Daniel Carrasco Marín
2015-Apr-25 12:27 UTC
[Samba] I can't join the new AD server with Samba4
Hi, I'm sorry for my english.
i've migrated an old 3.6 samba domain to Samba 4.1 and the windows part is
working fine (i can join and manage the server from a Windows Machine), but
when I try to join the domain from another linux server it fails.
I've followed this guide to migrate:
https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
and this for join:
https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
Mi config file looks like the guide and the join command shows:
-----------------------------------------------------------------------
-----------------------------------------------------------------------
# net ads join -UAdministrator -d 5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
params.c:Parameter() - Ignoring badly formed line in configuration file:
rfc2307[global]
doing parameter security = domain
doing parameter workgroup = TTU
doing parameter realm = ttu.red
doing parameter wins server = 192.168.2.251
doing parameter server role = standalone server
doing parameter passdb backend = tdbsam
doing parameter domain master = no
doing parameter server string = Print Server
doing parameter encrypt passwords = yes
doing parameter winbind nss info = rfc2307
doing parameter winbind enum users = Yes
doing parameter winbind enum groups = Yes
doing parameter winbind use default domain = Yes
doing parameter winbind refresh tickets = Yes
doing parameter winbind normalize names = yes
doing parameter idmap config TTU : backend = ad
doing parameter idmap config * : backend = tdb
doing parameter idmap config * : range = 1000-20000000
pm_process() returned Yes
Netbios name list:-
my_netbios_names[0]="GLOTON"
added interface eth1 ip=172.30.0.230 bcast=172.30.0.255
netmask=255.255.255.0
added interface eth0 ip=192.168.2.230 bcast=192.168.2.255
netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Enter Administrator's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'GLOTON'
domain_name : *
domain_name : 'TTU.RED'
account_ou : NULL
admin_account : 'Administrator'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
ads_dns_lookup_srv: 1 records returned in the answer section.
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
no entry for pdc.ttu.red#20 found.
resolve_lmhosts: Attempting lmhosts lookup for name pdc.ttu.red<0x20>
resolve_lmhosts: Attempting lmhosts lookup for name pdc.ttu.red<0x20>
startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No
existe el fichero o el directorio
wins_srv_is_dead: 192.168.2.251 is alive
resolve_wins: using WINS server 192.168.2.251 and tag '*'
samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fcb85f853b0] mpx_fde[(nil)]
fd[13] - disabling
wins_srv_is_dead: 192.168.2.251 is alive
Marking wins server 192.168.2.251 dead for 600 seconds from source
192.168.2.251
resolve_hosts: Attempting host lookup for name pdc.ttu.red<0x20>
namecache_store: storing 1 address for pdc.ttu.red#20: 192.168.2.251
Connecting to 192.168.2.251 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 24040
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 168
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
saf_fetch[join]: Returning "pdc.ttu.red" for "ttu.red"
domain
get_dc_list: preferred server list: "pdc.ttu.red, *"
no entry for ttu.red#1C found.
resolve_ads: Attempting to resolve KDCs for ttu.red using DNS
ads_dns_lookup_srv: 1 records returned in the answer section.
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
name pdc.ttu.red#20 found.
get_dc_list: returning 2 ip addresses in an ordered list
get_dc_list: 192.168.2.251:0 192.168.2.251:88
create_local_private_krb5_conf_for_domain: wrote file
/var/run/samba/smb_krb5/krb5.conf.TTU with realm TTU.RED KDC list kdc =
192.168.2.251
Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 40
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 44
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 12
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 12
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
name pdc.ttu.red#20 found.
ads_try_connect: sending CLDAP request to 192.168.2.251 (realm: ttu.red)
Successfully contacted LDAP server 192.168.2.251
Connected to LDAP server pdc.ttu.red
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name not_defined_in_RFC4178 at
please_ignore
ads_krb5_mk_req: krb5_cc_get_principal failed (No existe el fichero o el
directorio)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration dom,
26 abr 2015 00:04:50 CEST
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'TTU'
dns_domain_name : 'ttu.red'
forest_name : 'ttu.red'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-127850397-371183867-665961664
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: Invalid
credentials'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
Failed to join domain: failed to connect to AD: Invalid credentials
return code = -1
-----------------------------------------------------------------------
-----------------------------------------------------------------------
I've tried commands like:
smbclient -L 192.168.2.251 -U%
kinit administrator@ <administrator at CASA.RED>TTU.RED
klist -c
All are workign.
I've tried to create a test domain instead upgrade, with same config and
join ads is working... ?can be the upgrade progress?
Thanks!!
On 25/04/15 13:27, Daniel Carrasco Mar?n wrote:> Hi, I'm sorry for my english. > > i've migrated an old 3.6 samba domain to Samba 4.1 and the windows part is > working fine (i can join and manage the server from a Windows Machine), but > when I try to join the domain from another linux server it fails. > > I've followed this guide to migrate: > https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29 > > and this for join: > https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server > > Mi config file looks like the guideFrom what you have posted, your smb.conf doesn't seem to look anything like the one on the member server page: [global] security = domain workgroup = TTU realm = ttu.red wins server = 192.168.2.251 server role = standalone server passdb backend = tdbsam domain master = no server string = Print Server encrypt passwords = yes winbind nss info = rfc2307 winbind enum users = Yes winbind enum groups = Yes winbind use default domain = Yes winbind refresh tickets = Yes winbind normalize names = yes idmap config TTU : backend = ad idmap config * : backend = tdb idmap config * : range = 1000-20000000 There is also this: params.c:Parameter() - Ignoring badly formed line in configuration file: rfc2307 Rowland> and the join command shows: > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > # net ads join -UAdministrator -d 5 > INFO: Current debug levels: > all: 5 > tdb: 5 > printdrivers: 5 > lanman: 5 > smb: 5 > rpc_parse: 5 > rpc_srv: 5 > rpc_cli: 5 > passdb: 5 > sam: 5 > auth: 5 > winbind: 5 > vfs: 5 > idmap: 5 > quota: 5 > acls: 5 > locking: 5 > msdfs: 5 > dmapi: 5 > registry: 5 > scavenger: 5 > dns: 5 > ldb: 5 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 5 > tdb: 5 > printdrivers: 5 > lanman: 5 > smb: 5 > rpc_parse: 5 > rpc_srv: 5 > rpc_cli: 5 > passdb: 5 > sam: 5 > auth: 5 > winbind: 5 > vfs: 5 > idmap: 5 > quota: 5 > acls: 5 > locking: 5 > msdfs: 5 > dmapi: 5 > registry: 5 > scavenger: 5 > dns: 5 > ldb: 5 > params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" > params.c:Parameter() - Ignoring badly formed line in configuration file: > rfc2307[global] > doing parameter security = domain > doing parameter workgroup = TTU > doing parameter realm = ttu.red > doing parameter wins server = 192.168.2.251 > doing parameter server role = standalone server > doing parameter passdb backend = tdbsam > doing parameter domain master = no > doing parameter server string = Print Server > doing parameter encrypt passwords = yes > doing parameter winbind nss info = rfc2307 > doing parameter winbind enum users = Yes > doing parameter winbind enum groups = Yes > doing parameter winbind use default domain = Yes > doing parameter winbind refresh tickets = Yes > doing parameter winbind normalize names = yes > doing parameter idmap config TTU : backend = ad > doing parameter idmap config * : backend = tdb > doing parameter idmap config * : range = 1000-20000000 > pm_process() returned Yes > Netbios name list:- > my_netbios_names[0]="GLOTON" > added interface eth1 ip=172.30.0.230 bcast=172.30.0.255 > netmask=255.255.255.0 > added interface eth0 ip=192.168.2.230 bcast=192.168.2.255 > netmask=255.255.255.0 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > Enter Administrator's password: > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'GLOTON' > domain_name : * > domain_name : 'TTU.RED' > account_ou : NULL > admin_account : 'Administrator' > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x00 (0) > secure_channel_type : SEC_CHAN_WKSTA (2) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/run/samba/gencache_notrans.tdb > sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name" > ads_dns_lookup_srv: 1 records returned in the answer section. > sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name" > no entry for pdc.ttu.red#20 found. > resolve_lmhosts: Attempting lmhosts lookup for name pdc.ttu.red<0x20> > resolve_lmhosts: Attempting lmhosts lookup for name pdc.ttu.red<0x20> > startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was No > existe el fichero o el directorio > wins_srv_is_dead: 192.168.2.251 is alive > resolve_wins: using WINS server 192.168.2.251 and tag '*' > samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fcb85f853b0] mpx_fde[(nil)] > fd[13] - disabling > wins_srv_is_dead: 192.168.2.251 is alive > Marking wins server 192.168.2.251 dead for 600 seconds from source > 192.168.2.251 > resolve_hosts: Attempting host lookup for name pdc.ttu.red<0x20> > namecache_store: storing 1 address for pdc.ttu.red#20: 192.168.2.251 > Connecting to 192.168.2.251 at port 445 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_SNDBUF = 24040 > SO_RCVBUF = 87380 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=96) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > Got challenge flags: > Got NTLMSSP neg_flags=0x60898215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_TARGET_INFO > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP: Set final flags: > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > NTLMSSP Sign/Seal - Initialising with flags: > Got NTLMSSP neg_flags=0x60088215 > NTLMSSP_NEGOTIATE_UNICODE > NTLMSSP_REQUEST_TARGET > NTLMSSP_NEGOTIATE_SIGN > NTLMSSP_NEGOTIATE_NTLM > NTLMSSP_NEGOTIATE_ALWAYS_SIGN > NTLMSSP_NEGOTIATE_NTLM2 > NTLMSSP_NEGOTIATE_128 > NTLMSSP_NEGOTIATE_KEY_EXCH > Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 52 > check_bind_response: accepted! > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 168 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > saf_fetch[join]: Returning "pdc.ttu.red" for "ttu.red" domain > get_dc_list: preferred server list: "pdc.ttu.red, *" > no entry for ttu.red#1C found. > resolve_ads: Attempting to resolve KDCs for ttu.red using DNS > ads_dns_lookup_srv: 1 records returned in the answer section. > sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name" > name pdc.ttu.red#20 found. > get_dc_list: returning 2 ip addresses in an ordered list > get_dc_list: 192.168.2.251:0 192.168.2.251:88 > create_local_private_krb5_conf_for_domain: wrote file > /var/run/samba/smb_krb5/krb5.conf.TTU with realm TTU.RED KDC list > kdc = 192.168.2.251 > > Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 52 > check_bind_response: accepted! > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 40 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 44 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 12 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 12 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > rpc_api_pipe: host pdc.ttu.red > rpc_read_send: data_to_read: 32 > check lock order 1 for /var/lib/samba/private/secrets.tdb > release lock order 1 for /var/lib/samba/private/secrets.tdb > check lock order 1 for /var/lib/samba/private/secrets.tdb > release lock order 1 for /var/lib/samba/private/secrets.tdb > check lock order 1 for /var/lib/samba/private/secrets.tdb > release lock order 1 for /var/lib/samba/private/secrets.tdb > check lock order 1 for /var/lib/samba/private/secrets.tdb > release lock order 1 for /var/lib/samba/private/secrets.tdb > check lock order 1 for /var/lib/samba/private/secrets.tdb > release lock order 1 for /var/lib/samba/private/secrets.tdb > sitename_fetch: Returning sitename for TTU.RED: "Default-First-Site-Name" > name pdc.ttu.red#20 found. > ads_try_connect: sending CLDAP request to 192.168.2.251 (realm: ttu.red) > Successfully contacted LDAP server 192.168.2.251 > Connected to LDAP server pdc.ttu.red > KDC time offset is 0 seconds > Found SASL mechanism GSS-SPNEGO > ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 > ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 > ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 > ads_sasl_spnego_bind: got server principal name > not_defined_in_RFC4178 at please_ignore > ads_krb5_mk_req: krb5_cc_get_principal failed (No existe el fichero o el > directorio) > ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration dom, > 26 abr 2015 00:04:50 CEST > kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : 'TTU' > dns_domain_name : 'ttu.red' > forest_name : 'ttu.red' > dn : NULL > domain_sid : * > domain_sid : > S-1-5-21-127850397-371183867-665961664 > modified_config : 0x00 (0) > error_string : 'failed to connect to AD: Invalid > credentials' > domain_is_ad : 0x01 (1) > result : WERR_GENERAL_FAILURE > Failed to join domain: failed to connect to AD: Invalid credentials > return code = -1 > ----------------------------------------------------------------------- > ----------------------------------------------------------------------- > > I've tried commands like: > smbclient -L 192.168.2.251 -U% > kinit administrator@ <administrator at CASA.RED>TTU.RED > klist -c > > All are workign. > I've tried to create a test domain instead upgrade, with same config and > join ads is working... ?can be the upgrade progress? > > Thanks!!
Daniel Carrasco Marín
2015-Apr-25 13:02 UTC
[Samba] I can't join the new AD server with Samba4
Sorry, I forgot to revert another test i did, but the result is the same:
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
sudo net ads join -U "Administrator" -d 5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
scavenger: 5
dns: 5
ldb: 5
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
Processing section "[global]"
doing parameter workgroup = TTU
doing parameter security = ADS
doing parameter realm = TTU.RED
doing parameter dedicated keytab file = /etc/krb5.keytab
doing parameter kerberos method = secrets and keytab
doing parameter idmap config *:backend = tdb
doing parameter idmap config *:range = 2000-9999
doing parameter idmap config TTU:backend = ad
doing parameter idmap config TTU:schema_mode = rfc2307
doing parameter idmap config TTU:range = 10000-99999
doing parameter winbind nss info = rfc2307
doing parameter winbind trusted domains only = no
doing parameter winbind use default domain = yes
doing parameter winbind enum users = yes
doing parameter winbind enum groups = yes
doing parameter winbind refresh tickets = Yes
doing parameter winbind expand groups = 4
doing parameter winbind normalize names = Yes
doing parameter domain master = no
doing parameter local master = no
doing parameter vfs objects = acl_xattr
doing parameter map acl inherit = Yes
doing parameter store dos attributes = Yes
pm_process() returned Yes
Netbios name list:-
my_netbios_names[0]="GLOTON"
added interface eth1 ip=172.30.0.230 bcast=172.30.0.255
netmask=255.255.255.0
added interface eth0 ip=192.168.2.230 bcast=192.168.2.255
netmask=255.255.255.0
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
Enter Administrator's password:
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'GLOTON'
domain_name : *
domain_name : 'TTU.RED'
account_ou : NULL
admin_account : 'Administrator'
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
ads_dns_lookup_srv: 1 records returned in the answer section.
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
name pdc.ttu.red#20 found.
Connecting to 192.168.2.251 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 24040
SO_RCVBUF = 87380
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=96)
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178 at please_ignore
Got challenge flags:
Got NTLMSSP neg_flags=0x60898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 168
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
saf_fetch[join]: Returning "pdc.ttu.red" for "ttu.red"
domain
get_dc_list: preferred server list: "pdc.ttu.red, *"
name ttu.red#1C found.
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
name pdc.ttu.red#20 found.
get_dc_list: returning 1 ip addresses in an ordered list
get_dc_list: 192.168.2.251:389
create_local_private_krb5_conf_for_domain: wrote file
/var/run/samba/smb_krb5/krb5.conf.TTU with realm TTU.RED KDC list kdc =
192.168.2.251
Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 52
check_bind_response: accepted!
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 40
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 44
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 12
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 12
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
rpc_api_pipe: host pdc.ttu.red
rpc_read_send: data_to_read: 32
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
check lock order 1 for /var/lib/samba/private/secrets.tdb
release lock order 1 for /var/lib/samba/private/secrets.tdb
sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
name pdc.ttu.red#20 found.
ads_try_connect: sending CLDAP request to 192.168.2.251 (realm: ttu.red)
Successfully contacted LDAP server 192.168.2.251
Connected to LDAP server pdc.ttu.red
KDC time offset is 0 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
ads_sasl_spnego_bind: got server principal name not_defined_in_RFC4178 at
please_ignore
ads_krb5_mk_req: krb5_cc_get_principal failed (No existe el fichero o el
directorio)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration dom,
26 abr 2015 00:59:09 CEST
kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid credentials
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : 'TTU'
dns_domain_name : 'ttu.red'
forest_name : 'ttu.red'
dn : NULL
domain_sid : *
domain_sid :
S-1-5-21-127850397-371183867-665961664
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: Invalid
credentials'
domain_is_ad : 0x01 (1)
result : WERR_GENERAL_FAILURE
Failed to join domain: failed to connect to AD: Invalid credentials
return code = -1
---------------------------------------------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------------------------------------------
Greetings!!
2015-04-25 14:52 GMT+02:00 Rowland Penny <rowlandpenny at googlemail.com>:
> On 25/04/15 13:27, Daniel Carrasco Mar?n wrote:
>
>> Hi, I'm sorry for my english.
>>
>> i've migrated an old 3.6 samba domain to Samba 4.1 and the windows
part is
>> working fine (i can join and manage the server from a Windows Machine),
>> but
>> when I try to join the domain from another linux server it fails.
>>
>> I've followed this guide to migrate:
>>
>>
https://wiki.samba.org/index.php/Samba_Classic_Upgrade_%28NT4-style_domain_to_AD%29
>>
>> and this for join:
>> https://wiki.samba.org/index.php/Setup_a_Samba_AD_Member_Server
>>
>> Mi config file looks like the guide
>>
>
> From what you have posted, your smb.conf doesn't seem to look anything
> like the one on the member server page:
>
> [global]
> security = domain
> workgroup = TTU
> realm = ttu.red
> wins server = 192.168.2.251
> server role = standalone server
> passdb backend = tdbsam
> domain master = no
> server string = Print Server
> encrypt passwords = yes
> winbind nss info = rfc2307
> winbind enum users = Yes
> winbind enum groups = Yes
> winbind use default domain = Yes
> winbind refresh tickets = Yes
> winbind normalize names = yes
> idmap config TTU : backend = ad
> idmap config * : backend = tdb
> idmap config * : range = 1000-20000000
>
> There is also this:
>
> params.c:Parameter() - Ignoring badly formed line in configuration file:
> rfc2307
>
> Rowland
>
>
> and the join command shows:
>> -----------------------------------------------------------------------
>> -----------------------------------------------------------------------
>> # net ads join -UAdministrator -d 5
>> INFO: Current debug levels:
>> all: 5
>> tdb: 5
>> printdrivers: 5
>> lanman: 5
>> smb: 5
>> rpc_parse: 5
>> rpc_srv: 5
>> rpc_cli: 5
>> passdb: 5
>> sam: 5
>> auth: 5
>> winbind: 5
>> vfs: 5
>> idmap: 5
>> quota: 5
>> acls: 5
>> locking: 5
>> msdfs: 5
>> dmapi: 5
>> registry: 5
>> scavenger: 5
>> dns: 5
>> ldb: 5
>> lp_load_ex: refreshing parameters
>> Initialising global parameters
>> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit
(16384)
>> INFO: Current debug levels:
>> all: 5
>> tdb: 5
>> printdrivers: 5
>> lanman: 5
>> smb: 5
>> rpc_parse: 5
>> rpc_srv: 5
>> rpc_cli: 5
>> passdb: 5
>> sam: 5
>> auth: 5
>> winbind: 5
>> vfs: 5
>> idmap: 5
>> quota: 5
>> acls: 5
>> locking: 5
>> msdfs: 5
>> dmapi: 5
>> registry: 5
>> scavenger: 5
>> dns: 5
>> ldb: 5
>> params.c:pm_process() - Processing configuration file
>> "/etc/samba/smb.conf"
>> params.c:Parameter() - Ignoring badly formed line in configuration
file:
>> rfc2307[global]
>> doing parameter security = domain
>> doing parameter workgroup = TTU
>> doing parameter realm = ttu.red
>> doing parameter wins server = 192.168.2.251
>> doing parameter server role = standalone server
>> doing parameter passdb backend = tdbsam
>> doing parameter domain master = no
>> doing parameter server string = Print Server
>> doing parameter encrypt passwords = yes
>> doing parameter winbind nss info = rfc2307
>> doing parameter winbind enum users = Yes
>> doing parameter winbind enum groups = Yes
>> doing parameter winbind use default domain = Yes
>> doing parameter winbind refresh tickets = Yes
>> doing parameter winbind normalize names = yes
>> doing parameter idmap config TTU : backend = ad
>> doing parameter idmap config * : backend = tdb
>> doing parameter idmap config * : range = 1000-20000000
>> pm_process() returned Yes
>> Netbios name list:-
>> my_netbios_names[0]="GLOTON"
>> added interface eth1 ip=172.30.0.230 bcast=172.30.0.255
>> netmask=255.255.255.0
>> added interface eth0 ip=192.168.2.230 bcast=192.168.2.255
>> netmask=255.255.255.0
>> Registering messaging pointer for type 2 - private_data=(nil)
>> Registering messaging pointer for type 9 - private_data=(nil)
>> Registered MSG_REQ_POOL_USAGE
>> Registering messaging pointer for type 11 - private_data=(nil)
