Marcio Vogel Merlone dos Santos
2016-May-04 19:16 UTC
[Samba] Cannot join server to Samba4 NT4 domain
Em 28-04-2016 12:14, Rowland penny escreveu:> On 28/04/16 15:16, MI wrote: >> I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP. >> >> I would like to add another server, and have it authenticate users >> against openLDAP. I thought I had to add the new server to the domain >> with "net rpc join", but that seems to think I want to join an AD >> domain, and fails: >> >> # net rpc join -U root%mypassword >> No realm has been specified! Do you really want to join an Active >> Directory server? >> Failed to join domain: failed to lookup DC info for domain >> 'MYDOMAIN' over rpc: This error indicates that the requested >> operation cannot be completed due to a catastrophic media failure >> or an on-disk data structure corruption. >> > > I did something similar last week in a test domain and had a similar > problem, I got it to work by using 'administrator' instead of 'root'. > It still complained about active directory, I think somebody changed > 'net' without considering NT-4 style domains.Sorry to say just "me too". Trying to join my Mint 17.3 Desktop (samba 2:4.3.9+dfsg-0ubuntu0.14.04.1) as a NT4-style domain member of an old 3.4 samba PDC (2:3.4.7~dfsg-1ubuntu3.15) I get this: mic-158 samba # net rpc join -S pdc -U administrador No realm has been specified! Do you really want to join an Active Directory server? Enter administrador's password: smb_signing_good: BAD SIG: seq 1 Failed to join domain: failed to lookup DC info for domain 'DOM' over rpc: Access denied mic-158 samba # Log from server: [2016/05/04 14:51:15, 2] lib/smbldap.c:890(smbldap_open_connection) smbldap_open_connection: connection opened [2016/05/04 14:51:15, 2] passdb/pdb_ldap.c:2434(init_group_from_ldap) init_group_from_ldap: Entry found for group: 5144 [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw) get_md4pw: Workstation MIC-158$: no account in domain [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: failed to get machine password for account MIC-158$: NT_STATUS_ACCESS_DENIED [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw) get_md4pw: Workstation MIC-158$: no account in domain [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3) _netr_ServerAuthenticate3: failed to get machine password for account MIC-158$: NT_STATUS_ACCESS_DENIED Frozen hell: no problem to add Windows XP, 7, 8.x, 10 machines to domain. Just another samba. Found any workaround? Tks, best regards. -- *Marcio Merlone*
Hello list, How about add 'server signing = auto', for example: [global] server signing = auto -- Regards, Jones Syue | 薛懷宗 QNAP Systems, Inc. On Thu, May 5, 2016 at 3:16 AM, Marcio Vogel Merlone dos Santos < marcio.merlone at a1.ind.br> wrote:> Em 28-04-2016 12:14, Rowland penny escreveu: > >> On 28/04/16 15:16, MI wrote: >> >>> I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP. >>> >>> I would like to add another server, and have it authenticate users >>> against openLDAP. I thought I had to add the new server to the domain with >>> "net rpc join", but that seems to think I want to join an AD domain, and >>> fails: >>> >>> # net rpc join -U root%mypassword >>> No realm has been specified! Do you really want to join an Active >>> Directory server? >>> Failed to join domain: failed to lookup DC info for domain >>> 'MYDOMAIN' over rpc: This error indicates that the requested >>> operation cannot be completed due to a catastrophic media failure or >>> an on-disk data structure corruption. >>> >>> >> I did something similar last week in a test domain and had a similar >> problem, I got it to work by using 'administrator' instead of 'root'. It >> still complained about active directory, I think somebody changed 'net' >> without considering NT-4 style domains. >> > > Sorry to say just "me too". > > Trying to join my Mint 17.3 Desktop (samba 2:4.3.9+dfsg-0ubuntu0.14.04.1) > as a NT4-style domain member of an old 3.4 samba PDC > (2:3.4.7~dfsg-1ubuntu3.15) I get this: > > mic-158 samba # net rpc join -S pdc -U administrador > No realm has been specified! Do you really want to join an Active > Directory server? > Enter administrador's password: > smb_signing_good: BAD SIG: seq 1 > Failed to join domain: failed to lookup DC info for domain 'DOM' over rpc: > Access denied > mic-158 samba # > > Log from server: > [2016/05/04 14:51:15, 2] lib/smbldap.c:890(smbldap_open_connection) > smbldap_open_connection: connection opened > [2016/05/04 14:51:15, 2] passdb/pdb_ldap.c:2434(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 5144 > [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw) > get_md4pw: Workstation MIC-158$: no account in domain > [2016/05/04 14:51:15, 0] > rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: failed to get machine password for account > MIC-158$: NT_STATUS_ACCESS_DENIED > [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw) > get_md4pw: Workstation MIC-158$: no account in domain > [2016/05/04 14:51:15, 0] > rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: failed to get machine password for account > MIC-158$: NT_STATUS_ACCESS_DENIED > > Frozen hell: no problem to add Windows XP, 7, 8.x, 10 machines to domain. > Just another samba. > > Found any workaround? Tks, best regards. > > > -- > *Marcio Merlone* > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Marcio Vogel Merlone dos Santos
2016-May-05 11:48 UTC
[Samba] Cannot join server to Samba4 NT4 domain
Em 05-05-2016 00:14, Jones Syue escreveu:> > How about add 'server signing = auto', > for example: > > [global] > server signing = autoHi, Made no difference if set on the member I want to add to domain, but when set to the server I got this on member: mic-158 samba # net rpc join -S PDC -U domadminuser No realm has been specified! Do you really want to join an Active Directory server? Enter domadminuser's password: No realm has been specified! Do you really want to join an Active Directory server? Failed to pull dcerpc auth: NT_STATUS_RPC_PROTOCOL_ERROR. cli_rpc_pipe_open_schannel_with_creds: rpc_pipe_bind failed with error NT_STATUS_RPC_PROTOCOL_ERROR libnet_join_ok: failed to open schannel session on netlogon pipe to server mercurio for domain PDC. Error was NT_STATUS_RPC_PROTOCOL_ERROR Failed to join domain: failed to verify domain membership after joining: An RPC protocol error occurred. mic-158 samba # Tks, regards. -- *Marcio Merlone*
is "security=domain" set in smb.conf ? On 05/04/16 15:16, Marcio Vogel Merlone dos Santos wrote:> Em 28-04-2016 12:14, Rowland penny escreveu: >> On 28/04/16 15:16, MI wrote: >>> I have a Samba 4 NT4 PDC (Version 4.1.17-Debian) with openLDAP. >>> >>> I would like to add another server, and have it authenticate users >>> against openLDAP. I thought I had to add the new server to the >>> domain with "net rpc join", but that seems to think I want to join >>> an AD domain, and fails: >>> >>> # net rpc join -U root%mypassword >>> No realm has been specified! Do you really want to join an >>> Active Directory server? >>> Failed to join domain: failed to lookup DC info for domain >>> 'MYDOMAIN' over rpc: This error indicates that the requested >>> operation cannot be completed due to a catastrophic media >>> failure or an on-disk data structure corruption. >>> >> >> I did something similar last week in a test domain and had a similar >> problem, I got it to work by using 'administrator' instead of 'root'. >> It still complained about active directory, I think somebody changed >> 'net' without considering NT-4 style domains. > > Sorry to say just "me too". > > Trying to join my Mint 17.3 Desktop (samba > 2:4.3.9+dfsg-0ubuntu0.14.04.1) as a NT4-style domain member of an old > 3.4 samba PDC (2:3.4.7~dfsg-1ubuntu3.15) I get this: > > mic-158 samba # net rpc join -S pdc -U administrador > No realm has been specified! Do you really want to join an Active > Directory server? > Enter administrador's password: > smb_signing_good: BAD SIG: seq 1 > Failed to join domain: failed to lookup DC info for domain 'DOM' over > rpc: Access denied > mic-158 samba # > > Log from server: > [2016/05/04 14:51:15, 2] lib/smbldap.c:890(smbldap_open_connection) > smbldap_open_connection: connection opened > [2016/05/04 14:51:15, 2] passdb/pdb_ldap.c:2434(init_group_from_ldap) > init_group_from_ldap: Entry found for group: 5144 > [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw) > get_md4pw: Workstation MIC-158$: no account in domain > [2016/05/04 14:51:15, 0] > rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: failed to get machine password for > account MIC-158$: NT_STATUS_ACCESS_DENIED > [2016/05/04 14:51:15, 0] rpc_server/srv_netlog_nt.c:336(get_md4pw) > get_md4pw: Workstation MIC-158$: no account in domain > [2016/05/04 14:51:15, 0] > rpc_server/srv_netlog_nt.c:584(_netr_ServerAuthenticate3) > _netr_ServerAuthenticate3: failed to get machine password for > account MIC-158$: NT_STATUS_ACCESS_DENIED > > Frozen hell: no problem to add Windows XP, 7, 8.x, 10 machines to > domain. Just another samba. > > Found any workaround? Tks, best regards. > >