[Samba] Joining a win2k3 ads fails

[Lex Brugman]

Hello,

I'm trying to join a win2k3 ADS domain using a working config on a debian 
'Lenny' (arm processor)
from another machine running gentoo (x86 processor) (only changed the netbios 
name).

Samba versions are 3.0.26a on both the machines.
I'm pretty sure this is not a kerberos or ldap problem, anyone has a clue what 
else it could be?


# net -d 3 ads join -U administrator
[2007/11/07 23:31:00, 3] param/loadparm.c:lp_load(5039)
  lp_load: refreshing parameters
[2007/11/07 23:31:00, 3] param/loadparm.c:init_globals(1438)
  Initialising global parameters
[2007/11/07 23:31:00, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2007/11/07 23:31:00, 3] param/loadparm.c:do_section(3778)
  Processing section "[global]"
[2007/11/07 23:31:01, 3] param/params.c:pm_process(572)
  params.c:pm_process() - Processing configuration file "/etc/samba/dhcp.conf"
[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
  added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
  added interface ip=10.0.0.22 bcast=10.0.0.255 nmask=255.255.255.0
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
administrator's password:
[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
  ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found)
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 
08 Nov 2007 09:31:23 CET
[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
  get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
  Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
  ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
  ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Thu, 
08 Nov 2007 09:31:23 CET
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_start_connection(1509)
  Connecting to host=server2.thuis.local
[2007/11/07 23:31:05, 3] lib/util_sock.c:open_socket_out(874)
  Connecting to 10.0.0.2 at port 445
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(793)
  Doing spnego session setup (blob length=108)
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(818)
  got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_session_setup_spnego(826)
  got [EMAIL PROTECTED]
[2007/11/07 23:31:06, 2] libsmb/cliconnect.c:cli_session_setup_kerberos(613)
  Doing kerberos session setup
[2007/11/07 23:31:06, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
  ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect] expiration 
Thu, 08 Nov 2007
09:31:23 CET
[2007/11/07 23:31:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine server2.thuis.local pipe \lsarpc fnum 0x8001 
bind request returned ok.
[2007/11/07 23:31:06, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
  lsa_io_sec_qos: length c does not match size 8
[2007/11/07 23:31:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
  rpc_pipe_bind: Remote machine server2.thuis.local pipe \samr fnum 0xa bind 
request returned ok.
[2007/11/07 23:31:06, 1] 
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
  cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_NDR received from 
remote machine
server2.thuis.local pipe \samr fnum 0xa!
[2007/11/07 23:31:06, 1] utils/net_ads.c:net_ads_join(1548)
  call of net_join_domain failed: NT code 0x000006f7
Failed to join domain: NT code 0x000006f7
[2007/11/07 23:31:06, 2] utils/net.c:main(1036)
  return code = -1


smb.conf (relevant part only):
[global]
#       log level = 5
        enable privileges = Yes
        username map = /etc/samba/smbusers
        allow trusted domains = No
        idmap uid = 20000-30000
        idmap gid = 20000-30000
        winbind enum users = Yes
        winbind enum groups = Yes
        winbind separator = +
        winbind use default domain = Yes
        winbind offline logon = Yes
        winbind refresh tickets = Yes
        use kerberos keytab = Yes
        winbind nss info = template
        template homedir = /home/%U
        template shell = /bin/bash
        client use spnego = Yes
        obey pam restrictions = No
        password server = thuis.local
        null passwords = No
        server signing = Auto
        client signing = Auto
        lm announce = No
        deadtime = 15
        encrypt passwords = Yes
        workgroup = THUIS
        realm = THUIS.LOCAL
        netbios name = BACKUP
        server string = Samba on %L
        interfaces = lo eth0
        bind interfaces only = Yes
        hosts deny = 0.0.0.0/0
        hosts allow = 10.0.0.0/24 127.0.0.1
        os level = 20
        wins support = No
        # get wins server address from dhcp
        include = /etc/samba/dhcp.conf
        name resolve order = wins lmhosts hosts bcast
        preferred master = No
        load printers = No
        log file = /var/log/samba/log.%m
        max log size = 0
        security = ads
        socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY 
SO_RCVBUF=8192 SO_SNDBUF=8192
        dns proxy = No
        time server = No
        hide dot files = Yes
        username level = 1
        admin users = @%D%w"Domain Admins"
        guest ok = No
        public = No
        valid users = @%D%w"Domain Admins" @%D%w"Domain Power Users" @%D%w"Domain 
Users"
@%D%w"Domain Controllers" @%D%w"Domain Computers"

--
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba