Hello,
I'm trying to join a win2k3 ADS domain using a working config on a
debian 'Lenny' (arm processor)
from another machine running gentoo (x86 processor) (only changed the
netbios name).
Samba versions are 3.0.26a on both the machines.
I'm pretty sure this is not a kerberos or ldap problem, anyone has a
clue what else it could be?
# net -d 3 ads join -U administrator
[2007/11/07 23:31:00, 3] param/loadparm.c:lp_load(5039)
lp_load: refreshing parameters
[2007/11/07 23:31:00, 3] param/loadparm.c:init_globals(1438)
Initialising global parameters
[2007/11/07 23:31:00, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/smb.conf"
[2007/11/07 23:31:00, 3] param/loadparm.c:do_section(3778)
Processing section "[global]"
[2007/11/07 23:31:01, 3] param/params.c:pm_process(572)
params.c:pm_process() - Processing configuration file
"/etc/samba/dhcp.conf"
[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
added interface ip=127.0.0.1 bcast=127.255.255.255 nmask=255.0.0.0
[2007/11/07 23:31:01, 2] lib/interface.c:add_interface(81)
added interface ip=10.0.0.22 bcast=10.0.0.255 nmask=255.255.255.0
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:02, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: "10.0.0.2, thuis.local"
administrator's password:
[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_krb5_mk_req(593)
ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache
found)
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads]
expiration Thu, 08 Nov 2007 09:31:23 CET
[2007/11/07 23:31:05, 3] libsmb/namequery.c:get_dc_list(1489)
get_dc_list: preferred server list: "10.0.0.2, thuis.local"
[2007/11/07 23:31:05, 3] libads/ldap.c:ads_connect(394)
Connected to LDAP server 10.0.0.2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(213)
ads_sasl_spnego_bind: got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3] libads/sasl.c:ads_sasl_spnego_bind(222)
ads_sasl_spnego_bind: got server principal name = [EMAIL PROTECTED]
[2007/11/07 23:31:05, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads]
expiration Thu, 08 Nov 2007 09:31:23 CET
[2007/11/07 23:31:05, 3] libsmb/cliconnect.c:cli_start_connection(1509)
Connecting to host=server2.thuis.local
[2007/11/07 23:31:05, 3] lib/util_sock.c:open_socket_out(874)
Connecting to 10.0.0.2 at port 445
[2007/11/07 23:31:05, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(793)
Doing spnego session setup (blob length=108)
[2007/11/07 23:31:05, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(818)
got OID=1 2 840 48018 1 2 2
[2007/11/07 23:31:05, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(818)
got OID=1 2 840 113554 1 2 2
[2007/11/07 23:31:05, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(818)
got OID=1 2 840 113554 1 2 2 3
[2007/11/07 23:31:05, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(818)
got OID=1 3 6 1 4 1 311 2 2 10
[2007/11/07 23:31:05, 3]
libsmb/cliconnect.c:cli_session_setup_spnego(826)
got [EMAIL PROTECTED]
[2007/11/07 23:31:06, 2]
libsmb/cliconnect.c:cli_session_setup_kerberos(613)
Doing kerberos session setup
[2007/11/07 23:31:06, 3] libsmb/clikrb5.c:ads_cleanup_expired_creds(528)
ads_cleanup_expired_creds: Ticket in ccache[MEMORY:cliconnect]
expiration Thu, 08 Nov 2007
09:31:23 CET
[2007/11/07 23:31:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine server2.thuis.local pipe \lsarpc fnum
0x8001 bind request returned ok.
[2007/11/07 23:31:06, 3] rpc_parse/parse_lsa.c:lsa_io_sec_qos(224)
lsa_io_sec_qos: length c does not match size 8
[2007/11/07 23:31:06, 3] rpc_client/cli_pipe.c:rpc_pipe_bind(2081)
rpc_pipe_bind: Remote machine server2.thuis.local pipe \samr fnum
0xa bind request returned ok.
[2007/11/07 23:31:06, 1]
rpc_client/cli_pipe.c:cli_pipe_validate_current_pdu(625)
cli_pipe_validate_current_pdu: RPC fault code DCERPC_FAULT_NDR
received from remote machine
server2.thuis.local pipe \samr fnum 0xa!
[2007/11/07 23:31:06, 1] utils/net_ads.c:net_ads_join(1548)
call of net_join_domain failed: NT code 0x000006f7
Failed to join domain: NT code 0x000006f7
[2007/11/07 23:31:06, 2] utils/net.c:main(1036)
return code = -1
smb.conf (relevant part only):
[global]
# log level = 5
enable privileges = Yes
username map = /etc/samba/smbusers
allow trusted domains = No
idmap uid = 20000-30000
idmap gid = 20000-30000
winbind enum users = Yes
winbind enum groups = Yes
winbind separator = +
winbind use default domain = Yes
winbind offline logon = Yes
winbind refresh tickets = Yes
use kerberos keytab = Yes
winbind nss info = template
template homedir = /home/%U
template shell = /bin/bash
client use spnego = Yes
obey pam restrictions = No
password server = thuis.local
null passwords = No
server signing = Auto
client signing = Auto
lm announce = No
deadtime = 15
encrypt passwords = Yes
workgroup = THUIS
realm = THUIS.LOCAL
netbios name = BACKUP
server string = Samba on %L
interfaces = lo eth0
bind interfaces only = Yes
hosts deny = 0.0.0.0/0
hosts allow = 10.0.0.0/24 127.0.0.1
os level = 20
wins support = No
# get wins server address from dhcp
include = /etc/samba/dhcp.conf
name resolve order = wins lmhosts hosts bcast
preferred master = No
load printers = No
log file = /var/log/samba/log.%m
max log size = 0
security = ads
socket options = TCP_NODELAY SO_RCVBUF=8192 IPTOS_LOWDELAY
SO_RCVBUF=8192 SO_SNDBUF=8192
dns proxy = No
time server = No
hide dot files = Yes
username level = 1
admin users = @%D%w"Domain Admins"
guest ok = No
public = No
valid users = @%D%w"Domain Admins" @%D%w"Domain Power Users"
@%D%w"Domain Users"
@%D%w"Domain Controllers" @%D%w"Domain Computers"