Problem to join Win20900 ADS realm
in [Samba]
|
From: Javier Argentina on 3 Sep 2009 09:40 Some help, please? 2009/9/2, JAP <javier.debian.bb.ar(a)gmail.com>: > Dear samba team: > > I've some troubles to join a GNU/Linux Debian âsqueezeâ machine to a > Windows 2000 ADS realm. I've studied everything about samba, but this > problem cause that I cant print in the Windows servers and I've other > problems. > I've joined machines in this domain before ( I made a recipe at > http://wiki.debian.org/SAMBAclienteWindows) > But in the last days, I've a problem with the disk, and was necessary to > set up all the system again. > And it's impossible to me join the domain! > I'd tracked everything in the web about this problem, but I did not find > the solution. > Attaches all the information about the net / samba configuration and the > errors. > > Please, if you can help me. > > Javier > > ------------------------------------------------------------------------- > > My host: station91 > My user: win-user5 > My password: win-pass > My domain: company > My realm: local.company > My KDC administrative server: serverpdc1 > My KDC secondary server: serverbdc7 > > ------------------------------------------------------------------------- > > > # /etc/network/interfaces > # > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > # The loopback network interface > auto lo > iface lo inet loopback > > # LOCAL > allow-hotplug eth0 > auto eth0 > iface eth0 inet dhcp > post-up route del default gw 10.111.1.254 > post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0 > post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0 > post-up net time set -S serverpdc1 > > ------------------------------------------------------------------------- > > # /etc/krb5.conf > > [libdefaults] > default_realm = LOCAL.COMPANY > > # The following krb5.conf variables are only for MIT Kerberos. > krb4_config = /etc/krb.conf > krb4_realms = /etc/krb.realms > kdc_timesync = 1 > ccache_type = 4 > forwardable = true > proxiable = true > > [realms] > LOCAL.COMPANY = { > kdc = serverbdc7 > kdc = serverpdc1 > kdc = serverbdc2 > kdc = serverbdc5 > admin_server = serverpdc1 > } > > [domain_realm] > .local.company = LOCAL.COMPANY > local.company = LOCAL.COMPANY > > [login] > krb4_convert = true > krb4_get_tickets = false > > ------------------------------------------------------------------------- > > > # /etc/nsswitch.conf > # > # Example configuration of GNU Name Service Switch functionality. > # If you have the `glibc-doc-reference' and `info' packages installed, try: > # `info libc "Name Service Switch"' for information about this file. > > passwd: files winbind ldap > group: files winbind ldap > shadow: files > > hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4 > networks: files > > protocols: db files > services: db files > ethers: db files > rpc: db files > > netgroup: nis > > ------------------------------------------------------------------------- > > > # /etc/samba/smb.conf > # Samba config file created using SWAT > # from UNKNOWN (��t) > # Date: 2009/09/02 08:30:38 > > [global] > ldap ssl ads = Yes > idmap gid = 10000-20000 > passwd chat = *Enter\snew\s*\spassword:* %n\n > *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . > obey pam restrictions = Yes > browse list = No > dns proxy = No > idmap uid = 10000-20000 > local master = No > workgroup = COMPANY > os level = 0 > winbind refresh tickets = Yes > update encrypted = Yes > printcap name = cups > security = ADS > winbind separator = + > max log size = 1000 > lanman auth = Yes > log file = /var/log/samba/log.%m > include = /etc/samba/dhcp.conf > wins server = eth0:10.111.1.201 > auth methods = winbind, krb5, ldap, guest, sam > interfaces = eth0 > username map = /etc/samba/smbusers > domain master = No > winbind trusted domains only = yes > realm = LOCAL.COMPANY > winbind use default domain = Yes > server string = %h - Jefe Almacenaje (13-6922) > password server = serverbdc7, serverpdc1, * > unix password sync = Yes > template homedir = /home/%U > syslog = 0 > panic action = /usr/share/samba/panic-action %d > pam password change = Yes > > [homes] > comment = Home Directories > valid users = %S > create mask = 0700 > directory mask = 0700 > browseable = No > > [printers] > comment = All Printers > path = /var/spool/samba > create mask = 0700 > printable = Yes > browseable = No > > [print$] > comment = Printer Drivers > path = /var/lib/samba/printers > [homes] > comment = Home Directories > valid users = %S > create mask = 0700 > directory mask = 0700 > browseable = No > > ------------------------------------------------------------------------- > > > > station91:~# wbinfo -m --verbose > Domain Name DNS Domain Trust Type Transitive In Out > BUILTIN None Yes Yes Yes > IBPBW91 None Yes Yes Yes > COMPANY LOCAL.COMPANY None Yes Yes Yes > > ------------------------------------------------------------------------- > > > station91:~# wbinfo -u âverbose > (do nothing!!) > > ------------------------------------------------------------------------- > > > station91:~# wbinfo -g --verbose > BUILTIN+administrators > BUILTIN+users > > ------------------------------------------------------------------------- > > > station91:~# wbinfo -u --verbose -K win-user5%win-pass > plaintext kerberos password authentication for [win-user5%win-pass] > failed (requesting cctype: FILE) > error code was NT_STATUS_LOGON_FAILURE (0xc000006d) > error messsage was: Logon failure > Could not authenticate user [win-user5%win-pass] with Kerberos (ccache: > FILE) > > ------------------------------------------------------------------------- > > > station91:~# kinit win-user5 > Password for win-user5(a)LOCAL.COMPANY: > > station91:~# klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: win-user5(a)LOCAL.COMPANY > Valid starting Expires Service principal > 09/02/09 10:07:00 09/02/09 20:07:17 krbtgt/LOCAL.COMPANY(a)LOCAL.COMPANY > renew until 09/03/09 10:07:00 > > ------------------------------------------------------------------------- > > > station91:~# net rpc oldjoin -U win-user5%win-pass -S serverpdc1 -d 3 > > [2009/09/02 10:36:21, 3] param/loadparm.c:lp_load_ex(8818) > > lp_load_ex: refreshing parameters > > [2009/09/02 10:36:21, 3] param/loadparm.c:init_globals(4653) > > Initialising global parameters > > [2009/09/02 10:36:21, 3] param/params.c:pm_process(569) > > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2009/09/02 10:36:21, 3] param/loadparm.c:do_section(7481) > > Processing section "[global]" > > [2009/09/02 10:36:21, 3] param/params.c:pm_process(569) > > params.c:pm_process() - Processing configuration file > "/etc/samba/dhcp.conf" > [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340) > > added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0 > bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: > > > [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340) > added interface eth0 ip=10.111.1.192 bcast=10.111.1.255 > netmask=255.255.255.0 > [2009/09/02 10:36:21, 3] libsmb/cliconnect.c:cli_start_connection(1649) > Connecting to host=serverpdc1 > [2009/09/02 10:36:21, 3] lib/util_sock.c:open_socket_out(1400) > Connecting to 10.1.0.231 at port 445 > [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) > rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind > request returned ok. > [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) > rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind > request returned ok. > [2009/09/02 10:36:21, 3] > rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573) > rpccli_netlogon_set_trust_password: unable to setup creds > (NT_STATUS_ACCESS_DENIED)! > [2009/09/02 10:36:21, 1] utils/net_rpc.c:run_rpc_command(193) > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > Failed to join domain > [2009/09/02 10:36:21, 2] utils/net.c:main(770) > return code = -1 > > ------------------------------------------------------------------------- > > > station91:~# net ads join -U win-user5%win-pass -S serverpdc1 -d 3 > > [2009/09/02 10:38:12, 3] param/loadparm.c:lp_load_ex(8818) > > lp_load_ex: refreshing parameters > > [2009/09/02 10:38:12, 3] param/loadparm.c:init_globals(4653) > > Initialising global parameters > > [2009/09/02 10:38:12, 3] param/params.c:pm_process(569) > > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2009/09/02 10:38:12, 3] param/loadparm.c:do_section(7481) > > Processing section "[global]" > > [2009/09/02 10:38:12, 3] param/params.c:pm_process(569) > > params.c:pm_process() - Processing configuration file > "/etc/samba/dhcp.conf" > [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340) > > added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0 > bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: > > > [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340) > > added interface eth0 ip=10.111.1.192 bcast=10.111.1.255 > netmask=255.255.255.0 > [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1871) > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > > in: struct libnet_JoinCtx > > dc_name : 'serverpdc1' > > machine_name : 'IBPBW91' > > domain_name : * > > domain_name : 'LOCAL.COMPANY' > > account_ou : NULL > > admin_account : 'win-user5' > > admin_password : * > > machine_password : NULL > > join_flags : 0x00000023 (35) > > 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME > > 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT > > 0: WKSSVC_JOIN_FLAGS_DEFER_SPN > > 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED > > 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE > > 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED > > 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE > > 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE > > 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE > > 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE > > os_version : NULL > > os_name : NULL > > create_upn : 0x00 (0) > > upn : NULL > > modify_config : 0x00 (0) > > ads : NULL > > debug : 0x01 (1) > > use_kerberos : 0x00 (0) > > secure_channel_type : SEC_CHAN_WKSTA (2) > > [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_start_connection(1649) > > Connecting to host=serverpdc1 > > [2009/09/02 10:38:12, 3] lib/util_sock.c:open_socket_out(1400) > > Connecting to 10.1.0.231 at port 445 > > [2009/09/02 10:38:12, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(823) > > Doing spnego session setup (blob length=108) > > [2009/09/02 10:38:12, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 2 840 48018 1 2 2 > > [2009/09/02 10:38:12, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 2 840 113554 1 2 2 > > [2009/09/02 10:38:12, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 2 840 113554 1 2 2 3 > > [2009/09/02 10:38:12, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 3 6 1 4 1 311 2 2 10 > > [2009/09/02 10:38:12, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(858) > > got principal=serverpdc1$@LOCAL.COMPANY > > [2009/09/02 10:38:12, 3] > libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) > > Got challenge flags: > > [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > Got NTLMSSP neg_flags=0x62898215 > > [2009/09/02 10:38:12, 3] > libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) > > NTLMSSP: Set final flags: > > [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > Got NTLMSSP neg_flags=0x60088215 > > [2009/09/02 10:38:12, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > > NTLMSSP Sign/Seal - Initialising with flags: > > [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > Got NTLMSSP neg_flags=0x60088215 > > [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_session_setup(1055) > > SPNEGO login failed: Logon failure > > [2009/09/02 10:38:12, 1] libsmb/cliconnect.c:cli_full_connection(1754) > > failed session setup with NT_STATUS_LOGON_FAILURE > > [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1902) > > libnet_Join: > > libnet_JoinCtx: struct libnet_JoinCtx > out: struct libnet_JoinCtx > account_name : NULL > netbios_domain_name : NULL > dns_domain_name : NULL > forest_name : NULL > dn : NULL > domain_sid : NULL > domain_sid : (NULL SID) > modified_config : 0x00 (0) > error_string : 'failed to lookup DC info for > domain 'LOCAL.COMPANY' over rpc: Logon failure' > domain_is_ad : 0x00 (0) > result : WERR_LOGON_FAILURE > Failed to join domain: failed to lookup DC info for domain > 'LOCAL.COMPANY' over rpc: Logon failure > [2009/09/02 10:38:12, 2] utils/net.c:main(770) > return code = -1 > > > ------------------------------------------------------------------------- > > > station91:~# net rpc join -U win-user5%win-pass -S serverpdc1 -d 3 > [2009/09/02 10:40:30, 3] param/loadparm.c:lp_load_ex(8818) > lp_load_ex: refreshing parameters > [2009/09/02 10:40:30, 3] param/loadparm.c:init_globals(4653) > Initialising global parameters > [2009/09/02 10:40:30, 3] param/params.c:pm_process(569) > params.c:pm_process() - Processing configuration file > "/etc/samba/smb.conf" > [2009/09/02 10:40:30, 3] param/loadparm.c:do_section(7481) > > Processing section "[global]" > > [2009/09/02 10:40:30, 3] param/params.c:pm_process(569) > > params.c:pm_process() - Processing configuration file > "/etc/samba/dhcp.conf" > [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340) > > added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0 > bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: > > > [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340) > > added interface eth0 ip=10.111.1.192 bcast=10.111.1.255 > netmask=255.255.255.0 > [2009/09/02 10:40:30, 3] libsmb/cliconnect.c:cli_start_connection(1649) > > Connecting to host=serverpdc1 > > [2009/09/02 10:40:30, 3] lib/util_sock.c:open_socket_out(1400) > > Connecting to 10.1.0.231 at port 445 > > [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) > > rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind > request returned ok. > [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) > > rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind > request returned ok. > [2009/09/02 10:40:31, 3] > rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573) > > rpccli_netlogon_set_trust_password: unable to setup creds > (NT_STATUS_ACCESS_DENIED)! > [2009/09/02 10:40:31, 1] utils/net_rpc.c:run_rpc_command(193) > > rpc command function failed! (NT_STATUS_ACCESS_DENIED) > > [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_start_connection(1649) > > Connecting to host=serverpdc1 > > [2009/09/02 10:40:31, 3] lib/util_sock.c:open_socket_out(1400) > > Connecting to 10.1.0.231 at port 445 > > [2009/09/02 10:40:31, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(823) > > Doing spnego session setup (blob length=108) > > [2009/09/02 10:40:31, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 2 840 48018 1 2 2 > > [2009/09/02 10:40:31, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 2 840 113554 1 2 2 > > [2009/09/02 10:40:31, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 2 840 113554 1 2 2 3 > > [2009/09/02 10:40:31, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(850) > > got OID=1 3 6 1 4 1 311 2 2 10 > > [2009/09/02 10:40:31, 3] > libsmb/cliconnect.c:cli_session_setup_spnego(858) > > got principal=serverpdc1$@LOCAL.COMPANY > > [2009/09/02 10:40:31, 3] > libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) > > Got challenge flags: > > [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > > Got NTLMSSP neg_flags=0x62898215 > > [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) > NTLMSSP: Set final flags: > [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > [2009/09/02 10:40:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) > NTLMSSP Sign/Seal - Initialising with flags: > [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) > Got NTLMSSP neg_flags=0x60088215 > [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_session_setup(1055) > SPNEGO login failed: Logon failure > [2009/09/02 10:40:31, 1] libsmb/cliconnect.c:cli_full_connection(1754) > failed session setup with NT_STATUS_LOGON_FAILURE > Could not connect to server serverpdc1 > The username or password was not correct. > Connection failed: NT_STATUS_LOGON_FAILURE > [2009/09/02 10:40:31, 2] utils/net.c:main(770) > return code = 1 > > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: JAP on 7 Sep 2009 14:20 Javier Argentina escribió: Please, I need some help. Don't ignore me. > 2009/9/2, JAP <javier.debian.bb.ar(a)gmail.com>: >> Dear samba team: >> >> I've some troubles to join a GNU/Linux Debian âsqueezeâ machine to a >> Windows 2000 ADS realm. I've studied everything about samba, but this >> problem cause that I cant print in the Windows servers and I've other >> problems. >> I've joined machines in this domain before ( I made a recipe at >> http://wiki.debian.org/SAMBAclienteWindows) >> But in the last days, I've a problem with the disk, and was necessary to >> set up all the system again. >> And it's impossible to me join the domain! >> I'd tracked everything in the web about this problem, but I did not find >> the solution. >> Attaches all the information about the net / samba configuration and the >> errors. >> >> Please, if you can help me. >> >> Javier >> >> ------------------------------------------------------------------------- >> >> My host: station91 >> My user: win-user5 >> My password: win-pass >> My domain: company >> My realm: local.company >> My KDC administrative server: serverpdc1 >> My KDC secondary server: serverbdc7 >> >> ------------------------------------------------------------------------- >> >> >> # /etc/network/interfaces >> # >> # This file describes the network interfaces available on your system >> # and how to activate them. For more information, see interfaces(5). >> >> # The loopback network interface >> auto lo >> iface lo inet loopback >> >> # LOCAL >> allow-hotplug eth0 >> auto eth0 >> iface eth0 inet dhcp >> post-up route del default gw 10.111.1.254 >> post-up route del -net 10.111.1.0 netmask 255.255.255.0 dev eth0 >> post-up route add -net 10.0.0.0 netmask 255.0.0.0 dev eth0 >> post-up net time set -S serverpdc1 >> >> ------------------------------------------------------------------------- >> >> # /etc/krb5.conf >> >> [libdefaults] >> default_realm = LOCAL.COMPANY >> >> # The following krb5.conf variables are only for MIT Kerberos. >> krb4_config = /etc/krb.conf >> krb4_realms = /etc/krb.realms >> kdc_timesync = 1 >> ccache_type = 4 >> forwardable = true >> proxiable = true >> >> [realms] >> LOCAL.COMPANY = { >> kdc = serverbdc7 >> kdc = serverpdc1 >> kdc = serverbdc2 >> kdc = serverbdc5 >> admin_server = serverpdc1 >> } >> >> [domain_realm] >> .local.company = LOCAL.COMPANY >> local.company = LOCAL.COMPANY >> >> [login] >> krb4_convert = true >> krb4_get_tickets = false >> >> ------------------------------------------------------------------------- >> >> >> # /etc/nsswitch.conf >> # >> # Example configuration of GNU Name Service Switch functionality. >> # If you have the `glibc-doc-reference' and `info' packages installed, try: >> # `info libc "Name Service Switch"' for information about this file. >> >> passwd: files winbind ldap >> group: files winbind ldap >> shadow: files >> >> hosts: files wins mdns4_minimal [NOTFOUND=return] dns mdns4 >> networks: files >> >> protocols: db files >> services: db files >> ethers: db files >> rpc: db files >> >> netgroup: nis >> >> ------------------------------------------------------------------------- >> >> >> # /etc/samba/smb.conf >> # Samba config file created using SWAT >> # from UNKNOWN (��t) >> # Date: 2009/09/02 08:30:38 >> >> [global] >> ldap ssl ads = Yes >> idmap gid = 10000-20000 >> passwd chat = *Enter\snew\s*\spassword:* %n\n >> *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . >> obey pam restrictions = Yes >> browse list = No >> dns proxy = No >> idmap uid = 10000-20000 >> local master = No >> workgroup = COMPANY >> os level = 0 >> winbind refresh tickets = Yes >> update encrypted = Yes >> printcap name = cups >> security = ADS >> winbind separator = + >> max log size = 1000 >> lanman auth = Yes >> log file = /var/log/samba/log.%m >> include = /etc/samba/dhcp.conf >> wins server = eth0:10.111.1.201 >> auth methods = winbind, krb5, ldap, guest, sam >> interfaces = eth0 >> username map = /etc/samba/smbusers >> domain master = No >> winbind trusted domains only = yes >> realm = LOCAL.COMPANY >> winbind use default domain = Yes >> server string = %h - Jefe Almacenaje (13-6922) >> password server = serverbdc7, serverpdc1, * >> unix password sync = Yes >> template homedir = /home/%U >> syslog = 0 >> panic action = /usr/share/samba/panic-action %d >> pam password change = Yes >> >> [homes] >> comment = Home Directories >> valid users = %S >> create mask = 0700 >> directory mask = 0700 >> browseable = No >> >> [printers] >> comment = All Printers >> path = /var/spool/samba >> create mask = 0700 >> printable = Yes >> browseable = No >> >> [print$] >> comment = Printer Drivers >> path = /var/lib/samba/printers >> [homes] >> comment = Home Directories >> valid users = %S >> create mask = 0700 >> directory mask = 0700 >> browseable = No >> >> ------------------------------------------------------------------------- >> >> >> >> station91:~# wbinfo -m --verbose >> Domain Name DNS Domain Trust Type Transitive In Out >> BUILTIN None Yes Yes Yes >> IBPBW91 None Yes Yes Yes >> COMPANY LOCAL.COMPANY None Yes Yes Yes >> >> ------------------------------------------------------------------------- >> >> >> station91:~# wbinfo -u âverbose >> (do nothing!!) >> >> ------------------------------------------------------------------------- >> >> >> station91:~# wbinfo -g --verbose >> BUILTIN+administrators >> BUILTIN+users >> >> ------------------------------------------------------------------------- >> >> >> station91:~# wbinfo -u --verbose -K win-user5%win-pass >> plaintext kerberos password authentication for [win-user5%win-pass] >> failed (requesting cctype: FILE) >> error code was NT_STATUS_LOGON_FAILURE (0xc000006d) >> error messsage was: Logon failure >> Could not authenticate user [win-user5%win-pass] with Kerberos (ccache: >> FILE) >> >> ------------------------------------------------------------------------- >> >> >> station91:~# kinit win-user5 >> Password for win-user5(a)LOCAL.COMPANY: >> >> station91:~# klist >> Ticket cache: FILE:/tmp/krb5cc_0 >> Default principal: win-user5(a)LOCAL.COMPANY >> Valid starting Expires Service principal >> 09/02/09 10:07:00 09/02/09 20:07:17 krbtgt/LOCAL.COMPANY(a)LOCAL.COMPANY >> renew until 09/03/09 10:07:00 >> >> ------------------------------------------------------------------------- >> >> >> station91:~# net rpc oldjoin -U win-user5%win-pass -S serverpdc1 -d 3 >> >> [2009/09/02 10:36:21, 3] param/loadparm.c:lp_load_ex(8818) >> >> lp_load_ex: refreshing parameters >> >> [2009/09/02 10:36:21, 3] param/loadparm.c:init_globals(4653) >> >> Initialising global parameters >> >> [2009/09/02 10:36:21, 3] param/params.c:pm_process(569) >> >> params.c:pm_process() - Processing configuration file >> "/etc/samba/smb.conf" >> [2009/09/02 10:36:21, 3] param/loadparm.c:do_section(7481) >> >> Processing section "[global]" >> >> [2009/09/02 10:36:21, 3] param/params.c:pm_process(569) >> >> params.c:pm_process() - Processing configuration file >> "/etc/samba/dhcp.conf" >> [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340) >> >> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0 >> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >> >> >> [2009/09/02 10:36:21, 2] lib/interface.c:add_interface(340) >> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255 >> netmask=255.255.255.0 >> [2009/09/02 10:36:21, 3] libsmb/cliconnect.c:cli_start_connection(1649) >> Connecting to host=serverpdc1 >> [2009/09/02 10:36:21, 3] lib/util_sock.c:open_socket_out(1400) >> Connecting to 10.1.0.231 at port 445 >> [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) >> rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind >> request returned ok. >> [2009/09/02 10:36:21, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) >> rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind >> request returned ok. >> [2009/09/02 10:36:21, 3] >> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573) >> rpccli_netlogon_set_trust_password: unable to setup creds >> (NT_STATUS_ACCESS_DENIED)! >> [2009/09/02 10:36:21, 1] utils/net_rpc.c:run_rpc_command(193) >> rpc command function failed! (NT_STATUS_ACCESS_DENIED) >> Failed to join domain >> [2009/09/02 10:36:21, 2] utils/net.c:main(770) >> return code = -1 >> >> ------------------------------------------------------------------------- >> >> >> station91:~# net ads join -U win-user5%win-pass -S serverpdc1 -d 3 >> >> [2009/09/02 10:38:12, 3] param/loadparm.c:lp_load_ex(8818) >> >> lp_load_ex: refreshing parameters >> >> [2009/09/02 10:38:12, 3] param/loadparm.c:init_globals(4653) >> >> Initialising global parameters >> >> [2009/09/02 10:38:12, 3] param/params.c:pm_process(569) >> >> params.c:pm_process() - Processing configuration file >> "/etc/samba/smb.conf" >> [2009/09/02 10:38:12, 3] param/loadparm.c:do_section(7481) >> >> Processing section "[global]" >> >> [2009/09/02 10:38:12, 3] param/params.c:pm_process(569) >> >> params.c:pm_process() - Processing configuration file >> "/etc/samba/dhcp.conf" >> [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340) >> >> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0 >> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >> >> >> [2009/09/02 10:38:12, 2] lib/interface.c:add_interface(340) >> >> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255 >> netmask=255.255.255.0 >> [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1871) >> >> libnet_Join: >> >> libnet_JoinCtx: struct libnet_JoinCtx >> >> in: struct libnet_JoinCtx >> >> dc_name : 'serverpdc1' >> >> machine_name : 'IBPBW91' >> >> domain_name : * >> >> domain_name : 'LOCAL.COMPANY' >> >> account_ou : NULL >> >> admin_account : 'win-user5' >> >> admin_password : * >> >> machine_password : NULL >> >> join_flags : 0x00000023 (35) >> >> 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME >> >> 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT >> >> 0: WKSSVC_JOIN_FLAGS_DEFER_SPN >> >> 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED >> >> 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE >> >> 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED >> >> 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE >> >> 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE >> >> 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE >> >> 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE >> >> os_version : NULL >> >> os_name : NULL >> >> create_upn : 0x00 (0) >> >> upn : NULL >> >> modify_config : 0x00 (0) >> >> ads : NULL >> >> debug : 0x01 (1) >> >> use_kerberos : 0x00 (0) >> >> secure_channel_type : SEC_CHAN_WKSTA (2) >> >> [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_start_connection(1649) >> >> Connecting to host=serverpdc1 >> >> [2009/09/02 10:38:12, 3] lib/util_sock.c:open_socket_out(1400) >> >> Connecting to 10.1.0.231 at port 445 >> >> [2009/09/02 10:38:12, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(823) >> >> Doing spnego session setup (blob length=108) >> >> [2009/09/02 10:38:12, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 2 840 48018 1 2 2 >> >> [2009/09/02 10:38:12, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 2 840 113554 1 2 2 >> >> [2009/09/02 10:38:12, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 2 840 113554 1 2 2 3 >> >> [2009/09/02 10:38:12, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 3 6 1 4 1 311 2 2 10 >> >> [2009/09/02 10:38:12, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(858) >> >> got principal=serverpdc1$@LOCAL.COMPANY >> >> [2009/09/02 10:38:12, 3] >> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) >> >> Got challenge flags: >> >> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) >> >> Got NTLMSSP neg_flags=0x62898215 >> >> [2009/09/02 10:38:12, 3] >> libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) >> >> NTLMSSP: Set final flags: >> >> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) >> >> Got NTLMSSP neg_flags=0x60088215 >> >> [2009/09/02 10:38:12, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) >> >> NTLMSSP Sign/Seal - Initialising with flags: >> >> [2009/09/02 10:38:12, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) >> >> Got NTLMSSP neg_flags=0x60088215 >> >> [2009/09/02 10:38:12, 3] libsmb/cliconnect.c:cli_session_setup(1055) >> >> SPNEGO login failed: Logon failure >> >> [2009/09/02 10:38:12, 1] libsmb/cliconnect.c:cli_full_connection(1754) >> >> failed session setup with NT_STATUS_LOGON_FAILURE >> >> [2009/09/02 10:38:12, 1] libnet/libnet_join.c:libnet_Join(1902) >> >> libnet_Join: >> >> libnet_JoinCtx: struct libnet_JoinCtx >> out: struct libnet_JoinCtx >> account_name : NULL >> netbios_domain_name : NULL >> dns_domain_name : NULL >> forest_name : NULL >> dn : NULL >> domain_sid : NULL >> domain_sid : (NULL SID) >> modified_config : 0x00 (0) >> error_string : 'failed to lookup DC info for >> domain 'LOCAL.COMPANY' over rpc: Logon failure' >> domain_is_ad : 0x00 (0) >> result : WERR_LOGON_FAILURE >> Failed to join domain: failed to lookup DC info for domain >> 'LOCAL.COMPANY' over rpc: Logon failure >> [2009/09/02 10:38:12, 2] utils/net.c:main(770) >> return code = -1 >> >> >> ------------------------------------------------------------------------- >> >> >> station91:~# net rpc join -U win-user5%win-pass -S serverpdc1 -d 3 >> [2009/09/02 10:40:30, 3] param/loadparm.c:lp_load_ex(8818) >> lp_load_ex: refreshing parameters >> [2009/09/02 10:40:30, 3] param/loadparm.c:init_globals(4653) >> Initialising global parameters >> [2009/09/02 10:40:30, 3] param/params.c:pm_process(569) >> params.c:pm_process() - Processing configuration file >> "/etc/samba/smb.conf" >> [2009/09/02 10:40:30, 3] param/loadparm.c:do_section(7481) >> >> Processing section "[global]" >> >> [2009/09/02 10:40:30, 3] param/params.c:pm_process(569) >> >> params.c:pm_process() - Processing configuration file >> "/etc/samba/dhcp.conf" >> [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340) >> >> added interface eth0 ip=fe80::219:d1ff:fe97:92a7%eth0 >> bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: >> >> >> [2009/09/02 10:40:30, 2] lib/interface.c:add_interface(340) >> >> added interface eth0 ip=10.111.1.192 bcast=10.111.1.255 >> netmask=255.255.255.0 >> [2009/09/02 10:40:30, 3] libsmb/cliconnect.c:cli_start_connection(1649) >> >> Connecting to host=serverpdc1 >> >> [2009/09/02 10:40:30, 3] lib/util_sock.c:open_socket_out(1400) >> >> Connecting to 10.1.0.231 at port 445 >> >> [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) >> >> rpc_pipe_bind: host serverpdc1, pipe \lsarpc, fnum 0x4000 bind >> request returned ok. >> [2009/09/02 10:40:31, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2234) >> >> rpc_pipe_bind: host serverpdc1, pipe \NETLOGON, fnum 0x4001 bind >> request returned ok. >> [2009/09/02 10:40:31, 3] >> rpc_client/cli_netlogon.c:rpccli_netlogon_set_trust_password(573) >> >> rpccli_netlogon_set_trust_password: unable to setup creds >> (NT_STATUS_ACCESS_DENIED)! >> [2009/09/02 10:40:31, 1] utils/net_rpc.c:run_rpc_command(193) >> >> rpc command function failed! (NT_STATUS_ACCESS_DENIED) >> >> [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_start_connection(1649) >> >> Connecting to host=serverpdc1 >> >> [2009/09/02 10:40:31, 3] lib/util_sock.c:open_socket_out(1400) >> >> Connecting to 10.1.0.231 at port 445 >> >> [2009/09/02 10:40:31, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(823) >> >> Doing spnego session setup (blob length=108) >> >> [2009/09/02 10:40:31, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 2 840 48018 1 2 2 >> >> [2009/09/02 10:40:31, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 2 840 113554 1 2 2 >> >> [2009/09/02 10:40:31, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 2 840 113554 1 2 2 3 >> >> [2009/09/02 10:40:31, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(850) >> >> got OID=1 3 6 1 4 1 311 2 2 10 >> >> [2009/09/02 10:40:31, 3] >> libsmb/cliconnect.c:cli_session_setup_spnego(858) >> >> got principal=serverpdc1$@LOCAL.COMPANY >> >> [2009/09/02 10:40:31, 3] >> libsmb/ntlmssp.c:ntlmssp_client_challenge(1027) >> >> Got challenge flags: >> >> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) >> >> Got NTLMSSP neg_flags=0x62898215 >> >> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1049) >> NTLMSSP: Set final flags: >> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) >> Got NTLMSSP neg_flags=0x60088215 >> [2009/09/02 10:40:31, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(337) >> NTLMSSP Sign/Seal - Initialising with flags: >> [2009/09/02 10:40:31, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(62) >> Got NTLMSSP neg_flags=0x60088215 >> [2009/09/02 10:40:31, 3] libsmb/cliconnect.c:cli_session_setup(1055) >> SPNEGO login failed: Logon failure >> [2009/09/02 10:40:31, 1] libsmb/cliconnect.c:cli_full_connection(1754) >> failed session setup with NT_STATUS_LOGON_FAILURE >> Could not connect to server serverpdc1 >> The username or password was not correct. >> Connection failed: NT_STATUS_LOGON_FAILURE >> [2009/09/02 10:40:31, 2] utils/net.c:main(770) >> return code = 1 >> >> > -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
|
Pages: 1 Prev: Simple CIFS Linux permission Next: net rpc rights grant: NT_STATUS_ACCESS_DENIED |