RE: [Samba] net ads info can't find the ldap server.
I looked into the source code, and have some observations: 1. I don't wrote the realm in my smb.conf, because I get the realm form net ads info. Once I set realm in the smb.conf, net ads info worked. Does it mean the realm is needed in smb.conf? In libads\Ldap.c, the ads_try connect() do not have the realm value (ads-server.realm). Is there anything wrong in my environment? Or the realm must be in smb.conf? 2. When I try to join domain, using net ads join -Uadministrator%password, I got the following message: Using short domain name -- NAS Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'NSAF933' in realm 'NAS.LOCAL' I found the problem is in util\net_ads.c. The function net_set_machine_spn() do Line:1001 status = ads_gen_mod(ads_s, new_dn, mods). It returns 20 and let the ADS_ERROR_OK() check fail. Mark the line join domain will be successfully. Please give me some advise. Thanks, Latrell -Original Message- From: Latrell Wang 王獻綱 Sent: Wednesday, January 24, 2007 9:26 AM To: 'Gerald (Jerry) Carter' Cc: samba@lists.samba.org Subject: RE: [Samba] net ads info can't find the ldap server. Hi Jerry: I've sent you yesterday, but it seems something wrong. I send it again. Thanks, Latrell. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Monday, January 22, 2007 10:08 PM To: Latrell Wang 王獻綱 Cc: samba@lists.samba.org Subject: Re: [Samba] net ads info can't find the ldap server. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Latrell Wang 王獻綱 wrote: Failed to parse cldap reply Can you send me a raw sniff from Wireshark? And a level 10 debug log from 'net ads info'? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+ dsmGJx76nEC30nf7qX64tko= =BHrj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads info can't find the ldap server.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Latrell Wang 王獻綱 wrote: I looked into the source code, and have some observations: 1. I don't wrote the realm in my smb.conf, because I get the realm form net ads info. Once I set realm in the smb.conf, net ads info worked For any 'net ads' command you have to set the realm. This has always been a requirement. 2. When I try to join domain, using net ads join -Uadministrator%password, I got the following message: Using short domain name -- NAS Failed to set servicePrincipalNames. Please ensure that the DNS domain of this server matches the AD domain, Or rejoin with using Domain Admin credentials. Disabled account for 'NSAF933' in realm 'NAS.LOCAL' Make sure the fqdn of the Samba server is set correctly. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFukrxIR7qMdg1EfYRAul2AJ9FEG2nwts4vpgn8ots3768tVzLWQCgtHeB FUduAvGAd0b7hjXAJLNe0AE= =YQBY -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] net ads info can't find the ldap server.
Hi Jerry: I've sent you yesterday, but it seems something wrong. I send it again. Thanks, Latrell. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gerald (Jerry) Carter Sent: Monday, January 22, 2007 10:08 PM To: Latrell Wang 王獻綱 Cc: samba@lists.samba.org Subject: Re: [Samba] net ads info can't find the ldap server. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Latrell Wang 王獻綱 wrote: Failed to parse cldap reply Can you send me a raw sniff from Wireshark? And a level 10 debug log from 'net ads info'? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+ dsmGJx76nEC30nf7qX64tko= =BHrj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] net ads info can't find the ldap server.
Hi all: After I upgraded to samba 3.0.23d, I can’t use net ads info to retrieve DC information. In my previous version (3.0.21c), I can use net ads info and get the information: LDAP server: 172.23.26.204 LDAP server name: nas-2003 Realm: NAS.LOCAL Bind Path: dc=NAS,dc=LOCAL LDAP port: 389 Server time: Mon, 22 Jan 2007 09:51:02 GMT KDC server: 172.23.26.204 Server time offset: -60 After upgrade to 3.0.23d: Didn't find the ldap server! The detailed information is as follows: It seem there’s some problem with protocol negotiation. My openldap version is 2.1.22. I also tried 2.3.32, but also fail. Could someone help me out? Thanks, Latrell. [2007/01/22 18:00:24, 3] param/loadparm.c:lp_load(4945) lp_load: refreshing parameters [2007/01/22 18:00:24, 3] param/loadparm.c:init_globals(1410) Initialising global parameters [2007/01/22 18:00:24, 3] param/params.c:pm_process(572) params.c:pm_process() - Processing configuration file /etc/samba/smb.conf [2007/01/22 18:00:24, 3] param/loadparm.c:do_section(3687) Processing section [global] [2007/01/22 18:00:24, 3] lib/module.c:do_smb_load_module(49) Error loading module '/usr/lib/charset/ANSI_X3.4-1968.so': /usr/lib/charset/ANSI_X3.4-1968.so: cannot open shared object file: No such file or directory [2007/01/22 18:00:24, 2] lib/interface.c:add_interface(81) added interface ip=172.23.26.152 bcast=172.23.26.255 nmask=255.255.255.0 [2007/01/22 18:00:24, 3] libsmb/namequery.c:get_dc_list(1426) get_dc_list: preferred server list: 172.23.26.204, NAS.LOCAL * [2007/01/22 18:00:24, 1] libads/cldap.c:recv_cldap_netlogon(240) Failed to parse cldap reply [2007/01/22 18:00:24, 3] libads/ldap.c:ads_try_connect(136) ads_try_connect: CLDAP request 172.23.26.204 failed. Didn't find the ldap server! [2007/01/22 18:00:24, 2] utils/net.c:main(988) return code = -1 [smb.conf] [global] dos charset = UTF8 display charset = UTF8 unix charset = UTF8 server string = %h netbios name = NSAF933 write ok = yes guest account = smbguest map to guest = bad user encrypt passwords = yes map archive = no client use spnego = no auth methods = guest sam_ignoredomain winbind:ntdomain host msdfs = yes winbind use default domain = yes workgroup = NAS security = ads password server = NAS.LOCAL * idmap uid = 10-50 idmap gid = 10-50 winbind cache time = 15 template homedir = /tmp/users/home/%D/%U template shell = /bin/bash -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] net ads info can't find the ldap server.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Latrell Wang 王獻綱 wrote: Failed to parse cldap reply Can you send me a raw sniff from Wireshark? And a level 10 debug log from 'net ads info'? cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+ dsmGJx76nEC30nf7qX64tko= =BHrj -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba