unable to join to a Samba4 domain
in [Samba]
|
From: Tomasz Chmielewski on 25 May 2010 07:20 Am 25.05.2010 12:24, Tomasz Chmielewski wrote: > Am 25.05.2010 12:14, Tomasz Chmielewski wrote: >> Am 24.05.2010 21:47, Mike Leone wrote: >> >>>>> Tomasz, >>>>> How are you performing the join? >>>> >>>> The "normal way": my Computer-> Properties -> Domain... (is it possible >>>> to join a Windows PC differently)? >>> >>> You can join from the command line using the NETDOM utility. >> >> Right. >> Tried that as well, doesn't work for me. > > I'll try to build Samba4 from scratch. Didn't help with the newest git fetch and new setup - I'm still unable to join Windows 2008 to Samba4 domain. What more info should I provide? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Lukasz Zalewski on 25 May 2010 08:00 On 05/25/2010 12:13 PM, Tomasz Chmielewski wrote: > Am 25.05.2010 12:24, Tomasz Chmielewski wrote: >> Am 25.05.2010 12:14, Tomasz Chmielewski wrote: >>> Am 24.05.2010 21:47, Mike Leone wrote: >>> >>>>>> Tomasz, >>>>>> How are you performing the join? >>>>> >>>>> The "normal way": my Computer-> Properties -> Domain... (is it >>>>> possible >>>>> to join a Windows PC differently)? >>>> >>>> You can join from the command line using the NETDOM utility. >>> >>> Right. >>> Tried that as well, doesn't work for me. >> >> I'll try to build Samba4 from scratch. > > Didn't help with the newest git fetch and new setup - I'm still unable > to join Windows 2008 to Samba4 domain. > > What more info should I provide? > > The only way i can replicate your problem and get simmilar message, is by blocking access to port 389 both TCP and UDP on the samba4 host - it seems like enabling either (i.e. TCP or UDP) produces enter credentials dialog. Note that i have used Windows 7 rather than Srv2008 Regards Luk -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Tomasz Chmielewski on 25 May 2010 09:00 Am 25.05.2010 13:58, Lukasz Zalewski wrote: >> What more info should I provide? >> >> > > The only way i can replicate your problem and get simmilar message, is > by blocking access to port 389 both TCP and UDP on the samba4 host - it > seems like enabling either (i.e. TCP or UDP) produces enter credentials > dialog. Note that i have used Windows 7 rather than Srv2008 The only packets exchanged, from the moment I press "OK" button to when the error is shown, are: - DNS queries - LDAP queries (192.168.128.11 - Samba4; 192.168.128.12 - Windows 2008) So, nothing blocked on Samba4 side (and LDAP queries add some data to Samba debug log). 14:46:05.532923 arp who-has 192.168.128.11 tell 192.168.128.12 14:46:05.532961 arp reply 192.168.128.11 is-at d2:7d:af:e2:79:1a 14:46:05.534041 IP (tos 0x0, ttl 128, id 18659, offset 0, flags [none], proto UDP (17), length 88) 192.168.128.12.53283 > 192.168.128.11.53: 25540+[|domain] 14:46:05.534705 IP (tos 0x0, ttl 64, id 17706, offset 0, flags [none], proto UDP (17), length 174) 192.168.128.11.53 > 192.168.128.12.53283: 25540*[|domain] 14:46:05.538852 IP (tos 0x0, ttl 128, id 18660, offset 0, flags [none], proto UDP (17), length 162) 192.168.128.12.53284 > 192.168.128.11.389: UDP, length 134 14:46:05.545754 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 207) 192.168.128.11.389 > 192.168.128.12.53284: UDP, length 179 14:46:10.534732 arp who-has 192.168.128.12 tell 192.168.128.11 14:46:10.535963 arp reply 192.168.128.12 is-at 6a:7b:36:2f:08:24 14:46:13.029943 IP (tos 0x0, ttl 128, id 18661, offset 0, flags [none], proto UDP (17), length 162) 192.168.128.12.53285 > 192.168.128.11.389: UDP, length 134 14:46:13.033741 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 207) 192.168.128.11.389 > 192.168.128.12.53285: UDP, length 179 14:46:13.436515 IP (tos 0x0, ttl 128, id 18662, offset 0, flags [none], proto UDP (17), length 88) 192.168.128.12.61415 > 192.168.128.11.53: 38601+[|domain] 14:46:13.436904 IP (tos 0x0, ttl 64, id 17707, offset 0, flags [none], proto UDP (17), length 174) 192.168.128.11.53 > 192.168.128.12.61415: 38601*[|domain] -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Tomasz Chmielewski on 25 May 2010 09:10 Am 25.05.2010 14:50, Tomasz Chmielewski wrote: > Am 25.05.2010 13:58, Lukasz Zalewski wrote: > >>> What more info should I provide? >>> >>> >> >> The only way i can replicate your problem and get simmilar message, is >> by blocking access to port 389 both TCP and UDP on the samba4 host - it >> seems like enabling either (i.e. TCP or UDP) produces enter credentials >> dialog. Note that i have used Windows 7 rather than Srv2008 > > The only packets exchanged, from the moment I press "OK" button to when the error is shown, are: > > - DNS queries > - LDAP queries > > (192.168.128.11 - Samba4; 192.168.128.12 - Windows 2008) > > So, nothing blocked on Samba4 side (and LDAP queries add some data to Samba debug log). If I block LDAP on UDP, Windows does not send queries to LDAP on TCP. Is it the same for you? And indeed, the error message is the same whether 389/UDP is blocked or not. -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
From: Tomasz Chmielewski on 25 May 2010 09:20
Am 25.05.2010 15:08, Tomasz Chmielewski wrote: > And indeed, the error message is the same whether 389/UDP is blocked or > not. This is what I see produced by Samba4 when I try to join: # samba -i -M single -d 9 (...) dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:26 2010 CEST dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:31 2010 CEST cldap netlogon query domain=samba4.contact-web.de host=WIN2008 user=(null) version=22 guid=(null) gendb_search_v: CN=Sites,CN=Configuration,DC=samba4,DC=contact-web,DC=de (objectClass=site) -> 1 added interface ip=192.168.128.11 nmask=255.255.255.0 dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:36 2010 CEST cldap netlogon query domain=samba4.contact-web.de host=WIN2008 user=(null) version=22 guid=(null) gendb_search_v: CN=Sites,CN=Configuration,DC=samba4,DC=contact-web,DC=de (objectClass=site) -> 1 added interface ip=192.168.128.11 nmask=255.255.255.0 dreplsrv_notify_schedule(5) scheduled for: Tue May 25 15:15:41 2010 CEST Should I expect something else? -- Tomasz Chmielewski http://wpkg.org -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba |