Dear list users, I have a problem when joining an Active Directory domain. In this project we have one Main Dc in capital city and one read only dc in one remote city.
We join to main DC succesfully. However, we can not join to local Replicate (rodc14). We are using this method for winbind / squid ntlm authentication purposes not a full samba server. İnternet conection is not fast and we have thousands of users. Remote joining is not our first choice. First of all I try to join without lmhosts entry. That time , I got "Failed to join domain: failed to find DC for domain". /etc/hosts entry was in place and AD dns server was running. Anyway, I have overcomed this problem after adding lmhosts entry. Now my problem is: "result : WERR_NOT_SUPPORTED Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED)" I have searched and come up with, this may be about read only dc.We have changed dc to normal mode. Nothing has changed. I need some help for joining to a read only dc and the problem debugged below. System is Centos 5 i386 AD Server is "Windows Server 2008 R2 Enterprise 7601 Service Pack 1" Samba is samba3-utils-3.6.8-44.el5 samba3-3.6.8-44.el5 samba3-winbind-3.6.8-44.el5 samba3-client-3.6.8-44.el5 Rpms from sernet. (actually I was using samba3x rpms fron Centos. I have upgrades when I have encountered these problems) net ads -d 10 testjoin net ads join -d 3 -U test14%pass Debugs are below. DC: rodc14.testdom.com.tr, 10.10.25.4 domain: TESTDOM.COM.TR Machine Name: TEST14 AD USER: test14 (In administrator group) Best Regards, Oguz [root@test14 ~]# kinit Password for [email protected]: [root@test14 ~]# echo $? 0 [root@test14 ~]# net ads testjoin kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity check failed kerberos_kinit_password [email protected] failed: A service is not available that is required to process the request Join to domain is not valid: Undetermined error cat /etc/hosts: # Do not remove the following line, or various programs # that require network functionality will fail. 127.0.0.1 localhost.localdomain localhost test14 ::1 localhost6.localdomain6 localhost6 10.10.25.4 rodc14.testdom.com.tr #Do not edit/remove this line, required for labris AD integration cat /etc/samba/lmhosts: # This file provides the same function that the lmhosts file does for # Windows. It's another way to map netbios names to ip addresses. # # Cf. section 'name resolve order' in the manual page of smb.conf for # more information. 127.0.0.1 localhost #127.0.0.1 FOO#20 #192.168.1.1 MYDOM#1C 10.10.25.4 TESTDOM /etc/samba/smb.conf: [global] netbios name = TEST14 realm = testdom.com.tr workgroup = TEST security = ads encrypt passwords = yes password server = 10.10.25.4 log level = 3 log file = /var/log/samba.log ldap ssl = no idmap uid = 10000-20000 idmap gid = 10000-20000 winbind separator = / winbind enum users = yes winbind enum groups = yes winbind use default domain = yes domain master = no local master = no preferred master = no template shell = /sbin/nologin getwd cache = yes winbind cache time = 100000 ldap connection timeout = 1200 ldap timeout = 2400 allow trusted domains = yes # ldap ssl = off # winbind offline logon = yes # winbind refresh tickets = yes # client use spnego = no # use spnego = no # ldap ssl ads = no # client ldap sasl wrapping = plain /etc/krb5.conf: [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = TESTDOM.COM.TR default_tkt_enctypes = rc4-hmac des-cbc-crc default_tgs_enctypes = rc4-hmac des-cbc-crc # dns_lookup_realm = false # dns_lookup_kdc = false dns_lookup_realm = false dns_lookup_kdc = false [realms] TESTDOM.COM.TR = { kdc = 10.10.25.4 admin_server = 10.10.25.4 default_domain = TESTDOM.COM.TR } [domain_realm] .testdom.com.tr = TESTDOM.COM.TR testdom.com.tr = TESTDOM.COM.TR net ads join Log: net ads join -d 3 -U test14%pass lp_load_ex: refreshing parameters Initialising global parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" WARNING: The "idmap uid" option is deprecated WARNING: The "idmap gid" option is deprecated added interface eth9.102 ip=fe80::20c:bdff:fe05:28f8%eth9.102 bcast=fe80::ffff:ffff:ffff:ffff%eth9.102 netmask=ffff:ffff:ffff:ffff:: added interface eth1 ip=fe80::290:bff:fe21:43ac%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: added interface eth2 ip=fe80::290:bff:fe21:43ad%eth2 bcast=fe80::ffff:ffff:ffff:ffff%eth2 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=fe80::290:bff:fe27:b5bf%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth9.102 ip=95.0.0.26 bcast=**** netmask=255.255.255.248 added interface eth9.102:0 ip=95.0.0.27 bcast=95.0.0.31 netmask=255.255.255.248 added interface eth9.102:1 ip=95.0.0.28 bcast=95.0.0.31 netmask=255.255.255.248 added interface eth9.102:2 ip=95.0.0.29 bcast=95.0.0.31 netmask=255.255.255.248 added interface eth0 ip=169.254.1.1 bcast=169.254.255.255 netmask=255.255.0.0 added interface eth1 ip=10.10.1.5 bcast=10.10.1.255 netmask=255.255.255.0 Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'TEST14' domain_name : * domain_name : 'TESTDOM.COM.TR' account_ou : NULL admin_account : 'test14' machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) resolve_lmhosts: Attempting lmhosts lookup for name TESTDOM.COM.TR<0x1c> resolve_lmhosts: Attempting lmhosts lookup for name TESTDOM.COM.TR<0x1c> resolve_wins: Attempting wins lookup for name TESTDOM.COM.TR<0x1c> resolve_wins: WINS server resolution selected and no WINS servers listed. name_resolve_bcast: Attempting broadcast lookup for name TESTDOM.COM.TR<0x1c> libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : NULL dns_domain_name : NULL forest_name : NULL dn : NULL domain_sid : NULL domain_sid : (NULL SID) modified_config : 0x00 (0) error_string : 'failed to find DC for domain TESTDOM.COM.TR' domain_is_ad : 0x00 (0) result : WERR_DCNOTFOUND libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : NULL machine_name : 'TEST14' domain_name : * domain_name : 'TESTDOM' account_ou : NULL admin_account : 'test14' machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) ads_dns_lookup_srv: Failed to resolve _ldap._tcp.TEST._sites.dc._msdcs.TESTDOM (Success) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) ads_dns_lookup_srv: Failed to resolve _ldap._tcp.dc._msdcs.TESTDOM (Success) ads_dns_lookup_srv: Failed to send DNS query (NT_STATUS_UNSUCCESSFUL) resolve_lmhosts: Attempting lmhosts lookup for name TESTDOM<0x1c> resolve_lmhosts: Attempting lmhosts lookup for name TESTDOM<0x1c> No nmbd found Connecting to host=RODC14 Connecting to 10.10.25.4 at port 445 Doing spnego session setup (blob length=136) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 get_dc_list: preferred server list: ", 10.10.25.4" libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx out: struct libnet_JoinCtx account_name : NULL netbios_domain_name : 'TESTDOM' dns_domain_name : 'TESTDOM.COM.TR' forest_name : 'TESTDOM.COM.TR' dn : NULL domain_sid : * domain_sid : S-1-5-21-2754586502-4077412898-2490043728 modified_config : 0x00 (0) error_string : 'Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) ' domain_is_ad : 0x01 (1) result : WERR_NOT_SUPPORTED Failed to join domain: Failed to set account flags for machine account (NT_STATUS_NOT_SUPPORTED) return code = -1 [root@test14 ~]# net ads -d 10 testjoin INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 lp_load_ex: refreshing parameters Initialising global parameters INFO: Current debug levels: all: 10 tdb: 10 printdrivers: 10 lanman: 10 smb: 10 rpc_parse: 10 rpc_srv: 10 rpc_cli: 10 passdb: 10 sam: 10 auth: 10 winbind: 10 vfs: 10 idmap: 10 quota: 10 acls: 10 locking: 10 msdfs: 10 dmapi: 10 registry: 10 params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" doing parameter netbios name = TEST14 handle_netbios_name: set global_myname to: TEST14 doing parameter realm = TESTDOM.COM.TR doing parameter workgroup = TESTDOM doing parameter security = ads doing parameter encrypt passwords = yes doing parameter password server = 10.10.25.4 doing parameter log level = 3 doing parameter log file = /var/log/samba.log doing parameter ldap ssl = no doing parameter idmap uid = 10000-20000 WARNING: The "idmap uid" option is deprecated doing parameter idmap gid = 10000-20000 WARNING: The "idmap gid" option is deprecated doing parameter winbind separator = / doing parameter winbind enum users = yes doing parameter winbind enum groups = yes doing parameter winbind use default domain = yes doing parameter domain master = no doing parameter local master = no doing parameter preferred master = no doing parameter template shell = /sbin/nologin doing parameter getwd cache = yes doing parameter winbind cache time = 100000 doing parameter ldap connection timeout = 1200 doing parameter ldap timeout = 2400 doing parameter allow trusted domains = yes pm_process() returned Yes lp_servicenumber: couldn't find homes set_server_role: role = ROLE_DOMAIN_MEMBER Substituting charset 'UTF-8' for LOCALE Netbios name list:- my_netbios_names[0]="TEST14" added interface eth9.102 ip=fe80::20c:bdff:fe05:28f8%eth9.102 bcast=fe80::ffff:ffff:ffff:ffff%eth9.102 netmask=ffff:ffff:ffff:ffff:: added interface eth1 ip=fe80::290:bff:fe21:43ac%eth1 bcast=fe80::ffff:ffff:ffff:ffff%eth1 netmask=ffff:ffff:ffff:ffff:: added interface eth2 ip=fe80::290:bff:fe21:43ad%eth2 bcast=fe80::ffff:ffff:ffff:ffff%eth2 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=fe80::290:bff:fe27:b5bf%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth9.102 ip=95.0.0.26 bcast=95.0.0.31 netmask=255.255.255.248 added interface eth9.102:0 ip=95.0.0.27 bcast=95.0.0.31 netmask=255.255.255.248 added interface eth9.102:1 ip=95.0.0.28 bcast=95.0.0.31 netmask=255.255.255.248 