Beste mensen,
hierbij de output van net ads leave -d9 -U [email protected]
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
lp_load_ex: refreshing parameters
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Processing section "[global]"
doing parameter netbios name = Debian95
doing parameter workgroup = BWARE
doing parameter idmap config * : backend = tdb
doing parameter idmap config BWARE : backend = ad
doing parameter idmap config BWARE : range = 700-800
doing parameter log level = 2
doing parameter log file = /var/log/samba/log
doing parameter security = ads
doing parameter realm = BWARE.LOCAL
doing parameter winbind uid = 20000-30000
doing parameter winbind gid = 20000-30000
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter winbind use default domain = true
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Registering messaging pointer for type 2 - private_data=(nil)
Registering messaging pointer for type 9 - private_data=(nil)
Registered MSG_REQ_POOL_USAGE
Registering messaging pointer for type 11 - private_data=(nil)
Registering messaging pointer for type 12 - private_data=(nil)
Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED
Registering messaging pointer for type 1 - private_data=(nil)
Registering messaging pointer for type 5 - private_data=(nil)
lp_load_ex: refreshing parameters
Freeing parametrics:
Initialising global parameters
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
INFO: Current debug levels:
all: 9
tdb: 9
printdrivers: 9
lanman: 9
smb: 9
rpc_parse: 9
rpc_srv: 9
rpc_cli: 9
passdb: 9
sam: 9
auth: 9
winbind: 9
vfs: 9
idmap: 9
quota: 9
acls: 9
locking: 9
msdfs: 9
dmapi: 9
registry: 9
scavenger: 9
dns: 9
ldb: 9
tevent: 9
Processing section "[global]"
doing parameter netbios name = Debian95
doing parameter workgroup = BWARE
doing parameter idmap config * : backend = tdb
doing parameter idmap config BWARE : backend = ad
doing parameter idmap config BWARE : range = 700-800
doing parameter log level = 2
doing parameter log file = /var/log/samba/log
doing parameter security = ads
doing parameter realm = BWARE.LOCAL
doing parameter winbind uid = 20000-30000
doing parameter winbind gid = 20000-30000
doing parameter template shell = /bin/bash
doing parameter template homedir = /home/%U
doing parameter winbind use default domain = true
pm_process() returned Yes
lp_servicenumber: couldn't find homes
Netbios name list:-
my_netbios_names[0]="DEBIAN95"
added interface enp0s3 ip=192.168.16.7 bcast=192.168.16.255
netmask=255.255.255.0
libnet_Unjoin:
libnet_UnjoinCtx: struct libnet_UnjoinCtx
in: struct libnet_UnjoinCtx
dc_name : NULL
machine_name : 'DEBIAN95'
domain_name : 'BWARE.LOCAL'
account_ou : NULL
admin_account : '[email protected]'
admin_domain : NULL
machine_password : NULL
unjoin_flags : 0x00000005 (5)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
0: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
delete_machine_account : 0x01 (1)
modify_config : 0x00 (0)
domain_sid : NULL
domain_sid : (NULL SID)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
Opening cache file at /var/cache/samba/gencache.tdb
Opening cache file at /var/run/samba/gencache_notrans.tdb
sitename_fetch: Returning sitename for realm 'BWARE.LOCAL':
"Default-First-Site-Name"
sitename_fetch: Returning sitename for realm 'BWARE.LOCAL':
"Default-First-Site-Name"
name basdc1.bware.local#20 found.
ads_try_connect: sending CLDAP request to 192.168.16.4 (realm: BWARE.LOCAL)
Successfully contacted LDAP server 192.168.16.4
Connected to LDAP server basdc1.bware.local
KDC time offset is 1 seconds
Found SASL mechanism GSS-SPNEGO
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30
ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2
ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3
ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'spnego' registered
GENSEC backend 'schannel' registered
GENSEC backend 'naclrpc_as_system' registered
GENSEC backend 'sasl-EXTERNAL' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'ntlmssp_resume_ccache' registered
GENSEC backend 'http_basic' registered
GENSEC backend 'http_ntlm' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gse_krb5
gss_krb5_import_cred ccache[MEMORY:net_ads] failed with [ Miscellaneous
failure (see text): unknown mech-code 2 for mech 1 2 840 113554 1 2 2] -the
caller may retry after a kinit.
Failed to start GENSEC client mech gse_krb5: NT_STATUS_INTERNAL_ERROR
kerberos_kinit_password [email protected] failed: Cannot contact
any KDC for requested realm
ads_sasl_spnego_gensec_bind(KRB5) failed for ldap/basdc1.bware.local with
user[Administrator] realm=[BWARE.LOCAL]: Cannot contact any KDC for
requested realm
sitename_fetch: Returning sitename for realm 'BWARE.LOCAL':
"Default-First-Site-Name"
name basdc1.bware.local#20 found.
Connecting to 192.168.16.4 at port 445
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 0
SO_BROADCAST = 0
TCP_NODELAY = 1
TCP_KEEPCNT = 9
TCP_KEEPIDLE = 7200
TCP_KEEPINTVL = 75
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_REUSEPORT = 0
SO_SNDBUF = 87040
SO_RCVBUF = 372480
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
TCP_QUICKACK = 1
TCP_DEFER_ACCEPT = 0
Doing spnego session setup (blob length=120)
got OID=1.3.6.1.4.1.311.2.2.30
got OID=1.2.840.48018.1.2.2
got OID=1.2.840.113554.1.2.2
got OID=1.2.840.113554.1.2.2.3
got OID=1.3.6.1.4.1.311.2.2.10
got principal=not_defined_in_RFC4178@please_ignore
Starting GENSEC mechanism spnego
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x62898215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_TARGET_TYPE_DOMAIN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x62088215
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY
NTLMSSP_NEGOTIATE_VERSION
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
SPNEGO login failed: Logon failure
libnet_Unjoin:
libnet_UnjoinCtx: struct libnet_UnjoinCtx
out: struct libnet_UnjoinCtx
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
modified_config : 0x00 (0)
error_string : 'failed to connect to AD: Cannot
contact any KDC for requested realm'
disabled_machine_account : 0x00 (0)
deleted_machine_account : 0x00 (0)
result : WERR_LOGON_FAILURE
return code = -1
Graag ontvang ik een bevestiging retour.
Met vriendelijke groet,
Bas Neve
[email protected]
316 14 12 00 71
Op wo 29 aug. 2018 om 11:23 schreef Bas Neve <[email protected]>:
> Hoi Wouter,
>
> Welke informatie is er nog meer nodig ?
>
> Graag ontvang ik een bevestiging retour.
>
> Met vriendelijke groet,
>
> Bas Neve
> [email protected]
> 316 14 12 00 71
>
>
>
>
>
>
>
>
>
> Op wo 29 aug. 2018 om 11:09 schreef Bas Neve <[email protected]>:
>
>> Beste mensen,
>>
>>
>> net join -U Administrator
>> Enter Administrator's password:
>> Using short domain name -- BWARE
>> Joined 'DEBIAN95' to dns domain 'bware.local'
>> No DNS domain configured for debian95. Unable to perform DNS Update.
>> DNS update failed: NT_STATUS_INVALID_PARAMETER
>>
>> net ads testjoin
>> Join is OK
>>
>> net ads leave -U Administrator
>> Enter Administrator's password:
>> kerberos_kinit_password [email protected] failed: Cannot contact
>> any KDC for requested realm
>> Disabled account for 'DEBIAN95' in realm '(null)'
>>
>> net join -U Administrator
>> Enter Administrator's password:
>> Using short domain name -- BWARE
>> Joined 'DEBIAN95' to dns domain 'bware.local'
>> No DNS domain configured for debian95. Unable to perform DNS Update.
>> DNS update failed: NT_STATUS_INVALID_PARAMETER
>>
>> net ads leave -U [email protected]
>> Enter [email protected]'s password:
>> kerberos_kinit_password [email protected] failed: Cannot contact
>> any KDC for requested realm
>> Disabled account for 'DEBIAN95' in realm '(null)'
>>
>>
>> tail /var/log/samba/log
>> [2018/08/29 10:35:56.300737, 2]
>> ../lib/util/tevent_debug.c:66(samba_tevent_debug)
>> samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x55dc6f60f6e0]
>> mpx_fde[(nil)] fd[15] - disabling
>> [2018/08/29 10:45:55.978689, 2]
>> ../source3/smbd/server.c:794(remove_child_pid)
>> Could not find child 1540 -- ignoring
>> [2018/08/29 10:48:26.407062, 2]
>> ../lib/util/tevent_debug.c:66(samba_tevent_debug)
>> samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x55dc6f5f30c0]
>> mpx_fde[(nil)] fd[15] - disabling
>> [2018/08/29 11:00:56.017725, 2]
>> ../source3/smbd/server.c:794(remove_child_pid)
>> Could not find child 1581 -- ignoring
>> [2018/08/29 11:00:56.474751, 2]
>> ../lib/util/tevent_debug.c:66(samba_tevent_debug)
>> samba_tevent: EPOLL_CTL_DEL EBADF for fde[0x55dc6f60f6e0]
>> mpx_fde[(nil)] fd[15] - disabling
>>
>>
>>
>>
>> Graag ontvang ik een bevestiging retour.
>>
>> Met vriendelijke groet,
>>
>> Bas Neve
>> [email protected]
>> 316 14 12 00 71
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> Op wo 29 aug. 2018 om 10:44 schreef Wouter Verhelst <[email protected]>:
>>
>>> Hoi Bas,
>>>
>>> Ik vind het erg om het te moeten zeggen, maar hier kunnen we nog altijd
>>> niet genoeg mee :-)
>>>
>>> On Wed, Aug 29, 2018 at 10:11:36AM +0200, Bas Neve wrote:
>>> > Hoi Wouter,
>>> >
>>> > Hierbij nadere info. Ik heb in virtualbox een windows Active domain
>>> controller
>>> > met een domein bware.local gemaakt.. Aan dat domein heb ik een windows
>>> 10 box
>>> > en een redhat box toegevoegd. Op de RedHatbox kan ik inloggen via de
>>> > domeincontroller.. tevens heb ik een debian9.5 machine gemaakt.
>>>
>>> Sure, dat wisten we al.
>>>
>>> > Ik heb met de
>>> > Debian machine twee uitdagingen. Ik kan het domein joinen
>>>
>>> Jeuj.
>>>
>>> > maar helaas niet verlaten.
>>>
>>> Dit zegt zoveel als "De auto werkt niet".
>>>
>>> wat werkt er niet?
>>>
>>> "Weet ik niet, zoek het uit. Maar je mag niet aan de auto komen".
>>>
>>> Dat kan niet, dat begrijp je wel.
>>>
>>> "ik kan het domein niet verlaten". Ik ben er van overtuigd dat je dat je
>>> wel kan, maar er lukt iets niet. Wat? Dat zeg je niet.
>>>
>>> Welk commando heb je uitgevoerd om het domein te joinen?
>>> Welk commando heb je uitgevoerd om het domein weer te verlaten?
>>> Krijg je foutmeldingen? Post ze dan.
>>> Krijg je iets in de logs te zien (/var/log/samba)? Post dat dan.
>>>
>>> Alleen met dat soort informatie kan je hulp krijgen...
>>>
>>> P.S.: zie ook
>>> https://opensource.com/life/16/10/how-ask-technical-questions voor een
>>> goede gids over hoe je efficiënt technische vragen kunt stellen...
>>>
>>> --
>>> Could you people please use IRC like normal people?!?
>>>
>>> -- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf
>>> 2008
>>> Hacklab
>>>
>>
