Hi all.
I'm experiencing a little problem when I rename an already joined windows
machine. The rename operation is done in the traditional way "Computer
properties> advanced settings> Computer name> change" in a windows
7
Machine. The rename itself finishes successful, but when I check the
computer name in the ADUC, the old name is still displayed. Checking the
object attributes, I found 3 attributes referencing the old name "cn,
distiguishedName and name"
For testing purposes, I set up a new Samba AD DC in a lab enviroment with
the recomendations from Samba's Wiki. Here goes more information from this
lab:
Debian 9.4 with Samba 4.7.6
Instalation:
./configure
make -j4
make -j4 install
Provision:
/usr/local/samba/bin/samba-tool domain provision --server-role=dc
--use-rfc2307 --dns-backend=SAMBA_INTERNAL --realm=TESTE.NET --domain=TESTE
--adminpass='Passw0rd' --option="interfaces=lo ens32"
--option="bind
interfaces only=yes" --option="dns forwarder=200.129.XXX.YYY"
smb.conf:
# Global parameters
[global]
bind interfaces only = Yes
dns forwarder = 200.129.XXX.YYY
interfaces = lo ens32
netbios name = DC1
realm = TESTE.NET
server role = active directory domain controller
workgroup = TESTE
idmap_ldb:use rfc2307 = yes
log level = 5
[netlogon]
path = /usr/local/samba/var/locks/sysvol/teste.net/scripts
read only = No
[sysvol]
path = /usr/local/samba/var/locks/sysvol
read only = No
This is the log (raised to log level 5) in the moment of the rename
procedure:
[2018/04/03 15:36:49.604326, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:36:54.956206, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:36:54.956359, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:36:54.956500, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:36:54.956724, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.671239, 4]
../source4/lib/socket/interface.c:121(add_interface)
added interface lo ip=::1 bcastnetmask=ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
[2018/04/03 15:38:03.671301, 4]
../source4/lib/socket/interface.c:121(add_interface)
added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0
[2018/04/03 15:38:03.671317, 4]
../source4/lib/socket/interface.c:121(add_interface)
added interface ens32 ip=10.255.0.3 bcast=10.255.0.127
netmask=255.255.255.128
[2018/04/03 15:38:03.789317, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ Administrator at TESTE.NET from ipv4:10.255.1.104:63314
for cifs/dc1.teste.net at TESTE.NET [canonicalize, renewable, forwardable]
[2018/04/03 15:38:03.794378, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ authtime: 2018-04-03T15:36:16 starttime:
2018-04-03T15:38:03 endtime: 2018-04-04T01:36:16 renew till:
2018-04-10T15:36:16
[2018/04/03 15:38:03.795454, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.795512, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.797346, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ Administrator at TESTE.NET from ipv4:10.255.1.104:63315
for krbtgt/TESTE.NET at TESTE.NET [renewable-ok, canonicalize, renewable,
forwarded, forwardable]
[2018/04/03 15:38:03.800388, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ authtime: 2018-04-03T15:36:16 starttime:
2018-04-03T15:38:03 endtime: 2018-04-04T01:36:16 renew till:
2018-04-10T15:36:16
[2018/04/03 15:38:03.801419, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.801475, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.823029, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [DCE/RPC,ncacn_np] user [TESTE]\[Administrator]
[S-1-5-21-3073023332-2932986482-1183422282-500] at [Tue, 03 Apr 2018
15:38:03.823015 -03] Remote host [ipv4:10.255.1.104:63313] local host [ipv4:
10.255.0.3:445]
[2018/04/03 15:38:03.823097, 4] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp":
"2018-04-03T15:38:03.823066-0300",
"type": "Authorization", "Authorization":
{"version": {"major": 1, "minor":
0}, "localAddress": "ipv4:10.255.0.3:445",
"remoteAddress": "ipv4:
10.255.1.104:63313", "serviceDescription": "DCE/RPC",
"authType":
"ncacn_np", "domain": "TESTE",
"account": "Administrator", "sid":
"S-1-5-21-3073023332-2932986482-1183422282-500",
"logonServer": "DC1",
"transportProtection": "SMB", "accountFlags":
"0x00000010"}}
[2018/04/03 15:38:03.823121, 3]
../auth/auth_log.c:139(get_auth_event_server)
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/04/03 15:38:03.828750, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.828843, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.831941, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [DCE/RPC,ncacn_np] user [TESTE]\[Administrator]
[S-1-5-21-3073023332-2932986482-1183422282-500] at [Tue, 03 Apr 2018
15:38:03.831928 -03] Remote host [ipv4:10.255.1.104:63313] local host [ipv4:
10.255.0.3:445]
[2018/04/03 15:38:03.832033, 4] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp":
"2018-04-03T15:38:03.831996-0300",
"type": "Authorization", "Authorization":
{"version": {"major": 1, "minor":
0}, "localAddress": "ipv4:10.255.0.3:445",
"remoteAddress": "ipv4:
10.255.1.104:63313", "serviceDescription": "DCE/RPC",
"authType":
"ncacn_np", "domain": "TESTE",
"account": "Administrator", "sid":
"S-1-5-21-3073023332-2932986482-1183422282-500",
"logonServer": "DC1",
"transportProtection": "SMB", "accountFlags":
"0x00000010"}}
[2018/04/03 15:38:03.832059, 3]
../auth/auth_log.c:139(get_auth_event_server)
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/04/03 15:38:03.859251, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.859335, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.861561, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [DCE/RPC,ncacn_np] user [TESTE]\[Administrator]
[S-1-5-21-3073023332-2932986482-1183422282-500] at [Tue, 03 Apr 2018
15:38:03.861547 -03] Remote host [ipv4:10.255.1.104:63313] local host [ipv4:
10.255.0.3:445]
[2018/04/03 15:38:03.861611, 4] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp":
"2018-04-03T15:38:03.861588-0300",
"type": "Authorization", "Authorization":
{"version": {"major": 1, "minor":
0}, "localAddress": "ipv4:10.255.0.3:445",
"remoteAddress": "ipv4:
10.255.1.104:63313", "serviceDescription": "DCE/RPC",
"authType":
"ncacn_np", "domain": "TESTE",
"account": "Administrator", "sid":
"S-1-5-21-3073023332-2932986482-1183422282-500",
"logonServer": "DC1",
"transportProtection": "SMB", "accountFlags":
"0x00000010"}}
[2018/04/03 15:38:03.861634, 3]
../auth/auth_log.c:139(get_auth_event_server)
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/04/03 15:38:03.873663, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.873746, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.875907, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [DCE/RPC,ncacn_np] user [TESTE]\[Administrator]
[S-1-5-21-3073023332-2932986482-1183422282-500] at [Tue, 03 Apr 2018
15:38:03.875894 -03] Remote host [ipv4:10.255.1.104:63313] local host [ipv4:
10.255.0.3:445]
[2018/04/03 15:38:03.875967, 4] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp":
"2018-04-03T15:38:03.875939-0300",
"type": "Authorization", "Authorization":
{"version": {"major": 1, "minor":
0}, "localAddress": "ipv4:10.255.0.3:445",
"remoteAddress": "ipv4:
10.255.1.104:63313", "serviceDescription": "DCE/RPC",
"authType":
"ncacn_np", "domain": "TESTE",
"account": "Administrator", "sid":
"S-1-5-21-3073023332-2932986482-1183422282-500",
"logonServer": "DC1",
"transportProtection": "SMB", "accountFlags":
"0x00000010"}}
[2018/04/03 15:38:03.875994, 3]
../auth/auth_log.c:139(get_auth_event_server)
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/04/03 15:38:03.896389, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'dcesrv: NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.896471, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[dcesrv: NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.901272, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ Administrator at TESTE.NET from ipv4:10.255.1.104:63317
for ldap/dc1.teste.net at TESTE.NET [canonicalize, renewable, forwardable]
[2018/04/03 15:38:03.902576, 3]
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2018/04/03 15:38:03.905782, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ authtime: 2018-04-03T15:36:16 starttime:
2018-04-03T15:38:03 endtime: 2018-04-04T01:36:16 renew till:
2018-04-10T15:36:16
[2018/04/03 15:38:03.906829, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.906886, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.907762, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2018/04/03 15:38:03.907852, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gssapi_krb5
[2018/04/03 15:38:03.909414, 5]
../source4/auth/gensec/gensec_gssapi.c:670(gensec_gssapi_update_internal)
gensec_gssapi: NO credentials were delegated
[2018/04/03 15:38:03.909444, 5]
../source4/auth/gensec/gensec_gssapi.c:687(gensec_gssapi_update_internal)
GSSAPI Connection will be cryptographically signed
[2018/04/03 15:38:03.914590, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [LDAP,krb5] user [TESTE]\[Administrator]
[S-1-5-21-3073023332-2932986482-1183422282-500] at [Tue, 03 Apr 2018
15:38:03.914575 -03] Remote host [ipv4:10.255.1.104:63316] local host [ipv4:
10.255.0.3:389]
[2018/04/03 15:38:03.914732, 4] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp":
"2018-04-03T15:38:03.914645-0300",
"type": "Authorization", "Authorization":
{"version": {"major": 1, "minor":
0}, "localAddress": "ipv4:10.255.0.3:389",
"remoteAddress": "ipv4:
10.255.1.104:63316", "serviceDescription": "LDAP",
"authType": "krb5",
"domain": "TESTE", "account":
"Administrator", "sid":
"S-1-5-21-3073023332-2932986482-1183422282-500",
"logonServer": "DC1",
"transportProtection": "SIGN", "accountFlags":
"0x00000010"}}
[2018/04/03 15:38:03.914761, 3]
../auth/auth_log.c:139(get_auth_event_server)
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/04/03 15:38:03.920155, 5]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [DCE/RPC,ncacn_ip_tcp] user [NT AUTHORITY]\[ANONYMOUS
LOGON] [S-1-5-7] at [Tue, 03 Apr 2018 15:38:03.920142 -03] Remote host
[ipv4:10.255.1.104:63318] local host [ipv4:10.255.0.3:135]
[2018/04/03 15:38:03.920214, 5] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp":
"2018-04-03T15:38:03.920188-0300",
"type": "Authorization", "Authorization":
{"version": {"major": 1, "minor":
0}, "localAddress": "ipv4:10.255.0.3:135",
"remoteAddress": "ipv4:
10.255.1.104:63318", "serviceDescription": "DCE/RPC",
"authType":
"ncacn_ip_tcp", "domain": "NT AUTHORITY",
"account": "ANONYMOUS LOGON",
"sid": "S-1-5-7", "logonServer": "DC1",
"transportProtection": "NONE",
"accountFlags": "0x00000010"}}
[2018/04/03 15:38:03.920237, 3]
../auth/auth_log.c:139(get_auth_event_server)
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/04/03 15:38:03.925671, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ Administrator at TESTE.NET from ipv4:10.255.1.104:63320
for LDAP/DC1 at TESTE.NET [canonicalize, renewable, forwardable]
[2018/04/03 15:38:03.930133, 3]
../source4/auth/kerberos/krb5_init_context.c:80(smb_krb5_debug_wrapper)
Kerberos: TGS-REQ authtime: 2018-04-03T15:36:16 starttime:
2018-04-03T15:38:03 endtime: 2018-04-04T01:36:16 renew till:
2018-04-10T15:36:16
[2018/04/03 15:38:03.931084, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED'
[2018/04/03 15:38:03.931139, 3]
../source4/smbd/process_single.c:114(single_terminate)
single_terminate: reason[kdc_tcp_call_loop: tstream_read_pdu_blob_recv()
- NT_STATUS_CONNECTION_DISCONNECTED]
[2018/04/03 15:38:03.932092, 3]
../lib/ldb-samba/ldb_wrap.c:326(ldb_wrap_connect)
ldb_wrap open of secrets.ldb
[2018/04/03 15:38:03.932348, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC mechanism spnego
[2018/04/03 15:38:03.932426, 5]
../auth/gensec/gensec_start.c:739(gensec_start_mech)
Starting GENSEC submechanism gssapi_krb5
[2018/04/03 15:38:03.933985, 5]
../source4/auth/gensec/gensec_gssapi.c:670(gensec_gssapi_update_internal)
gensec_gssapi: NO credentials were delegated
[2018/04/03 15:38:03.934014, 5]
../source4/auth/gensec/gensec_gssapi.c:685(gensec_gssapi_update_internal)
GSSAPI Connection will be cryptographically sealed
[2018/04/03 15:38:03.938272, 4]
../auth/auth_log.c:860(log_successful_authz_event_human_readable)
Successful AuthZ: [DCE/RPC,krb5] user [TESTE]\[Administrator]
[S-1-5-21-3073023332-2932986482-1183422282-500] at [Tue, 03 Apr 2018
15:38:03.938258 -03] Remote host [ipv4:10.255.1.104:63319] local host [ipv4:
10.255.0.3:49152]
[2018/04/03 15:38:03.938328, 4] ../auth/auth_log.c:220(log_json)
JSON Authorization: {"timestamp":
"2018-04-03T15:38:03.938303-0300",
"type": "Authorization", "Authorization":
{"version": {"major": 1, "minor":
0}, "localAddress": "ipv4:10.255.0.3:49152",
"remoteAddress": "ipv4:
10.255.1.104:63319", "serviceDescription": "DCE/RPC",
"authType": "krb5",
"domain": "TESTE", "account":
"Administrator", "sid":
"S-1-5-21-3073023332-2932986482-1183422282-500",
"logonServer": "DC1",
"transportProtection": "SEAL", "accountFlags":
"0x00000010"}}
[2018/04/03 15:38:03.938351, 3]
../auth/auth_log.c:139(get_auth_event_server)
get_auth_event_server: Failed to find 'auth_event' registered on the
message bus to send JSON authentication events to:
NT_STATUS_OBJECT_NAME_NOT_FOUND
[2018/04/03 15:38:03.940021, 3]
../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:89(dcesrv_drsuapi_DsBind)
../source4/rpc_server/drsuapi/dcesrv_drsuapi.c:89: doing DsBind with
system_session
[2018/04/03 15:38:03.943375, 5]
../source4/ldap_server/ldap_backend.c:578(ldapsrv_SearchRequest)
ldb_request BASE dn=CN=WIN7-NET-01,CN=Computers,DC=teste,DC=net
filter=(ObjectClass=*)
[2018/04/03 15:38:03.953205, 3]
../source4/smbd/service_stream.c:65(stream_terminate_connection)
Terminating connection - 'ldapsrv_call_wait_done: call->wait_recv() -
NT_STATUS_LOCAL_DISCONNECT'
[2018/04/03 15:38:03.953309, 2]
../source4/smbd/process_standard.c:473(standard_terminate)
standard_terminate: reason[ldapsrv_call_wait_done: call->wait_recv() -
NT_STATUS_LOCAL_DISCONNECT]
[2018/04/03 15:38:03.957546, 2]
../source4/smbd/process_standard.c:157(standard_child_pipe_handler)
Child 1147 () exited with status 0
I noticed some NT_STATUS_OBJECT_NAME_NOT_FOUND errors in the log, but I had
no idea where to investigate.
Also had set up another lab enviroment with a Windows Server 2008 R2 Active
Directory and all attributes from the computer object has been changed.
Important to say that this "problem" is not causing any other
consequences
AFAIK. It's just visual from the ADUC point of view.
So, my question is if this is the expected behavior in Samba ADDC or there
is a alternative way for doing that.
Thanks for any clue!
Jeanderson Silva