>> Registering messaging pointer for type 12 - private_data=(nil)
>> Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
>> Registering messaging pointer for type 1 - private_data=(nil)
>> Registering messaging pointer for type 5 - private_data=(nil)
>> Enter Administrator's password:
>> libnet_Join:
>> libnet_JoinCtx: struct libnet_JoinCtx
>> in: struct libnet_JoinCtx
>> dc_name : NULL
>> machine_name : 'GLOTON'
>> domain_name : *
>> domain_name : 'TTU.RED'
>> account_ou : NULL
>> admin_account : 'Administrator'
>> machine_password : NULL
>> join_flags : 0x00000023 (35)
>> 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
>> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
>> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
>> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN
>> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
>> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
>> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
>> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
>> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
>> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
>> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
>> os_version : NULL
>> os_name : NULL
>> create_upn : 0x00 (0)
>> upn : NULL
>> modify_config : 0x00 (0)
>> ads : NULL
>> debug : 0x01 (1)
>> use_kerberos : 0x00 (0)
>> secure_channel_type : SEC_CHAN_WKSTA (2)
>> Opening cache file at /var/cache/samba/gencache.tdb
>> Opening cache file at /var/run/samba/gencache_notrans.tdb
>> sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
>> ads_dns_lookup_srv: 1 records returned in the answer section.
>> sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
>> no entry for pdc.ttu.red#20 found.
>> resolve_lmhosts: Attempting lmhosts lookup for name
pdc.ttu.red<0x20>
>> resolve_lmhosts: Attempting lmhosts lookup for name
pdc.ttu.red<0x20>
>> startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was
No
>> existe el fichero o el directorio
>> wins_srv_is_dead: 192.168.2.251 is alive
>> resolve_wins: using WINS server 192.168.2.251 and tag '*'
>> samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x7fcb85f853b0]
mpx_fde[(nil)]
>> fd[13] - disabling
>> wins_srv_is_dead: 192.168.2.251 is alive
>> Marking wins server 192.168.2.251 dead for 600 seconds from source
>> 192.168.2.251
>> resolve_hosts: Attempting host lookup for name pdc.ttu.red<0x20>
>> namecache_store: storing 1 address for pdc.ttu.red#20: 192.168.2.251
>> Connecting to 192.168.2.251 at port 445
>> Socket options:
>> SO_KEEPALIVE = 0
>> SO_REUSEADDR = 0
>> SO_BROADCAST = 0
>> TCP_NODELAY = 1
>> TCP_KEEPCNT = 9
>> TCP_KEEPIDLE = 7200
>> TCP_KEEPINTVL = 75
>> IPTOS_LOWDELAY = 0
>> IPTOS_THROUGHPUT = 0
>> SO_SNDBUF = 24040
>> SO_RCVBUF = 87380
>> SO_SNDLOWAT = 1
>> SO_RCVLOWAT = 1
>> SO_SNDTIMEO = 0
>> SO_RCVTIMEO = 0
>> TCP_QUICKACK = 1
>> TCP_DEFER_ACCEPT = 0
>> Doing spnego session setup (blob length=96)
>> got OID=1.2.840.48018.1.2.2
>> got OID=1.2.840.113554.1.2.2
>> got OID=1.3.6.1.4.1.311.2.2.10
>> got principal=not_defined_in_RFC4178 at please_ignore
>> Got challenge flags:
>> Got NTLMSSP neg_flags=0x60898215
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_NTLM2
>> NTLMSSP_NEGOTIATE_TARGET_INFO
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP: Set final flags:
>> Got NTLMSSP neg_flags=0x60088215
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_NTLM2
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> NTLMSSP Sign/Seal - Initialising with flags:
>> Got NTLMSSP neg_flags=0x60088215
>> NTLMSSP_NEGOTIATE_UNICODE
>> NTLMSSP_REQUEST_TARGET
>> NTLMSSP_NEGOTIATE_SIGN
>> NTLMSSP_NEGOTIATE_NTLM
>> NTLMSSP_NEGOTIATE_ALWAYS_SIGN
>> NTLMSSP_NEGOTIATE_NTLM2
>> NTLMSSP_NEGOTIATE_128
>> NTLMSSP_NEGOTIATE_KEY_EXCH
>> Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 52
>> check_bind_response: accepted!
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 168
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> saf_fetch[join]: Returning "pdc.ttu.red" for
"ttu.red" domain
>> get_dc_list: preferred server list: "pdc.ttu.red, *"
>> no entry for ttu.red#1C found.
>> resolve_ads: Attempting to resolve KDCs for ttu.red using DNS
>> ads_dns_lookup_srv: 1 records returned in the answer section.
>> sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
>> name pdc.ttu.red#20 found.
>> get_dc_list: returning 2 ip addresses in an ordered list
>> get_dc_list: 192.168.2.251:0 192.168.2.251:88
>> create_local_private_krb5_conf_for_domain: wrote file
>> /var/run/samba/smb_krb5/krb5.conf.TTU with realm TTU.RED KDC list
>> kdc = 192.168.2.251
>>
>> Bind RPC Pipe: host pdc.ttu.red auth_type 0, auth_level 1
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 52
>> check_bind_response: accepted!
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 40
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 44
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 12
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 12
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> rpc_api_pipe: host pdc.ttu.red
>> rpc_read_send: data_to_read: 32
>> check lock order 1 for /var/lib/samba/private/secrets.tdb
>> release lock order 1 for /var/lib/samba/private/secrets.tdb
>> check lock order 1 for /var/lib/samba/private/secrets.tdb
>> release lock order 1 for /var/lib/samba/private/secrets.tdb
>> check lock order 1 for /var/lib/samba/private/secrets.tdb
>> release lock order 1 for /var/lib/samba/private/secrets.tdb
>> check lock order 1 for /var/lib/samba/private/secrets.tdb
>> release lock order 1 for /var/lib/samba/private/secrets.tdb
>> check lock order 1 for /var/lib/samba/private/secrets.tdb
>> release lock order 1 for /var/lib/samba/private/secrets.tdb
>> sitename_fetch: Returning sitename for TTU.RED:
"Default-First-Site-Name"
>> name pdc.ttu.red#20 found.
>> ads_try_connect: sending CLDAP request to 192.168.2.251 (realm:
ttu.red)
>> Successfully contacted LDAP server 192.168.2.251
>> Connected to LDAP server pdc.ttu.red
>> KDC time offset is 0 seconds
>> Found SASL mechanism GSS-SPNEGO
>> ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
>> ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
>> ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
>> ads_sasl_spnego_bind: got server principal name >>
not_defined_in_RFC4178 at please_ignore
>> ads_krb5_mk_req: krb5_cc_get_principal failed (No existe el fichero o
el
>> directorio)
>> ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration
>> dom,
>> 26 abr 2015 00:04:50 CEST
>> kinit succeeded but ads_sasl_spnego_krb5_bind failed: Invalid
credentials
>> libnet_Join:
>> libnet_JoinCtx: struct libnet_JoinCtx
>> out: struct libnet_JoinCtx
>> account_name : NULL
>> netbios_domain_name : 'TTU'
>> dns_domain_name : 'ttu.red'
>> forest_name : 'ttu.red'
>> dn : NULL
>> domain_sid : *
>> domain_sid :
>> S-1-5-21-127850397-371183867-665961664
>> modified_config : 0x00 (0)
>> error_string : 'failed to connect to AD:
Invalid
>> credentials'
>> domain_is_ad : 0x01 (1)
>> result : WERR_GENERAL_FAILURE
>> Failed to join domain: failed to connect to AD: Invalid credentials
>> return code = -1
>> -----------------------------------------------------------------------
>> -----------------------------------------------------------------------
>>
>> I've tried commands like:
>> smbclient -L 192.168.2.251 -U%
>> kinit administrator@ <administrator at CASA.RED>TTU.RED
>> klist -c
>>
>> All are workign.
>> I've tried to create a test domain instead upgrade, with same
config and
>> join ads is working... ?can be the upgrade progress?
>>
>> Thanks!!
>>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba