[Samba] net ads testjoin failed but net rpc testjoin work
in [Samba]
|
Prev: [Samba] Server-Profile only applied when domain user gets Admin privileges on WinXP
Next: [Samba] NFS for SAMBA
From: Thierry Leurent on 21 Apr 2010 10:40 Hello, I have a very strange trouble with samba 3.0.33 when I integrate a Linux server in my Windows 2003 AD. I do : - kinit administartor, it's work. - klist, it's work too. - net join ads -U administrator, it's work. I hev the message that my computer has join the domain and I see the Linux in my Domain. - wbinfo -t give me "checking the trust secret via RPC calls succeeded". - wbinfo -u give me all the users of my domain. - wbinfo -g give me all the groups of my domain. - wbinfo -a NuteGunray%CatoNeimoida return "plaintext password authentication failed error code was NT_STATUS_NO_SUCH_USER (0xc0000064) error messsage was: No such user Could not authenticate user NuteGunray%CatoNeimoida with plaintext password challenge/response password authentication succeeded" It's normal ? Perhaps, I have "encrypt password = yes" in my smb.conf. But when I do net ads testjoin, I "have ads_connect: No logon servers Join to domain is not valid: No logon servers" With a Debug Level 3, I recieve this messages. [2010/04/21 14:36:21, 3] param/loadparm.c:lp_load(5069) lp_load: refreshing parameters [2010/04/21 14:36:21, 3] param/loadparm.c:init_globals(1440) Initialising global parameters [2010/04/21 14:36:21, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2010/04/21 14:36:21, 3] param/loadparm.c:do_section(3808) Processing section "[global]" [2010/04/21 14:36:21, 2] lib/interface.c:add_interface(81) added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0 [2010/04/21 14:36:21, 3] libsmb/namequery.c:get_dc_list(1495) get_dc_list: preferred server list: ", *" [2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 192.168.10.116 failed. [2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 192.168.10.110 failed. [2010/04/21 14:36:21, 1] libads/cldap.c:recv_cldap_netlogon(247) Failed to parse cldap reply [2010/04/21 14:36:21, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 192.168.50.75 failed. [2010/04/21 14:36:28, 1] libads/cldap.c:recv_cldap_netlogon(219) no reply received to cldap netlogon [2010/04/21 14:36:28, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 10.10.10.116 failed. [2010/04/21 14:36:35, 1] libads/cldap.c:recv_cldap_netlogon(219) no reply received to cldap netlogon [2010/04/21 14:36:35, 3] libads/ldap.c:ads_try_connect(189) ads_try_connect: CLDAP request 10.10.10.110 failed. [2010/04/21 14:36:35, 0] utils/net_ads.c:ads_startup_int(286) ads_connect: No logon servers Join to domain is not valid: No logon servers [2010/04/21 14:36:35, 2] utils/net.c:main(1075) return code = -1 I see the IP of : - My Linux Computer : 192.168.120.2 - My First DC general network : 192.168.10.110 - My First DC backup network : 10.10.10.110 - My Second DC general network : 192.168.10.116 - My Second DC backup network : 10.10.10.116 - My Third DC general network : 192.168.50.75 (this don't have a backup network). After reading lots of pages on Google, I try a net rpc testjoin -d3 [2010/04/21 15:09:25, 3] param/loadparm.c:lp_load(5069) lp_load: refreshing parameters [2010/04/21 15:09:25, 3] param/loadparm.c:init_globals(1440) Initialising global parameters [2010/04/21 15:09:25, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2010/04/21 15:09:25, 3] param/loadparm.c:do_section(3808) Processing section "[global]" [2010/04/21 15:09:25, 2] lib/interface.c:add_interface(81) added interface ip=192.168.120.2 bcast=192.168.255.255 nmask=255.255.0.0 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_start_connection(1563) Connecting to host=dc001 [2010/04/21 15:09:25, 3] lib/util_sock.c:open_socket_out(866) Connecting to 192.168.10.110 at port 445 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(805) Doing spnego session setup (blob length=119) [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 2 840 48018 1 2 2 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 2 840 113554 1 2 2 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 2 840 113554 1 2 2 3 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(832) got OID=1 3 6 1 4 1 311 2 2 10 [2010/04/21 15:09:25, 3] libsmb/cliconnect.c:cli_session_setup_spnego(840) got principal=dc001$@EMPIRE.LOCAL [2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1018) Got challenge flags: [2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x62898215 [2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:ntlmssp_client_challenge(1040) NTLMSSP: Set final flags: [2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 [2010/04/21 15:09:25, 3] libsmb/ntlmssp_sign.c:ntlmssp_sign_init(338) NTLMSSP Sign/Seal - Initialising with flags: [2010/04/21 15:09:25, 3] libsmb/ntlmssp.c:debug_ntlmssp_flags(63) Got NTLMSSP neg_flags=0x60088215 [2010/04/21 15:09:25, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine dc001 pipe \NETLOGON fnum 0xc00d bind request returned ok. [2010/04/21 15:09:25, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2082) rpc_pipe_bind: Remote machine dc001 pipe \NETLOGON fnum 0xc00e bind request returned ok. Join to 'EMPIRE' is OK [2010/04/21 15:09:25, 2] utils/net.c:main(1075) return code = 0 It's work !!!!!!! But why ? Thanks Thierry My krb5.conf [logging] default = FILE:/var/log/kerberos/krb5libs.log kdc = FILE:/var/log/kerberos/krb5kdc.log admin_server = FILE:/var/log/kerberos/kadmind.log [libdefaults] default_realm = EMPIRE.LOCAL dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h forwardable = yes [realms] EMPIRE.LOCAL = { kdc = dc001.empire.local admin_server = dc001.empire.local default_domain = empire.local } [domain_realm] .kerberos.server = EMPIRE.LOCAL .empire.local = EMPIRE.LOCAL My smb.conf # Global parameters [global] workgroup = empire server string = OPROD-POX netbios name = lsister-l preferred master = no # | Logs # ---------------------------------------------------- log level = 3 log file = /var/log/samba/%m.log #max log size = 50 # | Domain Integration # ----------------------------------------------------- security = ads realm = EMPIRE winbind enum users = yes winbind enum groups = yes winbind separator = + winbind nss info = rfc2307 encrypt passwords = yes socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 #socket options = TCP_NODELAY IPTOS_LOWDELAY IPTOS_THROUGHPUT SO_KEEPALIVE SO_RCVBUF=8192 SO_SNDBUF=8192 idmap uid = 10000-19999 idmap gid = 20000-29999 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |