Nico Speelman
2016-May-26 09:57 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
Hello, I've been trying to add a new server to my Samba 4 Active directory, but I've been failing so far. I'm running the command "net ads join -k" and it fails with "Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found." The answers I found so far imply a problem with the RPC service, but this seems to be running as the output of "netstat -plane | grep 135" suggests. I was unable to find any hint to the problems origin in my samba logs, but the output of "net ads join -k -d10" shows a lot more information. Unfortunately I am unable to filter through this all. I hope anyone is able to point me in the direction of a solution. My domain controller and client are running Debian testing with samba 4.4.3. Thank in advance, Nico Speelman output of "netstat -plane | grep 135" on the domain controllers: tcp 0 0 10.0.0.2:135 0.0.0.0:* LISTEN 0 96682 8639/samba tcp 0 0 127.0.0.1:135 0.0.0.0:* LISTEN 0 96679 8639/samba tcp6 0 0 2001:980:7912:1::2:135 :::* LISTEN 0 96681 8639/samba tcp6 0 0 ::1:135 :::* LISTEN 0 96680 8639/samba output of "net ads join -k -d10" on the client: Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found. rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 Processing section "[global]" doing parameter security = ADS doing parameter workgroup = <EXAMPLE> doing parameter realm = <example.com> doing parameter log file = /var/log/samba/%m.log doing parameter kerberos method = secrets and keytab doing parameter client signing = yes doing parameter client use spnego = yes pm_process() returned Yes lp_servicenumber: couldn't find homes messaging_dgm_ref: messaging_dgm_init returned Success messaging_dgm_ref: unique = 18102182485556212140 Registering messaging pointer for type 2 - private_data=(nil) Registering messaging pointer for type 9 - private_data=(nil) Registered MSG_REQ_POOL_USAGE Registering messaging pointer for type 11 - private_data=(nil) Registering messaging pointer for type 12 - private_data=(nil) Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Registering messaging pointer for type 1 - private_data=(nil) Registering messaging pointer for type 5 - private_data=(nil) lp_load_ex: refreshing parameters Freeing parametrics: Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10 Processing section "[global]" doing parameter security = ADS doing parameter workgroup = <EXAMPLE> doing parameter realm = <example.com> doing parameter log file = /var/log/samba/%m.log doing parameter kerberos method = secrets and keytab doing parameter client signing = yes doing parameter client use spnego = yes pm_process() returned Yes lp_servicenumber: couldn't find homes Netbios name list:- my_netbios_names[0]="HESTIA" added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff:: added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0 libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'HESTIA' domain_name : * domain_name : '<EXAMPLE.COM>' domain_name_type : JoinDomNameTypeDNS (1) account_ou : NULL admin_account : 'root' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x01 (1) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31) Opening cache file at /var/cache/samba/gencache.tdb Opening cache file at /var/run/samba/gencache_notrans.tdb sitename_fetch: Returning sitename for <EXAMPLE.COM>: "Default-First-Site-Name" dsgetdcname_internal: domain_name: <EXAMPLE.COM>, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011 debug_dsdcinfo_flags: 0x40021011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME dsgetdcname_rediscover ads_dns_lookup_srv: 2 records returned in the answer section. ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 389] ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 389] LDAP ping to hera.<example.com> (10.0.0.3) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<example.com>' dns_domain : '<example.com>' pdc_dns_name : 'hera.<example.com>' domain_name : '<EXAMPLE>' pdc_name : 'HERA' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got it Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) sitename_store: realm = [<example.com>], sitename = [Default-First-Site-Name], expire = [2085923199] Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM>, we already got it create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <EXAMPLE.COM>, domain = .JOIN saf_fetch: failed to find server for "<EXAMPLE.COM>" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename Default-First-Site-Name) resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS ads_dns_lookup_srv: 2 records returned in the answer section. ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88 Adding 6 DC's from auto lookup check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#1> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#2> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.3 check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#1> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#2> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.2 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 6 ip addresses in an ordered list get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 got 6 addresses from site Default-First-Site-Name search saf_fetch: failed to find server for "<EXAMPLE.COM>" domain get_dc_list: preferred server list: ", *" internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename (null)) resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS ads_dns_lookup_srv: 2 records returned in the answer section. ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] remove_duplicate_addrs2: looking for duplicate address/port pairs internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88 Adding 6 DC's from auto lookup check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#1> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#2> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.3 check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#1> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#2> check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.2 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 6 ip addresses in an ordered list get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 got 6 addresses from site-less search 5 additional KDCs to test &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<example.com>' dns_domain : '<example.com>' pdc_dns_name : 'zeus.<example.com>' domain_name : '<EXAMPLE>' pdc_name : 'ZEUS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<example.com>' dns_domain : '<example.com>' pdc_dns_name : 'hera.<example.com>' domain_name : '<EXAMPLE>' pdc_name : 'HERA' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<example.com>' dns_domain : '<example.com>' pdc_dns_name : 'zeus.<example.com>' domain_name : '<EXAMPLE>' pdc_name : 'ZEUS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) get_kdc_ip_string: Returning kdc = 10.0.0.3 kdc = 10.0.0.2 kdc = [<hera_ipv6_#1>]:88 kdc = [<zeus_ipv6_#1>]:88 create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM> KDC list = kdc = 10.0.0.3 kdc = 10.0.0.2 kdc = [<hera_ipv6_#1>]:88 kdc = [<zeus_ipv6_#1>]:88 sitename_fetch: Returning sitename for <EXAMPLE.COM>: "Default-First-Site-Name" internal_resolve_name: looking up hera.<example.com>#20 (sitename Default-First-Site-Name) Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past) no entry for hera.<example.com>#20 found. resolve_hosts: Attempting host lookup for name hera.<example.com><0x20> remove_duplicate_addrs2: looking for duplicate address/port pairs namecache_store: storing 3 addresses for hera.<example.com>#20: [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3 Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do mei 26 08:27:51 2016 CEST] (660 seconds ahead) internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0 <hera_ipv6_#2>:0 10.0.0.3:0 Connecting to <hera_ipv6_#1> at port 445 Socket options: SO_KEEPALIVE = 0 SO_REUSEADDR = 0 SO_BROADCAST = 0 TCP_NODELAY = 1 TCP_KEEPCNT = 9 TCP_KEEPIDLE = 7200 TCP_KEEPINTVL = 75 IPTOS_LOWDELAY = 0 IPTOS_THROUGHPUT = 0 SO_REUSEPORT = 0 SO_SNDBUF = 87040 SO_RCVBUF = 368000 SO_SNDLOWAT = 1 SO_RCVLOWAT = 1 SO_SNDTIMEO = 0 SO_RCVTIMEO = 0 TCP_QUICKACK = 1 TCP_DEFER_ACCEPT = 0 Doing spnego session setup (blob length=96) got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178 at please_ignore cli_session_setup_spnego: using target hostname not SPNEGO principal cli_session_setup_spnego: guessed server principal=cifs/hera.<example.com>@<EXAMPLE.COM> GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 SPNEGO login failed: The object name is not found. libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_BADFILE return code = -1 msg_dgm_ref_destructor: refs=(nil) HERA smb.conf: [global] workgroup = SPEELMANROBBEN realm = speelmanrobben.nl netbios name = HERA server role = active directory domain controller server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate [netlogon] path = /mnt/netlogon read only = No guest ok = Yes [sysvol] path = /var/lib/samba/sysvol read only = No ZEUS smb.conf: [global] workgroup = SPEELMANROBBEN realm = speelmanrobben.nl netbios name = ZEUS server string = %h PDC (Debian Testing, Samba4) interfaces = 127.0.0.0/8, ::1/128, eth0, lo bind interfaces only = Yes server role = active directory domain controller map to guest = Bad User private dir = /var/lib/samba/private pam password change = Yes unix password sync = Yes syslog = 0 log file = /var/log/samba/log.samba max log size = 1000 logon path domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No lock directory = /var/lib/samba/ state directory = /var/lib/samba/state cache directory = /var/cache/samba usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb invalid users = root admin users = administrator tls enabled = yes tls keyfile = tls/sambakey.pem tls certfile = tls/zeus.<example.com>.crt tls cafile = /etc/ssl/certs/cacert.pem [netlogon] comment = Network Logon Service path = /mnt/netlogon read only = No guest ok = Yes [sysvol] comment = System Volume path = /var/lib/samba/state/sysvol read only = No guest ok = Yes
Miso Rapajić
2016-May-26 10:19 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
Try to ping from client to server with its hostname. Sounds like dns problem. ping server Then try to ping its ip address. Then try to add server address to host file. Ex 192.168.8.30 server.example.com server Best M On May 26, 2016 12:02, "Nico Speelman" <nico at speelmanrobben.nl> wrote:> Hello, > > I've been trying to add a new server to my Samba 4 Active directory, but > I've been failing so far. I'm running the command "net ads join -k" and it > fails with "Failed to join domain: failed to lookup DC info for domain '< > EXAMPLE.COM>' over rpc: The object name is not found." The answers I > found so far imply a problem with the RPC service, but this seems to be > running as the output of "netstat -plane | grep 135" suggests. I was unable > to find any hint to the problems origin in my samba logs, but the output of > "net ads join -k -d10" shows a lot more information. Unfortunately I am > unable to filter through this all. I hope anyone is able to point me in the > direction of a solution. > > My domain controller and client are running Debian testing with samba > 4.4.3. > > Thank in advance, > Nico Speelman > > output of "netstat -plane | grep 135" on the domain controllers: > tcp 0 0 10.0.0.2:135 0.0.0.0:* > LISTEN 0 96682 8639/samba > tcp 0 0 127.0.0.1:135 0.0.0.0:* > LISTEN 0 96679 8639/samba > tcp6 0 0 2001:980:7912:1::2:135 :::* > LISTEN 0 96681 8639/samba > tcp6 0 0 ::1:135 :::* > LISTEN 0 96680 8639/samba > > output of "net ads join -k -d10" on the client: > Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' > over rpc: The object name is not found. > > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > messaging_dgm_ref: messaging_dgm_init returned Success > messaging_dgm_ref: unique = 18102182485556212140 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > lp_load_ex: refreshing parameters > Freeing parametrics: > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="HESTIA" > added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff:: > added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0 > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'HESTIA' > domain_name : * > domain_name : '<EXAMPLE.COM>' > domain_name_type : JoinDomNameTypeDNS (1) > account_ou : NULL > admin_account : 'root' > admin_domain : NULL > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > os_servicepack : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x01 (1) > secure_channel_type : SEC_CHAN_WKSTA (2) > desired_encryption_types : 0x0000001f (31) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/run/samba/gencache_notrans.tdb > sitename_fetch: Returning sitename for <EXAMPLE.COM>: > "Default-First-Site-Name" > dsgetdcname_internal: domain_name: <EXAMPLE.COM>, domain_guid: (null), > site_name: Default-First-Site-Name, flags: 0x40021011 > debug_dsdcinfo_flags: 0x40021011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED > DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME > dsgetdcname_rediscover > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 389] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 389] > LDAP ping to hera.<example.com> (10.0.0.3) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do > mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name], > expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got it > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM>] and > timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<example.com>], sitename > [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM>, we already got > it > create_local_private_krb5_conf_for_domain: fname > /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <EXAMPLE.COM>, domain > .JOIN > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename > Default-First-Site-Name) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 > <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 > <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site Default-First-Site-Name search > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename (null)) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 > <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> > server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 > <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site-less search > 5 additional KDCs to test > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > get_kdc_ip_string: Returning kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > create_local_private_krb5_conf_for_domain: wrote file > /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM> KDC list > = kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > sitename_fetch: Returning sitename for <EXAMPLE.COM>: > "Default-First-Site-Name" > internal_resolve_name: looking up hera.<example.com>#20 (sitename > Default-First-Site-Name) > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do > jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past) > no entry for hera.<example.com>#20 found. > resolve_hosts: Attempting host lookup for name hera.<example.com><0x20> > remove_duplicate_addrs2: looking for duplicate address/port pairs > namecache_store: storing 3 addresses for hera.<example.com>#20: > [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3 > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do > mei 26 08:27:51 2016 CEST] (660 seconds ahead) > internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0 > <hera_ipv6_#2>:0 10.0.0.3:0 > Connecting to <hera_ipv6_#1> at port 445 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 368000 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=96) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > cli_session_setup_spnego: using target hostname not SPNEGO principal > cli_session_setup_spnego: guessed server principal=cifs/hera.<example.com > >@<EXAMPLE.COM> > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gse_krb5 > SPNEGO login failed: The object name is not found. > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : NULL > dns_domain_name : NULL > forest_name : NULL > dn : NULL > domain_sid : NULL > domain_sid : (NULL SID) > modified_config : 0x00 (0) > error_string : 'failed to lookup DC info for > domain '<EXAMPLE.COM>' over rpc: The object name is not found.' > domain_is_ad : 0x00 (0) > set_encryption_types : 0x00000000 (0) > result : WERR_BADFILE > return code = -1 > msg_dgm_ref_destructor: refs=(nil) > > HERA smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = HERA > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > > [netlogon] > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ZEUS smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = ZEUS > server string = %h PDC (Debian Testing, Samba4) > interfaces = 127.0.0.0/8, ::1/128, eth0, lo > bind interfaces only = Yes > server role = active directory domain controller > map to guest = Bad User > private dir = /var/lib/samba/private > pam password change = Yes > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.samba > max log size = 1000 > logon path > domain logons = Yes > preferred master = Yes > domain master = Yes > dns proxy = No > lock directory = /var/lib/samba/ > state directory = /var/lib/samba/state > cache directory = /var/cache/samba > usershare allow guests = Yes > panic action = /usr/share/samba/panic-action %d > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, > winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > invalid users = root > admin users = administrator > tls enabled = yes > tls keyfile = tls/sambakey.pem > tls certfile = tls/zeus.<example.com>.crt > tls cafile = /etc/ssl/certs/cacert.pem > > [netlogon] > comment = Network Logon Service > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > comment = System Volume > path = /var/lib/samba/state/sysvol > read only = No > guest ok = Yes > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >
Rowland penny
2016-May-26 10:19 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
On 26/05/16 10:57, Nico Speelman wrote:> Hello, > > I've been trying to add a new server to my Samba 4 Active directory, but I've been failing so far. I'm running the command "net ads join -k" and it fails with "Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found." The answers I found so far imply a problem with the RPC service, but this seems to be running as the output of "netstat -plane | grep 135" suggests. I was unable to find any hint to the problems origin in my samba logs, but the output of "net ads join -k -d10" shows a lot more information. Unfortunately I am unable to filter through this all. I hope anyone is able to point me in the direction of a solution. > > My domain controller and client are running Debian testing with samba 4.4.3. > > Thank in advance, > Nico Speelman > > output of "netstat -plane | grep 135" on the domain controllers: > tcp 0 0 10.0.0.2:135 0.0.0.0:* LISTEN 0 96682 8639/samba > tcp 0 0 127.0.0.1:135 0.0.0.0:* LISTEN 0 96679 8639/samba > tcp6 0 0 2001:980:7912:1::2:135 :::* LISTEN 0 96681 8639/samba > tcp6 0 0 ::1:135 :::* LISTEN 0 96680 8639/samba > > output of "net ads join -k -d10" on the client: > Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found. > > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > lp_load_ex: refreshing parameters > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > messaging_dgm_ref: messaging_dgm_init returned Success > messaging_dgm_ref: unique = 18102182485556212140 > Registering messaging pointer for type 2 - private_data=(nil) > Registering messaging pointer for type 9 - private_data=(nil) > Registered MSG_REQ_POOL_USAGE > Registering messaging pointer for type 11 - private_data=(nil) > Registering messaging pointer for type 12 - private_data=(nil) > Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED > Registering messaging pointer for type 1 - private_data=(nil) > Registering messaging pointer for type 5 - private_data=(nil) > lp_load_ex: refreshing parameters > Freeing parametrics: > Initialising global parameters > rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) > INFO: Current debug levels: > all: 10 > tdb: 10 > printdrivers: 10 > lanman: 10 > smb: 10 > rpc_parse: 10 > rpc_srv: 10 > rpc_cli: 10 > passdb: 10 > sam: 10 > auth: 10 > winbind: 10 > vfs: 10 > idmap: 10 > quota: 10 > acls: 10 > locking: 10 > msdfs: 10 > dmapi: 10 > registry: 10 > scavenger: 10 > dns: 10 > ldb: 10 > tevent: 10 > Processing section "[global]" > doing parameter security = ADS > doing parameter workgroup = <EXAMPLE> > doing parameter realm = <example.com> > doing parameter log file = /var/log/samba/%m.log > doing parameter kerberos method = secrets and keytab > doing parameter client signing = yes > doing parameter client use spnego = yes > pm_process() returned Yes > lp_servicenumber: couldn't find homes > Netbios name list:- > my_netbios_names[0]="HESTIA" > added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff:: > added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0 > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > in: struct libnet_JoinCtx > dc_name : NULL > machine_name : 'HESTIA' > domain_name : * > domain_name : '<EXAMPLE.COM>' > domain_name_type : JoinDomNameTypeDNS (1) > account_ou : NULL > admin_account : 'root' > admin_domain : NULL > machine_password : NULL > join_flags : 0x00000023 (35) > 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > os_version : NULL > os_name : NULL > os_servicepack : NULL > create_upn : 0x00 (0) > upn : NULL > modify_config : 0x00 (0) > ads : NULL > debug : 0x01 (1) > use_kerberos : 0x01 (1) > secure_channel_type : SEC_CHAN_WKSTA (2) > desired_encryption_types : 0x0000001f (31) > Opening cache file at /var/cache/samba/gencache.tdb > Opening cache file at /var/run/samba/gencache_notrans.tdb > sitename_fetch: Returning sitename for <EXAMPLE.COM>: "Default-First-Site-Name" > dsgetdcname_internal: domain_name: <EXAMPLE.COM>, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011 > debug_dsdcinfo_flags: 0x40021011 > DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAME > dsgetdcname_rediscover > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 389] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 389] > LDAP ping to hera.<example.com> (10.0.0.3) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got it > Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead) > sitename_store: realm = [<example.com>], sitename = [Default-First-Site-Name], expire = [2085923199] > Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM>, we already got it > create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <EXAMPLE.COM>, domain = .JOIN > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename Default-First-Site-Name) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site Default-First-Site-Name search > saf_fetch: failed to find server for "<EXAMPLE.COM>" domain > get_dc_list: preferred server list: ", *" > internal_resolve_name: looking up <EXAMPLE.COM>#dcdc (sitename (null)) > resolve_ads: Attempting to resolve KDCs for <EXAMPLE.COM> using DNS > ads_dns_lookup_srv: 2 records returned in the answer section. > ads_dns_parse_rr_srv: Parsed hera.<example.com> [0, 100, 88] > ads_dns_parse_rr_srv: Parsed zeus.<example.com> [0, 100, 88] > remove_duplicate_addrs2: looking for duplicate address/port pairs > internal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88 > Adding 6 DC's from auto lookup > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <hera_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.3 > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#1> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server <zeus_ipv6_#2> > check_negative_conn_cache returning result 0 for domain <EXAMPLE.COM> server 10.0.0.2 > remove_duplicate_addrs2: looking for duplicate address/port pairs > get_dc_list: returning 6 ip addresses in an ordered list > get_dc_list: 10.0.0.3:88 10.0.0.2:88 <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 > got 6 addresses from site-less search > 5 additional KDCs to test > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'hera.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'HERA' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX > command : LOGON_SAM_LOGON_RESPONSE_EX (23) > sbz : 0x0000 (0) > server_type : 0x000013fc (5116) > 0: NBT_SERVER_PDC > 1: NBT_SERVER_GC > 1: NBT_SERVER_LDAP > 1: NBT_SERVER_DS > 1: NBT_SERVER_KDC > 1: NBT_SERVER_TIMESERV > 1: NBT_SERVER_CLOSEST > 1: NBT_SERVER_WRITABLE > 1: NBT_SERVER_GOOD_TIMESERV > 0: NBT_SERVER_NDNC > 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 > 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 > 0: NBT_SERVER_ADS_WEB_SERVICE > 0: NBT_SERVER_DS_8 > 0: NBT_SERVER_HAS_DNS_NAME > 0: NBT_SERVER_IS_DEFAULT_NC > 0: NBT_SERVER_FOREST_ROOT > domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 > forest : '<example.com>' > dns_domain : '<example.com>' > pdc_dns_name : 'zeus.<example.com>' > domain_name : '<EXAMPLE>' > pdc_name : 'ZEUS' > user_name : '' > server_site : 'Default-First-Site-Name' > client_site : 'Default-First-Site-Name' > sockaddr_size : 0x00 (0) > sockaddr: struct nbt_sockaddr > sockaddr_family : 0x00000000 (0) > pdc_ip : (null) > remaining : DATA_BLOB length=0 > next_closest_site : NULL > nt_version : 0x00000005 (5) > 1: NETLOGON_NT_VERSION_1 > 0: NETLOGON_NT_VERSION_5 > 1: NETLOGON_NT_VERSION_5EX > 0: NETLOGON_NT_VERSION_5EX_WITH_IP > 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE > 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL > 0: NETLOGON_NT_VERSION_PDC > 0: NETLOGON_NT_VERSION_IP > 0: NETLOGON_NT_VERSION_LOCAL > 0: NETLOGON_NT_VERSION_GC > lmnt_token : 0xffff (65535) > lm20_token : 0xffff (65535) > get_kdc_ip_string: Returning kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM> KDC list = kdc = 10.0.0.3 > kdc = 10.0.0.2 > kdc = [<hera_ipv6_#1>]:88 > kdc = [<zeus_ipv6_#1>]:88 > > sitename_fetch: Returning sitename for <EXAMPLE.COM>: "Default-First-Site-Name" > internal_resolve_name: looking up hera.<example.com>#20 (sitename Default-First-Site-Name) > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past) > no entry for hera.<example.com>#20 found. > resolve_hosts: Attempting host lookup for name hera.<example.com><0x20> > remove_duplicate_addrs2: looking for duplicate address/port pairs > namecache_store: storing 3 addresses for hera.<example.com>#20: [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3 > Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM>#20] and timeout=[do mei 26 08:27:51 2016 CEST] (660 seconds ahead) > internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0 <hera_ipv6_#2>:0 10.0.0.3:0 > Connecting to <hera_ipv6_#1> at port 445 > Socket options: > SO_KEEPALIVE = 0 > SO_REUSEADDR = 0 > SO_BROADCAST = 0 > TCP_NODELAY = 1 > TCP_KEEPCNT = 9 > TCP_KEEPIDLE = 7200 > TCP_KEEPINTVL = 75 > IPTOS_LOWDELAY = 0 > IPTOS_THROUGHPUT = 0 > SO_REUSEPORT = 0 > SO_SNDBUF = 87040 > SO_RCVBUF = 368000 > SO_SNDLOWAT = 1 > SO_RCVLOWAT = 1 > SO_SNDTIMEO = 0 > SO_RCVTIMEO = 0 > TCP_QUICKACK = 1 > TCP_DEFER_ACCEPT = 0 > Doing spnego session setup (blob length=96) > got OID=1.2.840.48018.1.2.2 > got OID=1.2.840.113554.1.2.2 > got OID=1.3.6.1.4.1.311.2.2.10 > got principal=not_defined_in_RFC4178 at please_ignore > cli_session_setup_spnego: using target hostname not SPNEGO principal > cli_session_setup_spnego: guessed server principal=cifs/hera.<example.com>@<EXAMPLE.COM> > GENSEC backend 'gssapi_spnego' registered > GENSEC backend 'gssapi_krb5' registered > GENSEC backend 'gssapi_krb5_sasl' registered > GENSEC backend 'spnego' registered > GENSEC backend 'schannel' registered > GENSEC backend 'naclrpc_as_system' registered > GENSEC backend 'sasl-EXTERNAL' registered > GENSEC backend 'ntlmssp' registered > GENSEC backend 'ntlmssp_resume_ccache' registered > GENSEC backend 'http_basic' registered > GENSEC backend 'http_ntlm' registered > GENSEC backend 'krb5' registered > GENSEC backend 'fake_gssapi_krb5' registered > Starting GENSEC mechanism spnego > Starting GENSEC submechanism gse_krb5 > SPNEGO login failed: The object name is not found. > libnet_Join: > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : NULL > dns_domain_name : NULL > forest_name : NULL > dn : NULL > domain_sid : NULL > domain_sid : (NULL SID) > modified_config : 0x00 (0) > error_string : 'failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.' > domain_is_ad : 0x00 (0) > set_encryption_types : 0x00000000 (0) > result : WERR_BADFILE > return code = -1 > msg_dgm_ref_destructor: refs=(nil) > > HERA smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = HERA > server role = active directory domain controller > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate > > [netlogon] > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > path = /var/lib/samba/sysvol > read only = No > > ZEUS smb.conf: > [global] > workgroup = SPEELMANROBBEN > realm = speelmanrobben.nl > netbios name = ZEUS > server string = %h PDC (Debian Testing, Samba4) > interfaces = 127.0.0.0/8, ::1/128, eth0, lo > bind interfaces only = Yes > server role = active directory domain controller > map to guest = Bad User > private dir = /var/lib/samba/private > pam password change = Yes > unix password sync = Yes > syslog = 0 > log file = /var/log/samba/log.samba > max log size = 1000 > logon path > domain logons = Yes > preferred master = Yes > domain master = Yes > dns proxy = No > lock directory = /var/lib/samba/ > state directory = /var/lib/samba/state > cache directory = /var/cache/samba > usershare allow guests = Yes > panic action = /usr/share/samba/panic-action %d > server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate > idmap_ldb:use rfc2307 = yes > idmap config * : backend = tdb > invalid users = root > admin users = administrator > tls enabled = yes > tls keyfile = tls/sambakey.pem > tls certfile = tls/zeus.<example.com>.crt > tls cafile = /etc/ssl/certs/cacert.pem > > [netlogon] > comment = Network Logon Service > path = /mnt/netlogon > read only = No > guest ok = Yes > > [sysvol] > comment = System Volume > path = /var/lib/samba/state/sysvol > read only = No > guest ok = Yes >You say 'My domain controller and client are running Debian testing with samba 4.4.3' This sort of suggests you only have one DC, yet you have posted two DC smb.conf files, can we sort this out before going further. Do you have two DCs and are trying to join a client, or do you only have one DC and are trying to join another DC? Rowland
Nico Speelman
2016-May-26 10:33 UTC
[Samba] Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
Try to ping from client to server with its hostname. Sounds like dns problem. ping server Then try to ping its ip address. Then try to add server address to host file. Ex 192.168.8.30 server.example.com[1] server Best M On May 26, 2016 12:02, "Nico Speelman" <nico at speelmanrobben.nl[2]> wrote: Hello, I've been trying to add a new server to my Samba 4 Active directory, but I've been failing so far. I'm running the command "net ads join -k" and it fails with "Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM[3]>' over rpc: The object name is not found." The answers I found so far imply a problem with the RPC service, but this seems to be running as the output of "netstat -plane | grep 135" suggests. I was unable to find any hint to the problems origin in my samba logs, but the output of "net ads join -k -d10" shows a lot more information. Unfortunately I am unable to filter through this all. I hope anyone is able to point me in the direction of a solution. My domain controller and client are running Debian testing with samba 4.4.3. Thank in advance,Nico Speelman output of "netstat -plane | grep 135" on the domain controllers:tcp 0 0 10.0.0.2:135[4] 0.0.0.0:* LISTEN 0 96682 8639/sambatcp 0 0 127.0.0.1:135[5] 0.0.0.0:* LISTEN 0 96679 8639/sambatcp6 0 0 2001:980:7912:1::2:135 :::* LISTEN 0 96681 8639/sambatcp6 0 0 ::1:135 :::* LISTEN 0 96680 8639/samba output of "net ads join -k -d10" on the client:Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM[3]>' over rpc: The object name is not found. rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10lp_load_ex: refreshing parametersInitialising global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10Processing section "[global]"doing parameter security = ADSdoing parameter workgroup = <EXAMPLE>doing parameter realm = <example.com[6]>doing parameter log file = /var/log/samba/%m.logdoing parameter kerberos method = secrets and keytabdoing parameter client signing = yesdoing parameter client use spnego = yespm_process() returned Yeslp_servicenumber: couldn't find homesmessaging_dgm_ref: messaging_dgm_init returned Successmessaging_dgm_ref: unique = 18102182485556212140Registering messaging pointer for type 2 - private_data=(nil)Registering messaging pointer for type 9 - private_data=(nil)Registered MSG_REQ_POOL_USAGERegistering messaging pointer for type 11 - private_data=(nil)Registering messaging pointer for type 12 - private_data=(nil)Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGEDRegistering messaging pointer for type 1 - private_data=(nil)Registering messaging pointer for type 5 - private_data=(nil)lp_load_ex: refreshing parametersFreeing parametrics:Initialising global parametersrlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 scavenger: 10 dns: 10 ldb: 10 tevent: 10Processing section "[global]"doing parameter security = ADSdoing parameter workgroup = <EXAMPLE>doing parameter realm = <_example.com_>doing parameter log file = /var/log/samba/%m.logdoing parameter kerberos method = secrets and keytabdoing parameter client signing = yesdoing parameter client use spnego = yespm_process() returned Yeslp_servicenumber: couldn't find homesNetbios name list:-my_netbios_names[0]="HESTIA"added interface eth0 ip=<client_ipv6> bcast= netmask=ffff:ffff:ffff::added interface eth0 ip=10.0.0.8 bcast=10.0.1.255 netmask=255.255.254.0libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'HESTIA' domain_name : * domain_name : '<EXAMPLE.COM[3]>' domain_name_type : JoinDomNameTypeDNS (1) account_ou : NULL admin_account : 'root' admin_domain : NULL machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL os_servicepack : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x01 (1) secure_channel_type : SEC_CHAN_WKSTA (2) desired_encryption_types : 0x0000001f (31)Opening cache file at /var/cache/samba/gencache.tdbOpening cache file at /var/run/samba/gencache_notrans.tdbsitename_fetch: Returning sitename for <_EXAMPLE.COM_>: "Default-First-Site-Name"dsgetdcname_internal: domain_name: <_EXAMPLE.COM_>, domain_guid: (null), site_name: Default-First-Site-Name, flags: 0x40021011debug_dsdcinfo_flags: 0x40021011 DS_FORCE_REDISCOVERY DS_DIRECTORY_SERVICE_REQUIRED DS_WRITABLE_REQUIRED DS_IS_DNS_NAME DS_RETURN_DNS_NAMEdsgetdcname_rediscoverads_dns_lookup_srv: 2 records returned in the answer section.ads_dns_parse_rr_srv: Parsed hera.<example.com[6]> [0, 100, 389]ads_dns_parse_rr_srv: Parsed zeus.<_example.com_> [0, 100, 389]LDAP ping to hera.<_example.com_> (10.0.0.3) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<_example.com_>' dns_domain : '<_example.com_>' pdc_dns_name : 'hera.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'HERA' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535)Adding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead)sitename_store: realm = [<EXAMPLE>], sitename = [Default-First-Site-Name], expire = [2085923199]Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE>, we already got itAdding cache entry with key=[DSGETDCNAME/DOMAIN/<EXAMPLE.COM[3]>] and timeout=[do mei 26 08:31:50 2016 CEST] (900 seconds ahead)sitename_store: realm = [<example.com[6]>], sitename = [Default-First-Site-Name], expire = [2085923199]Did not store value for AD_SITENAME/DOMAIN/<EXAMPLE.COM[3]>, we already got itcreate_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf..JOIN, realm = <_EXAMPLE.COM_>, domain = .JOINsaf_fetch: failed to find server for "<_EXAMPLE.COM_>" domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking up <_EXAMPLE.COM_>#dcdc (sitename Default-First-Site-Name)resolve_ads: Attempting to resolve KDCs for <_EXAMPLE.COM_> using DNSads_dns_lookup_srv: 2 records returned in the answer section.ads_dns_parse_rr_srv: Parsed hera.<example.com[6]> [0, 100, 88]ads_dns_parse_rr_srv: Parsed zeus.<_example.com_> [0, 100, 88]remove_duplicate_addrs2: looking for duplicate address/port pairsinternal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88[7] <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88[8] EXAMPLE.COM[3]> server <hera_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <hera_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.3check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.2remove_duplicate_addrs2: looking for duplicate address/port pairsget_dc_list: returning 6 ip addresses in an ordered listget_dc_list: 10.0.0.3:88[7] 10.0.0.2:88[8] <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88got 6 addresses from site Default-First-Site-Name searchsaf_fetch: failed to find server for "<EXAMPLE.COM[3]>" domainget_dc_list: preferred server list: ", *"internal_resolve_name: looking up <_EXAMPLE.COM_>#dcdc (sitename (null))resolve_ads: Attempting to resolve KDCs for <_EXAMPLE.COM_> using DNSads_dns_lookup_srv: 2 records returned in the answer section.ads_dns_parse_rr_srv: Parsed hera.<example.com[6]> [0, 100, 88]ads_dns_parse_rr_srv: Parsed zeus.<_example.com_> [0, 100, 88]remove_duplicate_addrs2: looking for duplicate address/port pairsinternal_resolve_name: returning 6 addresses: <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 10.0.0.3:88[7] <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88 10.0.0.2:88[8] EXAMPLE.COM[3]> server <hera_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <hera_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.3check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#1>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server <zeus_ipv6_#2>check_negative_conn_cache returning result 0 for domain <_EXAMPLE.COM_> server 10.0.0.2remove_duplicate_addrs2: looking for duplicate address/port pairsget_dc_list: returning 6 ip addresses in an ordered listget_dc_list: 10.0.0.3:88[7] 10.0.0.2:88[8] <hera_ipv6_#1>:88 <hera_ipv6_#2>:88 <zeus_ipv6_#1>:88 <zeus_ipv6_#2>:88got 6 addresses from site-less search5 additional KDCs to test &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<example.com[6]>' dns_domain : '<_example.com_>' pdc_dns_name : 'zeus.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'ZEUS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<_example.com_>' dns_domain : '<_example.com_>' pdc_dns_name : 'hera.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'HERA' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000013fc (5116) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 1: NBT_SERVER_WRITABLE 1: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 0: NBT_SERVER_SELECT_SECRET_DOMAIN_6 1: NBT_SERVER_FULL_SECRET_DOMAIN_6 0: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_DS_8 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : 0a010b9d-11fb-451e-a979-daff97fca593 forest : '<_example.com_>' dns_domain : '<_example.com_>' pdc_dns_name : 'zeus.<_example.com_>' domain_name : '<EXAMPLE>' pdc_name : 'ZEUS' user_name : '' server_site : 'Default-First-Site-Name' client_site : 'Default-First-Site-Name' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535)get_kdc_ip_string: Returning kdc = 10.0.0.3 kdc = 10.0.0.2 kdc = [<hera_ipv6_#1>]:88 kdc = [<zeus_ipv6_#1>]:88 create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf..JOIN with realm <EXAMPLE.COM[3]> KDC list = kdc = 10.0.0.3 kdc = 10.0.0.2 kdc = [<hera_ipv6_#1>]:88 kdc = [<zeus_ipv6_#1>]:88 sitename_fetch: Returning sitename for <_EXAMPLE.COM_>: "Default-First-Site-Name"internal_resolve_name: looking up hera.<example.com[6]>#20 (sitename Default-First-Site-Name)Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM[3]>#20] and timeout=[do jan 1 01:00:00 1970 CET] (-1464243411 seconds in the past)no entry for hera.<example.com[6]>#20 found.resolve_hosts: Attempting host lookup for name hera.<_example.com_><0x20>remove_duplicate_addrs2: looking for duplicate address/port pairsnamecache_store: storing 3 addresses for hera.<_example.com_>#20: [<hera_ipv6_#1>],[<hera_ipv6_#2>],10.0.0.3Adding cache entry with key=[NBT/HERA.<EXAMPLE.COM[3]>#20] and timeout=[do mei 26 08:27:51 2016 CEST] (660 seconds ahead)internal_resolve_name: returning 3 addresses: <hera_ipv6_#1>:0 <hera_ipv6_#2>:0 10.0.0.3:0[9] example.com[6]>@<EXAMPLE.COM[3]>GENSEC backend 'gssapi_spnego' registeredGENSEC backend 'gssapi_krb5' registeredGENSEC backend 'gssapi_krb5_sasl' registeredGENSEC backend 'spnego' registeredGENSEC backend 'schannel' registeredGENSEC backend 'naclrpc_as_system' registeredGENSEC backend 'sasl-EXTERNAL' registeredGENSEC backend 'ntlmssp' registeredGENSEC backend 'ntlmssp_resume_ccache' registeredGENSEC backend 'http_basic' registeredGENSEC backend 'http_ntlm' registeredGENSEC backend 'krb5' registeredGENSEC backend 'fake_gssapi_krb5' registeredStarting GENSEC mechanism spnegoStarting GENSEC submechanism gse_krb5SPNEGO login failed: The object name is not found.libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to lookup DC info for domain '<_EXAMPLE.COM_>' over rpc: The object name is not found.' domain_is_ad : 0x00 (0) set_encryption_types : 0x00000000 (0) result : WERR_BADFILEreturn code = -1msg_dgm_ref_destructor: refs=(nil) HERA smb.conf:[global] workgroup = SPEELMANROBBEN realm = speelmanrobben.nl[10] _speelmanrobben.nl_ 127.0.0.0/8[11], ::1/128, eth0, lo bind interfaces only = Yes server role = active directory domain controller map to guest = Bad User private dir = /var/lib/samba/private pam password change = Yes unix password sync = Yes syslog = 0 log file = /var/log/samba/log.samba max log size = 1000 logon path = domain logons = Yes preferred master = Yes domain master = Yes dns proxy = No lock directory = /var/lib/samba/ state directory = /var/lib/samba/state cache directory = /var/cache/samba usershare allow guests = Yes panic action = /usr/share/samba/panic-action %d server services = s3fs, rpc, nbt, wrepl, ldap, cldap, kdc, drepl, winbind, ntp_signd, kcc, dnsupdate idmap_ldb:use rfc2307 = yes idmap config * : backend = tdb invalid users = root admin users = administrator tls enabled = yes tls keyfile = tls/sambakey.pem tls certfile = tls/zeus.<example.com[6]>.crt tls cafile = /etc/ssl/certs/cacert.pem [netlogon] comment = Network Logon Service path = /mnt/netlogon read only = No guest ok = Yes [sysvol] comment = System Volume path = /var/lib/samba/state/sysvol read only = No guest ok = Yes --To unsubscribe from this list go to the following URL and read theinstructions: https://lists.samba.org/mailman/options/samba[12] root at hestia:~# ping -c4 zeus.<example.com> PING zeus.<example.com>(zeus.<example.com> (<zeus_ipv6>)) 56 data bytes 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=1 ttl=255 time=0.255 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=2 ttl=255 time=0.470 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=3 ttl=255 time=0.448 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=4 ttl=255 time=0.632 ms --- zeus.<example.com> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3000ms rtt min/avg/max/mdev = 0.255/0.451/0.632/0.134 ms root at hestia:~# ping -c4 hera.<example.com> PING hera.<example.com>(hera.<example.com> (<hera_ipv6>)) 56 data bytes 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=1 ttl=255 time=0.295 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=2 ttl=255 time=0.513 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=3 ttl=255 time=0.423 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=4 ttl=255 time=0.414 ms --- <zeus_ipv6> ping statistics --- 7 packets transmitted, 7 received, 0% packet loss, time 5999ms rtt min/avg/max/mdev = 0.273/0.418/0.572/0.089 ms root at hestia:~# ping -c4 <zeus_ipv6> PING <zeus_ipv6>(<zeus_ipv6>) 56 data bytes 64 bytes from <zeus_ipv6>: icmp_seq=1 ttl=255 time=0.442 ms 64 bytes from <zeus_ipv6>: icmp_seq=2 ttl=255 time=0.435 ms 64 bytes from <zeus_ipv6>: icmp_seq=3 ttl=255 time=0.434 ms 64 bytes from <zeus_ipv6>: icmp_seq=4 ttl=255 time=0.426 ms --- <zeus_ipv6> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.426/0.434/0.442/0.015 ms root at hestia:~# ping -c4 <hera_ipv6> PING <hera_ipv6>(<hera_ipv6>) 56 data bytes 64 bytes from <hera_ipv6>: icmp_seq=1 ttl=255 time=0.301 ms 64 bytes from <hera_ipv6>: icmp_seq=2 ttl=255 time=0.441 ms 64 bytes from <hera_ipv6>: icmp_seq=3 ttl=255 time=0.334 ms 64 bytes from <hera_ipv6>: icmp_seq=4 ttl=255 time=0.458 ms --- <hera_ipv6> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2997ms rtt min/avg/max/mdev = 0.301/0.383/0.458/0.070 ms root at hestia:~# ping -c4 zeus PING zeus(zeus.<example.com> (<zeus_ipv6>)) 56 data bytes 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=1 ttl=255 time=0.443 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=2 ttl=255 time=0.443 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=3 ttl=255 time=0.405 ms 64 bytes from zeus.<example.com> (<zeus_ipv6>): icmp_seq=4 ttl=255 time=0.381 ms --- zeus ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2999ms rtt min/avg/max/mdev = 0.381/0.418/0.443/0.026 ms root at hestia:~# ping -c4 hera PING hera(hera.<example.com> (<hera_ipv6>)) 56 data bytes 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=1 ttl=255 time=0.263 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=2 ttl=255 time=0.549 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=3 ttl=255 time=0.370 ms 64 bytes from hera.<example.com> (<hera_ipv6>): icmp_seq=4 ttl=255 time=0.422 ms --- hera ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.263/0.401/0.549/0.102 ms root at hestia:~# ping -c4 -4 hera PING hera.<example.com> (10.0.0.3) 56(84) bytes of data. 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=1 ttl=64 time=0.291 ms 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=2 ttl=64 time=0.524 ms 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=3 ttl=64 time=0.451 ms 64 bytes from hera.<example.com> (10.0.0.3): icmp_seq=4 ttl=64 time=0.477 ms --- hera.<example.com> ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3001ms rtt min/avg/max/mdev = 0.291/0.435/0.524/0.091 ms root at hestia:~# ping -c4 -4 zeus PING zeus.<example.com> (10.0.0.2) 56(84) bytes of data. 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=1 ttl=64 time=0.300 ms 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=2 ttl=64 time=0.396 ms 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=3 ttl=64 time=0.469 ms 64 bytes from zeus.<example.com> (10.0.0.2): icmp_seq=4 ttl=64 time=0.461 ms -------- [1] http://server.example.com [2] mailto:nico at speelmanrobben.nl [3] http://EXAMPLE.COM [4] http://10.0.0.2:135 [5] http://127.0.0.1:135 [6] http://example.com [7] http://10.0.0.3:88 [8] http://10.0.0.2:88 [9] http://10.0.0.3:0 [10] http://speelmanrobben.nl [11] http://127.0.0.0/8 [12] https://lists.samba.org/mailman/options/samba
Possibly Parallel Threads
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- Failed to join domain: failed to lookup DC info for domain '<EXAMPLE.COM>' over rpc: The object name is not found.
- Samba AD member lost domain join after reboot
- Using net ads user to get child domain users on Samba 4.10.7