Andrew,
The product team is analyzing the network trace for trusted domain join
problem. We have several questions regarding the test.
(1) What was the exact error message and when did it show ? Did you see
message (" Unable to read the functional level of the specified forest." & "The
directory datatype cannot be converted to/from a native DS datatype") displayed
from "Active Directory Trust and Domain" ?
(2) Which frame(s) in the trace are related to the error ? at the end ?
We can see error STATUS_OBJECT_NAME_NOT_FOUND returned
LsarQueryTrustedDomainInfoByName() in frame 111 & 113,Is that a downstream
effect of not reading the right data from AD?
(3) What is your Windows Server 2008 domain name ? Is it AD2008 ? Do you
actually have a Netbios name different then the DNS name?
Is 2008.naomi.abartlet.net the name of Samba4 domain ?
Thanks
----------------------------------------------------------
Hongwei Sun - Sr. Support Escalation Engineer
DSC Protocol Team, Microsoft
[EMAIL PROTECTED]
Tel: 469-7757027 x 57027
-----------------------------------------------------------
-----Original Message-----
From: Andrew Bartlett [mailto:[EMAIL PROTECTED]
Sent: Monday, September 08, 2008 7:22 AM
To: Interoperability Documentation Help
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Microsoft Client tool expectatations
How do I determine what LDAP values a Microsoft client tool is expecting?
For example, with the attached patch against current GIT, I cannot make
windows 2008 join Samba4 as a 2-way, forest level trusted domain. It
seems something is wrong with what we return to
cn=partitions,cn=configuration,....
Similarly, against our current GIT tree, the Win2k3 admin pack on WinXP won't
launch 'Active Directory Users and Computers' against Samba4. The error seems
to be in response to our return value for the cn=aggregate schema.
In both cases, I just have cryptic error messages. How can I determine what
these tools are expecting?
Attached please find network traces for both the 2008 server attempting to join
the trust and a WinXP machine trying to open 'Active Directory Users and
Computers'.
(keytab to follow in private mail)
The join fails with: 'unable to read the functional level of the forest'
Cannot convert to/from the native DS datatype.
The ADUC launch fails with: 'unspecified error'. (This used to work, before I
'fixed' some schema stuff).
Thanks,
Andrew Bartlett
--
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc.
_______________________________________________
cifs-protocol mailing list
[email protected]
https://lists.samba.org/mailman/listinfo/cifs-protocol
