Subject: winbind: Secure DNS update failed Package: winbind Version: 2:3.5.4~dfsg-1 Severity: normal
When I try to create/update a DNS record in Windows 2003 AD environment, net utility fails. "net ads join -U ad...@domain.local" command joins PC to domain sucsessfully, but reports "DNS update failed!" and isn't create DNS record. "net ads dns register -P" and "net ads dns register -U admin" also fails with same message. It seens some encryption methons has broken in Kerveros v1.8, so user "Khaled" wrote in samba mail list: >>I've run into a problem regarding the DNS update while joining a >>domain. The joining of the domain worked but the domain update >>(enabled with --with-dnsupdate) did not. I could solve the issue by >>compiling Samba with older Kerberos libs (1.6.3). I know that Kerberos >>1.8 disables DES by default and I can re-enable it >>allow_weak_crypto=true, however that did not work. I'd like to be able >>to use the standard krb5 libs however and thus my question: does >>anyone have any experience on what to do in this case? http://marc.info/?l=samba&m=127858039825277&w=2 I attach the debug ouput of "net ads dns register -P" to this message -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.31-ustas (SMP w/2 CPU cores) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages winbind depends on: ii adduser 3.111 add and remove users and groups ii libc6 2.11.1-2 Embedded GNU C Library: Shared lib ii libcap2 1:2.17-1 support for getting/setting POSIX. ii libcomerr2 1.41.11-1 common error description library ii libgssapi-krb5-2 1.8.1+dfsg-5 MIT Kerberos runtime libraries - k ii libk5crypto3 1.8.1+dfsg-5 MIT Kerberos runtime libraries - C ii libkrb5-3 1.8.1+dfsg-5 MIT Kerberos runtime libraries ii libldap-2.4-2 2.4.23-2 OpenLDAP libraries ii libpam0g 1.1.1-3 Pluggable Authentication Modules l ii libpopt0 1.16-1 lib for parsing cmdline parameters ii libtalloc2 2.0.3~git20100517-1 hierarchical pool based memory all ii libwbclient0 2:3.5.4~dfsg-1 Samba winbind client library ii lsb-base 3.2-23 Linux Standard Base 3.2 init scrip ii samba-common 2:3.5.4~dfsg-1 common files used by both the Samb ii zlib1g 1:1.2.3.3.dfsg-15 compression library - runtime winbind recommends no packages. winbind suggests no packages.
[2010/07/29 11:04:36, 5] lib/debug.c:407(debug_dump_status) INFO: Current debug levels: all: True/10 tdb: False/0 printdrivers: False/0 lanman: False/0 smb: False/0 rpc_parse: False/0 rpc_srv: False/0 rpc_cli: False/0 passdb: False/0 sam: False/0 auth: False/0 winbind: False/0 vfs: False/0 idmap: False/0 quota: False/0 acls: False/0 locking: False/0 msdfs: False/0 dmapi: False/0 registry: False/0 [2010/07/29 11:04:36, 3] param/loadparm.c:9039(lp_load_ex) lp_load_ex: refreshing parameters [2010/07/29 11:04:36, 3] param/loadparm.c:4848(init_globals) Initialising global parameters [2010/07/29 11:04:36, 2] param/loadparm.c:4707(max_open_files) rlimit_max: rlimit_max (1024) below minimum Windows limit (16384) [2010/07/29 11:04:36, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2010/07/29 11:04:36, 3] param/loadparm.c:7726(do_section) Processing section "[global]" doing parameter template homedir = /home/%D/%U doing parameter template shell = /bin/bash doing parameter netbios name = STR-IT-03 [2010/07/29 11:04:36, 4] param/loadparm.c:7088(handle_netbios_name) handle_netbios_name: set global_myname to: STR-IT-03 doing parameter workgroup = STRDOMAIN doing parameter realm = STRDOMAIN.LOCAL doing parameter security = ads doing parameter auth methods = winbind doing parameter syslog = 0 doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter preferred master = No doing parameter panic action = /usr/share/samba/panic-action %d doing parameter idmap uid = 10000-20000 doing parameter idmap gid = 10000-20000 doing parameter winbind separator = + doing parameter winbind enum users = Yes doing parameter winbind enum groups = Yes doing parameter winbind use default domain = Yes doing parameter winbind offline logon = yes doing parameter winbind refresh tickets = yes doing parameter path = /var/spool/samba doing parameter debug level = 2 doing parameter unix extensions = No [2010/07/29 11:04:36, 4] param/loadparm.c:9074(lp_load_ex) pm_process() returned Yes [2010/07/29 11:04:36, 7] param/loadparm.c:9279(lp_servicenumber) lp_servicenumber: couldn't find homes [2010/07/29 11:04:36, 10] param/loadparm.c:8287(set_server_role) set_server_role: role = ROLE_DOMAIN_MEMBER [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UCS-2LE [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset UCS-2LE [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF-16LE [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF-16LE [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UCS-2BE [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset UCS-2BE [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF-16BE [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF-16BE [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF8 [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF8 [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UTF-8 [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset UTF-8 [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset ASCII [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset ASCII [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset 646 [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset 646 [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset ISO-8859-1 [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset ISO-8859-1 [2010/07/29 11:04:36, 5] lib/iconv.c:104(smb_register_charset) Attempting to register new charset UCS2-HEX [2010/07/29 11:04:36, 5] lib/iconv.c:112(smb_register_charset) Registered charset UCS2-HEX [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/util.c:266(init_names) Netbios name list:- my_netbios_names[0]="STR-IT-03" [2010/07/29 11:04:36, 2] lib/interface.c:340(add_interface) added interface virsw ip=fe80::222:15ff:fe05:bd49%virsw bcast=fe80::ffff:ffff:ffff:ffff%virsw netmask=ffff:ffff:ffff:ffff:: [2010/07/29 11:04:36, 2] lib/interface.c:340(add_interface) added interface virsw ip=192.168.33.64 bcast=192.168.33.255 netmask=255.255.255.0 [2010/07/29 11:04:36, 6] libads/ldap.c:346(ads_find_dc) ads_find_dc: (ldap) looking for realm 'STRDOMAIN.LOCAL' [2010/07/29 11:04:36, 5] lib/gencache.c:61(gencache_init) Opening cache file at /var/run/samba/gencache.tdb [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL, value = Default-First-Site, timeout = Tue Jan 19 06:14:07 2038 [2010/07/29 11:04:36, 5] libads/dns.c:817(sitename_fetch) sitename_fetch: Returning sitename for STRDOMAIN.LOCAL: "Default-First-Site" [2010/07/29 11:04:36, 4] libsmb/namequery_dc.c:73(ads_dc_name) ads_dc_name: domain=STRDOMAIN [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL, value = Default-First-Site, timeout = Tue Jan 19 06:14:07 2038 [2010/07/29 11:04:36, 5] libads/dns.c:817(sitename_fetch) sitename_fetch: Returning sitename for STRDOMAIN.LOCAL: "Default-First-Site" [2010/07/29 11:04:36, 6] libads/ldap.c:366(ads_find_dc) ads_find_dc: (cldap) looking for realm 'STRDOMAIN.LOCAL' [2010/07/29 11:04:36, 8] libsmb/namequery.c:2156(get_sorted_dc_list) get_sorted_dc_list: attempting lookup for name STRDOMAIN.LOCAL (sitename Default-First-Site) using [ads] [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = SAFJOIN/DOMAIN/STRDOMAIN.LOCAL couldn't be found [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = SAF/DOMAIN/STRDOMAIN.LOCAL, value = domain.strdomain.local, timeout = Thu Jul 29 11:19:22 2010 [2010/07/29 11:04:36, 5] libsmb/namequery.c:200(saf_fetch) saf_fetch: Returning "domain.strdomain.local" for "STRDOMAIN.LOCAL" domain [2010/07/29 11:04:36, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: "domain.strdomain.local, *" [2010/07/29 11:04:36, 10] libsmb/namequery.c:1506(internal_resolve_name) internal_resolve_name: looking up STRDOMAIN.LOCAL#1c (sitename Default-First-Site) [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = NBT/STRDOMAIN.LOCAL#1C, value = 192.168.33.2:389,192.168.33.4:389, timeout = Thu Jul 29 11:15:22 2010 [2010/07/29 11:04:36, 5] libsmb/namecache.c:212(namecache_fetch) name STRDOMAIN.LOCAL#1C found. [2010/07/29 11:04:36, 8] libsmb/namequery.c:1993(get_dc_list) Adding 2 DC's from auto lookup [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL, value = Default-First-Site, timeout = Tue Jan 19 06:14:07 2038 [2010/07/29 11:04:36, 5] libads/dns.c:817(sitename_fetch) sitename_fetch: Returning sitename for STRDOMAIN.LOCAL: "Default-First-Site" [2010/07/29 11:04:36, 10] libsmb/namequery.c:1506(internal_resolve_name) internal_resolve_name: looking up domain.strdomain.local#20 (sitename Default-First-Site) [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NBT/DOMAIN.STRDOMAIN.LOCAL#20 couldn't be found [2010/07/29 11:04:36, 5] libsmb/namecache.c:208(namecache_fetch) no entry for domain.strdomain.local#20 found. [2010/07/29 11:04:36, 3] libsmb/namequery.c:1225(resolve_lmhosts) resolve_lmhosts: Attempting lmhosts lookup for name domain.strdomain.local<0x20> [2010/07/29 11:04:36, 4] libsmb/namequery.c:839(startlmhosts) startlmhosts: Can't open lmhosts file /etc/samba/lmhosts. Error was Нет такого файла или каталога [2010/07/29 11:04:36, 3] libsmb/namequery.c:1089(resolve_wins) resolve_wins: Attempting wins lookup for name domain.strdomain.local<0x20> [2010/07/29 11:04:36, 3] libsmb/namequery.c:1093(resolve_wins) resolve_wins: WINS server resolution selected and no WINS servers listed. [2010/07/29 11:04:36, 3] libsmb/namequery.c:1307(resolve_hosts) resolve_hosts: Attempting host lookup for name domain.strdomain.local<0x20> [2010/07/29 11:04:36, 10] libsmb/namequery.c:583(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/07/29 11:04:36, 5] libsmb/namecache.c:122(namecache_store) namecache_store: storing 1 address for domain.strdomain.local#20: 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:131(gencache_set) Adding cache entry with key = NBT/DOMAIN.STRDOMAIN.LOCAL#20; value = 192.168.33.2:0 and timeout = Thu Jul 29 11:15:36 2010 (660 seconds ahead) [2010/07/29 11:04:36, 10] libsmb/namequery.c:1653(internal_resolve_name) internal_resolve_name: returning 1 addresses: 192.168.33.2:0 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.2 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.2 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.4 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.4 [2010/07/29 11:04:36, 10] libsmb/namequery.c:583(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/07/29 11:04:36, 4] libsmb/namequery.c:2105(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2010/07/29 11:04:36, 4] libsmb/namequery.c:2106(get_dc_list) get_dc_list: 192.168.33.2:389 192.168.33.4:389 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.2 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.2 [2010/07/29 11:04:36, 5] libads/ldap.c:203(ads_try_connect) ads_try_connect: sending CLDAP request to 192.168.33.2 (realm: STRDOMAIN.LOCAL) [2010/07/29 11:04:36, 10] libads/dns.c:778(sitename_store) sitename_store: realm = [STRDOMAIN], sitename = [Default-First-Site], expire = [2147483647] [2010/07/29 11:04:36, 10] lib/gencache.c:131(gencache_set) Adding cache entry with key = AD_SITENAME/DOMAIN/STRDOMAIN; value = Default-First-Site and timeout = Tue Jan 19 06:14:07 2038 (867096571 seconds ahead) [2010/07/29 11:04:36, 10] libads/dns.c:778(sitename_store) sitename_store: realm = [strdomain.local], sitename = [Default-First-Site], expire = [2147483647] [2010/07/29 11:04:36, 10] lib/gencache.c:131(gencache_set) Adding cache entry with key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL; value = Default-First-Site and timeout = Tue Jan 19 06:14:07 2038 (867096571 seconds ahead) [2010/07/29 11:04:36, 3] libads/ldap.c:621(ads_connect) Successfully contacted LDAP server 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL, value = Default-First-Site, timeout = Tue Jan 19 06:14:07 2038 [2010/07/29 11:04:36, 5] libads/dns.c:817(sitename_fetch) sitename_fetch: Returning sitename for STRDOMAIN.LOCAL: "Default-First-Site" [2010/07/29 11:04:36, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2010/07/29 11:04:36, 10] libads/kerberos.c:853(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: fname = /var/run/samba/smb_krb5/krb5.conf.STRDOMAIN, realm = STRDOMAIN.LOCAL, domain = STRDOMAIN [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = SAFJOIN/DOMAIN/STRDOMAIN.LOCAL couldn't be found [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = SAF/DOMAIN/STRDOMAIN.LOCAL, value = domain.strdomain.local, timeout = Thu Jul 29 11:19:22 2010 [2010/07/29 11:04:36, 5] libsmb/namequery.c:200(saf_fetch) saf_fetch: Returning "domain.strdomain.local" for "STRDOMAIN.LOCAL" domain [2010/07/29 11:04:36, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: "domain.strdomain.local, *" [2010/07/29 11:04:36, 10] libsmb/namequery.c:1506(internal_resolve_name) internal_resolve_name: looking up STRDOMAIN.LOCAL#1c (sitename Default-First-Site) [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = NBT/STRDOMAIN.LOCAL#1C, value = 192.168.33.2:389,192.168.33.4:389, timeout = Thu Jul 29 11:15:22 2010 [2010/07/29 11:04:36, 5] libsmb/namecache.c:212(namecache_fetch) name STRDOMAIN.LOCAL#1C found. [2010/07/29 11:04:36, 8] libsmb/namequery.c:1993(get_dc_list) Adding 2 DC's from auto lookup [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL, value = Default-First-Site, timeout = Tue Jan 19 06:14:07 2038 [2010/07/29 11:04:36, 5] libads/dns.c:817(sitename_fetch) sitename_fetch: Returning sitename for STRDOMAIN.LOCAL: "Default-First-Site" [2010/07/29 11:04:36, 10] libsmb/namequery.c:1506(internal_resolve_name) internal_resolve_name: looking up domain.strdomain.local#20 (sitename Default-First-Site) [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = NBT/DOMAIN.STRDOMAIN.LOCAL#20, value = 192.168.33.2:0, timeout = Thu Jul 29 11:15:36 2010 [2010/07/29 11:04:36, 5] libsmb/namecache.c:212(namecache_fetch) name domain.strdomain.local#20 found. [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.2 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.2 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.4 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.4 [2010/07/29 11:04:36, 10] libsmb/namequery.c:583(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/07/29 11:04:36, 4] libsmb/namequery.c:2105(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2010/07/29 11:04:36, 4] libsmb/namequery.c:2106(get_dc_list) get_dc_list: 192.168.33.2:389 192.168.33.4:389 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = SAFJOIN/DOMAIN/STRDOMAIN.LOCAL couldn't be found [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = SAF/DOMAIN/STRDOMAIN.LOCAL, value = domain.strdomain.local, timeout = Thu Jul 29 11:19:22 2010 [2010/07/29 11:04:36, 5] libsmb/namequery.c:200(saf_fetch) saf_fetch: Returning "domain.strdomain.local" for "STRDOMAIN.LOCAL" domain [2010/07/29 11:04:36, 3] libsmb/namequery.c:1972(get_dc_list) get_dc_list: preferred server list: "domain.strdomain.local, *" [2010/07/29 11:04:36, 10] libsmb/namequery.c:1506(internal_resolve_name) internal_resolve_name: looking up STRDOMAIN.LOCAL#1c (sitename (null)) [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = NBT/STRDOMAIN.LOCAL#1C, value = 192.168.33.2:389,192.168.33.4:389, timeout = Thu Jul 29 11:15:22 2010 [2010/07/29 11:04:36, 5] libsmb/namecache.c:212(namecache_fetch) name STRDOMAIN.LOCAL#1C found. [2010/07/29 11:04:36, 8] libsmb/namequery.c:1993(get_dc_list) Adding 2 DC's from auto lookup [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL, value = Default-First-Site, timeout = Tue Jan 19 06:14:07 2038 [2010/07/29 11:04:36, 5] libads/dns.c:817(sitename_fetch) sitename_fetch: Returning sitename for STRDOMAIN.LOCAL: "Default-First-Site" [2010/07/29 11:04:36, 10] libsmb/namequery.c:1506(internal_resolve_name) internal_resolve_name: looking up domain.strdomain.local#20 (sitename Default-First-Site) [2010/07/29 11:04:36, 10] lib/gencache.c:208(gencache_get) Returning valid cache entry: key = NBT/DOMAIN.STRDOMAIN.LOCAL#20, value = 192.168.33.2:0, timeout = Thu Jul 29 11:15:36 2010 [2010/07/29 11:04:36, 5] libsmb/namecache.c:212(namecache_fetch) name domain.strdomain.local#20 found. [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.2 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.2 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.2 [2010/07/29 11:04:36, 10] lib/gencache.c:194(gencache_get) Cache entry with key = NEG_CONN_CACHE/STRDOMAIN.LOCAL,192.168.33.4 couldn't be found [2010/07/29 11:04:36, 9] libsmb/conncache.c:150(check_negative_conn_cache) check_negative_conn_cache returning result 0 for domain STRDOMAIN.LOCAL server 192.168.33.4 [2010/07/29 11:04:36, 10] libsmb/namequery.c:583(remove_duplicate_addrs2) remove_duplicate_addrs2: looking for duplicate address/port pairs [2010/07/29 11:04:36, 4] libsmb/namequery.c:2105(get_dc_list) get_dc_list: returning 2 ip addresses in an ordered list [2010/07/29 11:04:36, 4] libsmb/namequery.c:2106(get_dc_list) get_dc_list: 192.168.33.2:389 192.168.33.4:389 [2010/07/29 11:04:36, 10] libads/kerberos.c:804(get_kdc_ip_string) get_kdc_ip_string: Returning kdc = 192.168.33.2 kdc = 192.168.33.4 kdc = 192.168.33.4 [2010/07/29 11:04:36, 5] libads/kerberos.c:921(create_local_private_krb5_conf_for_domain) create_local_private_krb5_conf_for_domain: wrote file /var/run/samba/smb_krb5/krb5.conf.STRDOMAIN with realm STRDOMAIN.LOCAL KDC list = kdc = 192.168.33.2 kdc = 192.168.33.4 kdc = 192.168.33.4 [2010/07/29 11:04:36, 4] libsmb/namequery_dc.c:143(ads_dc_name) ads_dc_name: using server='DOMAIN.STRDOMAIN.LOCAL' IP=192.168.33.2 [2010/07/29 11:04:36, 5] libads/ldap.c:203(ads_try_connect) ads_try_connect: sending CLDAP request to DOMAIN.STRDOMAIN.LOCAL (realm: STRDOMAIN.LOCAL) [2010/07/29 11:04:36, 10] libads/dns.c:778(sitename_store) sitename_store: realm = [STRDOMAIN], sitename = [Default-First-Site], expire = [2147483647] [2010/07/29 11:04:36, 10] lib/gencache.c:131(gencache_set) Adding cache entry with key = AD_SITENAME/DOMAIN/STRDOMAIN; value = Default-First-Site and timeout = Tue Jan 19 06:14:07 2038 (867096571 seconds ahead) [2010/07/29 11:04:36, 10] libads/dns.c:778(sitename_store) sitename_store: realm = [strdomain.local], sitename = [Default-First-Site], expire = [2147483647] [2010/07/29 11:04:36, 10] lib/gencache.c:131(gencache_set) Adding cache entry with key = AD_SITENAME/DOMAIN/STRDOMAIN.LOCAL; value = Default-First-Site and timeout = Tue Jan 19 06:14:07 2038 (867096571 seconds ahead) [2010/07/29 11:04:36, 3] libads/ldap.c:621(ads_connect) Successfully contacted LDAP server 192.168.33.2 [2010/07/29 11:04:36, 10] libads/ldap.c:62(ldap_open_with_timeout) Opening connection to LDAP server 'domain.strdomain.local:389', timeout 15 seconds [2010/07/29 11:04:36, 10] libads/ldap.c:76(ldap_open_with_timeout) Connected to LDAP server 'domain.strdomain.local:389' [2010/07/29 11:04:36, 3] libads/ldap.c:675(ads_connect) Connected to LDAP server domain.strdomain.local [2010/07/29 11:04:36, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2010/07/29 11:04:36, 10] libsmb/namequery.c:86(saf_store) saf_store: domain = [STRDOMAIN], server = [domain.strdomain.local], expire = [1280387976] [2010/07/29 11:04:36, 10] lib/gencache.c:131(gencache_set) Adding cache entry with key = SAF/DOMAIN/STRDOMAIN; value = domain.strdomain.local and timeout = Thu Jul 29 11:19:36 2010 (900 seconds ahead) [2010/07/29 11:04:36, 10] libsmb/namequery.c:86(saf_store) saf_store: domain = [STRDOMAIN.LOCAL], server = [domain.strdomain.local], expire = [1280387976] [2010/07/29 11:04:36, 10] lib/gencache.c:131(gencache_set) Adding cache entry with key = SAF/DOMAIN/STRDOMAIN.LOCAL; value = domain.strdomain.local and timeout = Thu Jul 29 11:19:36 2010 (900 seconds ahead) [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 5] lib/charcnv.c:82(charset_name) Substituting charset 'UTF-8' for LOCALE [2010/07/29 11:04:36, 4] libads/ldap.c:2849(ads_current_time) time offset is 0 seconds [2010/07/29 11:04:36, 4] libads/sasl.c:1112(ads_sasl_bind) Found SASL mechanism GSS-SPNEGO [2010/07/29 11:04:36, 3] libads/sasl.c:780(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2010/07/29 11:04:36, 3] libads/sasl.c:780(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2010/07/29 11:04:36, 3] libads/sasl.c:780(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2010/07/29 11:04:36, 3] libads/sasl.c:780(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2010/07/29 11:04:36, 3] libads/sasl.c:789(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = doma...@strdomain.local [2010/07/29 11:04:36, 3] libsmb/clikrb5.c:687(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2010/07/29 11:04:36, 10] libads/sasl.c:810(ads_sasl_spnego_bind) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit [2010/07/29 11:04:36, 10] libads/kerberos.c:188(kerberos_kinit_password_ext) kerberos_kinit_password: as str-it-...@strdomain.local using [MEMORY:net_ads] as ccache and config [/var/run/samba/smb_krb5/krb5.conf.STRDOMAIN] [2010/07/29 11:04:36, 3] libsmb/clikrb5.c:620(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Чтв, 29 Июл 2010 21:04:36 MSD [2010/07/29 11:04:36, 10] libsmb/clikrb5.c:718(ads_krb5_mk_req) ads_krb5_mk_req: Ticket (doma...@strdomain.local) in ccache (MEMORY:net_ads) is valid until: (Чтв, 29 Июл 2010 21:04:36 MSD - 1280423076) [2010/07/29 11:04:36, 3] libsmb/clikrb5.c:729(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2010/07/29 11:04:36, 10] libsmb/clikrb5.c:896(get_krb5_smb_session_key) Got KRB5 session key of length 16 [2010/07/29 11:04:36, 10] libads/ldap.c:165(ads_closest_dc) ads_closest_dc: NBT_SERVER_CLOSEST flag set [2010/07/29 11:04:36, 10] lib/util.c:2626(name_to_fqdn) name_to_fqdn: lookup for STR-IT-03 -> str-it-03.strdomain.local. [2010/07/29 11:04:36, 2] lib/interface.c:340(add_interface) added interface virsw ip=fe80::222:15ff:fe05:bd49%virsw bcast=fe80::ffff:ffff:ffff:ffff%virsw netmask=ffff:ffff:ffff:ffff:: [2010/07/29 11:04:36, 2] lib/interface.c:340(add_interface) added interface virsw ip=192.168.33.64 bcast=192.168.33.255 netmask=255.255.255.0 [2010/07/29 11:04:36, 4] libads/dns.c:620(ads_dns_lookup_ns) ads_dns_lookup_ns: 2 records returned in the answer section. [2010/07/29 11:04:37, 10] intl/lang_tdb.c:138(lang_tdb_init) lang_tdb_init: /usr/share/samba/.msg: No such file or directory DNS update failed! [2010/07/29 11:04:37, 2] utils/net.c:779(main) return code = -1