name : * > domain_name : 'DAN2003.SAMPLE.DOMAIN.COM' > account_ou : > 'MyStructure/Internal/Servers/UnManaged' > admin_account : 'SUPER-USER' > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/cache/samba/gencache_notrans.tdb > sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM > internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20 > (sitename (null)) > name serverDC1001.dan2003.sample.domain.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Connecting to 10.80.8.88 at port 445 > Socket options: > SO_KEEPALIVE = 1 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 16 > IPTOS_THROUGHPUT = 16 > SO_SNDBUF = 262142 > SO_RCVBUF = 262142 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=120) > got OID=1.3.6.1.4.1.311.2.2.30 > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.2.840.113554.1.2.2.3 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > negotiate: struct NEGOTIATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmNegotiate (1) > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > DomainNameLen : 0x0008 (8) > DomainNameMaxLen : 0x0008 (8) > DomainName : * > DomainName : 'DAN2003' > WorkstationLen : 0x000e (14) > WorkstationMaxLen : 0x000e (14) > Workstation : * > Workstation : 'MYSERVER' > challenge: struct CHALLENGE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmChallenge (0x2) > TargetNameLen : 0x0010 (16) > TargetNameMaxLen : 0x0010 (16) > TargetName : * > TargetName : 'DAN2003' > NegotiateFlags : 0x62898215 (1653178901) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 1: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 1: NTLMSSP_NEGOTIATE_TARGET_INFO > 1: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > ServerChallenge : d19c394ddd43af69 > Reserved : 0000000000000000 > TargetInfoLen : 0x00da (218) > TargetNameInfoMaxLen : 0x00da (218) > TargetInfo : * > TargetInfo: struct AV_PAIR_LIST > count : 0x00000007 (7) > pair: ARRAY(7) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName (0x2) > AvLen : 0x0010 (16) > Value : union > ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'DAN2003' > pair: struct AV_PAIR > AvId : MsvAvNbComputerName (0x1) > AvLen : 0x0016 (22) > Value : union > ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SERVERDC1001' > pair: struct AV_PAIR > AvId : MsvAvDnsDomainName (0x4) > AvLen : 0x002e (46) > Value : union > ntlmssp_AvValue(case 0x4) > AvDnsDomainName : > 'dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvDnsComputerName > (0x3) > AvLen : 0x0046 (70) > Value : union > ntlmssp_AvValue(case 0x3) > AvDnsComputerName : > 'SERVERDC1001.dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvDnsTreeName (0x5) > AvLen : 0x001c (28) > Value : union > ntlmssp_AvValue(case 0x5) > AvDnsTreeName : 'sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvTimestamp (0x7) > AvLen : 0x0008 (8) > Value : union > ntlmssp_AvValue(case 0x7) > AvTimestamp : Tue Apr 14 12:28:04 2015 > UTC > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union > ntlmssp_AvValue(case 0x0) > Version: struct ntlmssp_VERSION > ProductMajorVersion : NTLMSSP_WINDOWS_MAJOR_VERSION_6 (0x6) > ProductMinorVersion : NTLMSSP_WINDOWS_MINOR_VERSION_1 (0x1) > ProductBuild : 0x1db1 (7601) > Reserved : 000000 > NTLMRevisionCurrent : NTLMSSP_REVISION_W2K3 (0xF) > Got challenge flags: > Got NTLMSSP neg_flags=0x62898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_VERSION > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > authenticate: struct AUTHENTICATE_MESSAGE > Signature : 'NTLMSSP' > MessageType : NtLmAuthenticate (3) > LmChallengeResponseLen : 0x0018 (24) > LmChallengeResponseMaxLen: 0x0018 (24) > LmChallengeResponse : * > LmChallengeResponse : union ntlmssp_LM_RESPONSE(case 24) > v1: struct LM_RESPONSE > Response : > de06e6edc8275e8aa58a9e95067f4cbc5bb6ac5b0279a515 > NtChallengeResponseLen : 0x0106 (262) > NtChallengeResponseMaxLen: 0x0106 (262) > NtChallengeResponse : * > NtChallengeResponse : union ntlmssp_NTLM_RESPONSE(case 262) > v2: struct NTLMv2_RESPONSE > Response : a5e98b1ba196aa8513fdbecb1a53a3ac > Challenge: struct NTLMv2_CLIENT_CHALLENGE > RespType : 0x01 (1) > HiRespType : 0x01 (1) > Reserved1 : 0x0000 (0) > Reserved2 : 0x00000000 (0) > TimeStamp : Tue Apr 14 12:28:03 2015 UTC > ChallengeFromClient : 1ca419ea47cceec3 > Reserved3 : 0x00000000 (0) > AvPairs: struct AV_PAIR_LIST > count : 0x00000007 (7) > pair: ARRAY(7) > pair: struct AV_PAIR > AvId : MsvAvNbDomainName > (0x2) > AvLen : 0x0010 (16) > Value : union > ntlmssp_AvValue(case 0x2) > AvNbDomainName : 'DAN2003' > pair: struct AV_PAIR > AvId : > MsvAvNbComputerName (0x1) > AvLen : 0x0016 (22) > Value : union > ntlmssp_AvValue(case 0x1) > AvNbComputerName : 'SERVERDC1001' > pair: struct AV_PAIR > AvId : > MsvAvDnsDomainName (0x4) > AvLen : 0x002e (46) > Value : union > ntlmssp_AvValue(case 0x4) > AvDnsDomainName : > 'dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : > MsvAvDnsComputerName (0x3) > AvLen : 0x0046 (70) > Value : union > ntlmssp_AvValue(case 0x3) > AvDnsComputerName : > 'SERVERDC1001.dan2003.sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvDnsTreeName > (0x5) > AvLen : 0x001c (28) > Value : union > ntlmssp_AvValue(case 0x5) > AvDnsTreeName : > 'sample.domain.com' > pair: struct AV_PAIR > AvId : MsvAvTimestamp > (0x7) > AvLen : 0x0008 (8) > Value : union > ntlmssp_AvValue(case 0x7) > AvTimestamp : Tue Apr 14 > 12:28:04 2015 UTC > pair: struct AV_PAIR > AvId : MsvAvEOL (0x0) > AvLen : 0x0000 (0) > Value : union > ntlmssp_AvValue(case 0x0) > DomainNameLen : 0x0000 (0) > DomainNameMaxLen : 0x0000 (0) > DomainName : * > DomainName : '' > UserNameLen : 0x0012 (18) > UserNameMaxLen : 0x0012 (18) > UserName : * > UserName : 'SUPER-USER' > WorkstationLen : 0x001c (28) > WorkstationMaxLen : 0x001c (28) > Workstation : * > Workstation : 'MYSERVER' > EncryptedRandomSessionKeyLen: 0x0010 (16) > EncryptedRandomSessionKeyMaxLen: 0x0010 (16) > EncryptedRandomSessionKey: * > EncryptedRandomSessionKey: DATA_BLOB length=16 > [0000] 48 09 D4 57 08 FC AD F2 DD B7 FB 1D 65 28 BC 8A H..W.... ....e(.. > NegotiateFlags : 0x60088215 (1611170325) > 1: NTLMSSP_NEGOTIATE_UNICODE > 0: NTLMSSP_NEGOTIATE_OEM > 1: NTLMSSP_REQUEST_TARGET > 1: NTLMSSP_NEGOTIATE_SIGN > 0: NTLMSSP_NEGOTIATE_SEAL > 0: NTLMSSP_NEGOTIATE_DATAGRAM > 0: NTLMSSP_NEGOTIATE_LM_KEY > 0: NTLMSSP_NEGOTIATE_NETWARE > 1: NTLMSSP_NEGOTIATE_NTLM > 0: NTLMSSP_NEGOTIATE_NT_ONLY > 0: NTLMSSP_ANONYMOUS > 0: NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED > 0: NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED > 0: NTLMSSP_NEGOTIATE_THIS_IS_LOCAL_CALL > 1: NTLMSSP_NEGOTIATE_ALWAYS_SIGN > 0: NTLMSSP_TARGET_TYPE_DOMAIN > 0: NTLMSSP_TARGET_TYPE_SERVER > 0: NTLMSSP_TARGET_TYPE_SHARE > 1: NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY > 0: NTLMSSP_NEGOTIATE_IDENTIFY > 0: NTLMSSP_REQUEST_NON_NT_SESSION_KEY > 0: NTLMSSP_NEGOTIATE_TARGET_INFO > 0: NTLMSSP_NEGOTIATE_VERSION > 1: NTLMSSP_NEGOTIATE_128 > 1: NTLMSSP_NEGOTIATE_KEY_EXCH > 0: NTLMSSP_NEGOTIATE_56 > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > cli_init_creds: user SUPER-USER domain > Bind RPC Pipe: host serverDC1001.dan2003.sample.domain.com auth_type 0, > auth_level 1 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND (11) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0048 (72) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 11) > bind: struct dcerpc_bind > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00000000 (0) > num_contexts : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ctx_list > context_id : 0x0000 (0) > num_transfer_syntaxes : 0x01 (1) > abstract_syntax: struct ndr_syntax_id > uuid : > 12345778-1234-abcd-ef00-0123456789ab > if_version : 0x00000000 (0) > transfer_syntaxes: ARRAY(1) > transfer_syntaxes: struct ndr_syntax_id > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=72, this_data=72, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 52 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_BIND_ACK (12) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0044 (68) > auth_length : 0x0000 (0) > call_id : 0x00000001 (1) > u : union dcerpc_payload(case 12) > bind_ack: struct dcerpc_bind_ack > max_xmit_frag : 0x10b8 (4280) > max_recv_frag : 0x10b8 (4280) > assoc_group_id : 0x00069674 (431732) > secondary_address_size : 0x000c (12) > secondary_address : '\pipe\lsass' > _pad1 : DATA_BLOB length=2 > [0000] 71 71 qq > num_results : 0x01 (1) > ctx_list: ARRAY(1) > ctx_list: struct dcerpc_ack_ctx > result : 0x0000 (0) > reason : 0x0000 (0) > syntax: struct ndr_syntax_id > uuid : > 8a885d04-1ceb-11c9-9fe8-08002b104860 > if_version : 0x00000002 (2) > auth_info : DATA_BLOB length=0 > rpc_api_pipe: got frag len of 68 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 68 bytes. > check_bind_response: accepted! > cli_rpc_pipe_open_noauth: opened pipe \lsarpc to machine > serverDC1001.dan2003.sample.domain.com and bound anonymously. > lsa_OpenPolicy: struct lsa_OpenPolicy > in: struct lsa_OpenPolicy > system_name : * > system_name : 0x005c (92) > attr : * > attr: struct lsa_ObjectAttribute > len : 0x00000018 (24) > root_dir : NULL > object_name : NULL > attributes : 0x00000000 (0) > sec_desc : NULL > sec_qos : * > sec_qos: struct lsa_QosInfo > len : 0x0000000c (12) > impersonation_level : 0x0002 (2) > context_mode : 0x01 (1) > effective_only : 0x00 (0) > access_mask : 0x02000000 (33554432) > 0: LSA_POLICY_VIEW_LOCAL_INFORMATION > 0: LSA_POLICY_VIEW_AUDIT_INFORMATION > 0: LSA_POLICY_GET_PRIVATE_INFORMATION > 0: LSA_POLICY_TRUST_ADMIN > 0: LSA_POLICY_CREATE_ACCOUNT > 0: LSA_POLICY_CREATE_SECRET > 0: LSA_POLICY_CREATE_PRIVILEGE > 0: LSA_POLICY_SET_DEFAULT_QUOTA_LIMITS > 0: LSA_POLICY_SET_AUDIT_REQUIREMENTS > 0: LSA_POLICY_AUDIT_LOG_ADMIN > 0: LSA_POLICY_SERVER_ADMIN > 0: LSA_POLICY_LOOKUP_NAMES > 0: LSA_POLICY_NOTIFICATION > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x0000002c (44) > context_id : 0x0000 (0) > opnum : 0x0006 (6) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=68, this_data=68, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000002 (2) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 7E 29 EA FB 47 80 8A 49 9C 2F 88 A6 ....~).. G..I./.. > [0010] 65 A8 5D 72 00 00 00 00 e.]r.... > Got pdu len 48, data_len 24, ss_len 0 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes. > lsa_OpenPolicy: struct lsa_OpenPolicy > out: struct lsa_OpenPolicy > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > fbea297e-8047-498a-9c2f-88a665a85d72 > result : NT_STATUS_OK > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > in: struct lsa_QueryInfoPolicy2 > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > fbea297e-8047-498a-9c2f-88a665a85d72 > level : LSA_POLICY_INFO_DNS (12) > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000016 (22) > context_id : 0x0000 (0) > opnum : 0x002e (46) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=46, this_data=46, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 220 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x00ec (236) > auth_length : 0x0000 (0) > call_id : 0x00000003 (3) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x000000d4 (212) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=212 > [0000] 00 00 02 00 0C 00 00 00 10 00 12 00 04 00 02 00 ........ ........ > [0010] 2E 00 30 00 08 00 02 00 1C 00 1E 00 0C 00 02 00 ..0..... ........ > [0020] 72 C5 DE 51 A1 3A D6 45 AA C3 E3 27 E8 31 0B 54 r..Q.:.E ...'.1.T > [0030] 10 00 02 00 09 00 00 00 00 00 00 00 08 00 00 00 ........ ........ > [0040] 4E 00 41 00 54 00 49 00 4F 00 4E 00 41 00 4C 00 N.A.T.I. O.N.A.L. > [0050] 18 00 00 00 00 00 00 00 17 00 00 00 6E 00 61 00 ........ ....n.a. > [0060] 74 00 69 00 6F 00 6E 00 61 00 6C 00 2E 00 63 00 t.i.o.n. a.l...c. > [0070] 6F 00 72 00 65 00 2E 00 62 00 62 00 63 00 2E 00 o.r.e... b.b.c... > [0080] 63 00 6F 00 2E 00 75 00 6B 00 00 00 0F 00 00 00 c.o...u. k....... > [0090] 00 00 00 00 0E 00 00 00 63 00 6F 00 72 00 65 00 ........ c.o.r.e. > [00A0] 2E 00 62 00 62 00 63 00 2E 00 63 00 6F 00 2E 00 ..b.b.c. ..c.o... > [00B0] 75 00 6B 00 04 00 00 00 01 04 00 00 00 00 00 05 u.k..... ........ > [00C0] 15 00 00 00 6B D6 62 04 16 C0 EA 32 82 8B A6 28 ....k.b. ...2...( > [00D0] 00 00 00 00 .... > Got pdu len 236, data_len 212, ss_len 0 > rpc_api_pipe: got frag len of 236 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 212 > bytes. > lsa_QueryInfoPolicy2: struct lsa_QueryInfoPolicy2 > out: struct lsa_QueryInfoPolicy2 > info : * > info : * > info : union > lsa_PolicyInformation(case 12) > dns: struct lsa_DnsDomainInfo > name: struct lsa_StringLarge > length : 0x0010 (16) > size : 0x0012 (18) > string : * > string : 'DAN2003' > dns_domain: struct lsa_StringLarge > length : 0x002e (46) > size : 0x0030 (48) > string : * > string : > 'dan2003.sample.domain.com' > dns_forest: struct lsa_StringLarge > length : 0x001c (28) > size : 0x001e (30) > string : * > string : > 'sample.domain.com' > domain_guid : > 51dec572-3aa1-45d6-aac3-e327e8310b54 > sid : * > sid : > S-1-5-21-73586283-854245398-682003330 > result : NT_STATUS_OK > lsa_Close: struct lsa_Close > in: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > fbea297e-8047-498a-9c2f-88a665a85d72 > &r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_REQUEST (0) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0018 (24) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 0) > request: struct dcerpc_request > alloc_hint : 0x00000014 (20) > context_id : 0x0000 (0) > opnum : 0x0000 (0) > object : union dcerpc_object(case 0) > empty: struct dcerpc_empty > _pad : DATA_BLOB length=0 > stub_and_verifier : DATA_BLOB length=0 > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com > num_setup=2, max_setup=0, param_total=0, this_param=0, max_param=0, > data_total=44, this_data=44, max_data=4280, param_offset=84, param_pad=2, > param_disp=0, data_offset=84, data_pad=0, data_disp=0 > rpc_read_send: data_to_read: 32 > r: struct ncacn_packet > rpc_vers : 0x05 (5) > rpc_vers_minor : 0x00 (0) > ptype : DCERPC_PKT_RESPONSE (2) > pfc_flags : 0x03 (3) > drep: ARRAY(4) > [0] : 0x10 (16) > [1] : 0x00 (0) > [2] : 0x00 (0) > [3] : 0x00 (0) > frag_length : 0x0030 (48) > auth_length : 0x0000 (0) > call_id : 0x00000004 (4) > u : union dcerpc_payload(case 2) > response: struct dcerpc_response > alloc_hint : 0x00000018 (24) > context_id : 0x0000 (0) > cancel_count : 0x00 (0) > _pad : DATA_BLOB length=1 > [0000] 00 . > stub_and_verifier : DATA_BLOB length=24 > [0000] 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ ........ > [0010] 00 00 00 00 00 00 00 00 ........ > Got pdu len 48, data_len 24, ss_len 0 > rpc_api_pipe: got frag len of 48 at offset 0: NT_STATUS_OK > rpc_api_pipe: host serverDC1001.dan2003.sample.domain.com returned 24 bytes. > lsa_Close: struct lsa_Close > out: struct lsa_Close > handle : * > handle: struct policy_handle > handle_type : 0x00000000 (0) > uuid : > 00000000-0000-0000-0000-000000000000 > result : NT_STATUS_OK > create_local_private_krb5_conf_for_domain: fname > /var/cache/samba/smb_krb5/krb5.conf.DAN2003, realm > dan2003.sample.domain.com, domain = DAN2003 > saf_fetch: Returning "SERVERDC1001.dan2003.sample.domain.com" for > "dan2003.sample.domain.com" domain > get_dc_list: preferred server list: "SERVERDC1001.dan2003.sample.domain.com, > *" > internal_resolve_name: looking up dan2003.sample.domain.com#1c (sitename > (null)) > name dan2003.sample.domain.com#1C found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > Adding 11 DC's from auto lookup > sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM > internal_resolve_name: looking up SERVERDC1001.dan2003.sample.domain.com#20 > (sitename (null)) > name SERVERDC1001.dan2003.sample.domain.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.80.8.88 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.124.23.5 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.184.32.187 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.161.8.2 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.184.32.58 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.84.136.29 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.80.8.88 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.52.69.202 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.76.8.118 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.94.76.240 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.72.136.53 > check_negative_conn_cache returning result 0 for domain > dan2003.sample.domain.com server 10.68.140.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 11 ip addresses in an ordered list > get_dc_list: 10.80.8.88:389 10.124.23.5:389 10.184.32.187:389 10.161.8.2:389 > 10.184.32.58:389 10.84.136.29:389 10.52.69.202:389 10.76.8.118:389 > 10.94.76.240:389 10.72.136.53:389 10.68.140.2:389 > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000317c (12668) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 0: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54 > forest : 'sample.domain.com' > dns_domain : 'dan2003.sample.domain.com' > pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com' > domain_name : 'DAN2003' > pdc_name : 'SERVERDC1001' > user_name : '' > server_site : 'UK-Lanc-BH-LAN-Main' > client_site : '' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > get_kdc_ip_string: Returning kdc = 10.80.8.88 > > create_local_private_krb5_conf_for_domain: wrote file > /var/cache/samba/smb_krb5/krb5.conf.DAN2003 with realm > DAN2003.SAMPLE.DOMAIN.COM KDC list = kdc = 10.80.8.88 > > sitename_fetch: No stored sitename for DAN2003.SAMPLE.DOMAIN.COM > internal_resolve_name: looking up serverDC1001.dan2003.sample.domain.com#20 > (sitename (null)) > name serverDC1001.dan2003.sample.domain.com#20 found. > remove_duplicate_addrs2: looking for duplicate address/port pairs > ads_try_connect: sending CLDAP request to 10.80.8.88 (realm: > dan2003.sample.domain.com) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x0000317c (12668) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 0: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 0: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 1: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 51dec572-3aa1-45d6-aac3-e327e8310b54 > forest : 'sample.domain.com' > dns_domain : 'dan2003.sample.domain.com' > pdc_dns_name : 'SERVERDC1001.dan2003.sample.domain.com' > domain_name : 'DAN2003' > pdc_name : 'SERVERDC1001' > user_name : '' > server_site : 'UK-Lanc-BH-LAN-Main' > client_site : '' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > sitename_store: deleting empty sitename! > Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003]) > sitename_store: deleting empty sitename! > Deleting cache entry (key=[AD_SITENAME/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM]) > Successfully contacted LDAP server 10.80.8.88 > Opening connection to LDAP server > 'SERVERDC1001.dan2003.sample.domain.com:389', timeout 15 seconds > Connected to LDAP server 'SERVERDC1001.dan2003.sample.domain.com:389' > Connected to LDAP server SERVERDC1001.dan2003.sample.domain.com > ads_sitename_match: no match between server: UK-Lanc-BH-LAN-Main and client: > NULL > ads_closest_dc: client belongs to no site > saf_store: domain = [DAN2003], server > [SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386] > Did not store value for SAF/DOMAIN/DAN2003, we already got it > saf_store: domain = [dan2003.sample.domain.com], server > [SERVERDC1001.dan2003.sample.domain.com], expire = [1429015386] > Did not store value for SAF/DOMAIN/DAN2003.SAMPLE.DOMAIN.COM, we already got > it > KDC time offset is 0 seconds > Found SASL mechanism GSS-SPNEGO > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 > ads_sasl_spnego_bind: got server principal name > not_defined_in_RFC4178 at please_ignore > ads_krb5_mk_req: krb5_cc_get_principal failed (No such file or directory) > ads_sasl_spnego_krb5_bind failed with: No such file or directory, calling > kinit > kerberos_kinit_password: as SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM using > [MEMORY:net_ads] as ccache and config > [/var/cache/samba/smb_krb5/krb5.conf.DAN2003] > kerberos_kinit_password SUPER-USER at DAN2003.SAMPLE.DOMAIN.COM failed: Cannot > contact any KDC for requested realm > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'DAN2003' > dns_domain_name : 'dan2003.sample.domain.com' > forest_name : 'sample.domain.com' > dn : NULL > domain_sid : * > domain_sid : > S-1-5-21-73586283-854245398-682003330 > modified_config : 0x00 (0) > error_string : 'failed to connect to AD: Cannot > contact any KDC for requested realm' > domain_is_ad : 0x01 (1) > result : WERR_DEFAULT_JOIN_REQUIRED > Failed to join domain: failed to connect to AD: Cannot contact any KDC for > requested realm > return code = -1 > myuser at myserver:~$ > myuser at myserver:~$ > myuser at myserver:~$ > myuser at myserver:~$ > > > > > -- > View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555.html > Sent from the Samba - General mailing list archive at Nabble.com.OK, what have you got in /etc/krb5.conf ? Does /etc/resolv.conf point to the AD DC ? Have you turned off dnsmasq in NetworkManager ? We will come to what you shouldn't have in smb.conf once you have joined the domain. Rowland
Hi Rowland I don't have krb5.conf at hand at the moment but I've checked it multiple times and I think is OK since I can get ticket via kinit. resolv.conf points to my DNS I can resolve AD hostname via host serverDC1001.dan2003.sample.domain.com and via host 10.80.8.88 Regarding NetworkManager, my machine is a headless server so dnsmasq does not apply I guess? Bit of a back story Initially I had Samba 3.6 on that machine and it was joined to the domain, then removed from domain. I've done disk backup of it, then put Samba Sernet 4.1.17 on it and attempted to joined which fails. After 2 days of struggle I rolled back to the snapshot 3.6 issues join command and it worked. I haven't changed config files between versions Thanks for any suggestions. D. -- View this message in context: http://samba.2283325.n4.nabble.com/Cannot-join-Ubuntu12-04-Samba-4-1-17-to-domain-tp4684555p4684559.html Sent from the Samba - General mailing list archive at Nabble.com.
Seemingly Similar Threads
- Cannot join Ubuntu12.04 Samba 4.1.17 to domain
- not able to connect to windows machine
- Debian Jessie joining AD as member fails with "The object name is not found."
- Debian Jessie joining AD as member fails with "The object name is not found."
- Problem with SPNEGO on full trust 2016 DC <> Samba 4.10.7 AD