added interface eth9.102:2 ip=95.0.0.29 bcast=95.0.0.31 netmask=255.255.255.248 added interface eth0 ip=169.254.1.1 bcast=169.254.255.255 netmask=255.255.0.0 added interface eth1 ip=10.10.1.5 bcast=10.10.1.255 netmask=255.255.255.0 Registered MSG_REQ_POOL_USAGE Registered MSG_REQ_DMALLOC_MARK and LOG_CHANGED Opening cache file at /var/lib/samba/gencache.tdb Opening cache file at /var/lib/samba/gencache_notrans.tdb sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_dc_name: domain=TESTDOM sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_find_dc: (cldap) looking for realm 'TESTDOM.COM.TR' get_sorted_dc_list: attempting lookup for name TESTDOM.COM.TR (sitename TEST) using [ads] saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 ads_try_connect: sending CLDAP request to 10.10.25.4 (realm: TESTDOM.COM.TR) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000028fc (10492) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 0: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 1: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : c7ed3d57-928e-4c24-bccb-68d28cc2f56a forest : 'TESTDOM.COM.TR' dns_domain : 'TESTDOM.COM.TR' pdc_dns_name : 'RODC14.TESTDOM.COM.TR' domain_name : 'TESTDOM' pdc_name : 'RODC14' user_name : '' server_site : 'TEST' client_site : 'TEST' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM and timeout = Tue Jan 19 05:14:07 2038 (797526619 seconds ahead) sitename_store: realm = [TESTDOM.COM.TR], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM.COM.TR and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) Successfully contacted LDAP server 10.10.25.4 sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_closest_dc: NBT_SERVER_CLOSEST flag set create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.TESTDOM, realm = TESTDOM.COM.TR, domain = TESTDOM saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 get_kdc_ip_string: Returning kdc = 10.10.25.4 create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TESTDOM with realm TESTDOM.COM.TR KDC list = kdc = 10.10.25.4 ads_dc_name: using server='RODC14.TESTDOM.COM.TR' IP=10.10.25.4 ads_find_dc: (ldap) looking for realm 'TESTDOM.COM.TR' sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_dc_name: domain=TESTDOM sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_find_dc: (cldap) looking for realm 'TESTDOM.COM.TR' get_sorted_dc_list: attempting lookup for name TESTDOM.COM.TR (sitename TEST) using [ads] saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 ads_try_connect: sending CLDAP request to 10.10.25.4 (realm: TESTDOM.COM.TR) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000028fc (10492) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 0: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 1: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : c7ed3d57-928e-4c24-bccb-68d28cc2f56a forest : 'TESTDOM.COM.TR' dns_domain : 'TESTDOM.COM.TR' pdc_dns_name : 'RODC14.TESTDOM.COM.TR' domain_name : 'TESTDOM' pdc_name : 'RODC14' user_name : '' server_site : 'TEST' client_site : 'TEST' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) sitename_store: realm = [TESTDOM.COM.TR], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM.COM.TR and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) Successfully contacted LDAP server 10.10.25.4 sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_closest_dc: NBT_SERVER_CLOSEST flag set create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.TESTDOM, realm = TESTDOM.COM.TR, domain = TESTDOM saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 get_kdc_ip_string: Returning kdc = 10.10.25.4 create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TESTDOM with realm TESTDOM.COM.TR KDC list = kdc = 10.10.25.4 ads_dc_name: using server='RODC14.TESTDOM.COM.TR' IP=10.10.25.4 sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs ads_try_connect: sending CLDAP request to 10.10.25.4 (realm: TESTDOM.COM.TR) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000028fc (10492) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 0: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 1: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : c7ed3d57-928e-4c24-bccb-68d28cc2f56a forest : 'TESTDOM.COM.TR' dns_domain : 'TESTDOM.COM.TR' pdc_dns_name : 'RODC14.TESTDOM.COM.TR' domain_name : 'TESTDOM' pdc_name : 'RODC14' user_name : '' server_site : 'TEST' client_site : 'TEST' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) sitename_store: realm = [TESTDOM.COM.TR], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM.COM.TR and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) Successfully contacted LDAP server 10.10.25.4 Opening connection to LDAP server 'RODC14.TESTDOM.COM.TR:389', timeout 2400 seconds Connected to LDAP server 'RODC14.TESTDOM.COM.TR:389' Connected to LDAP server RODC14.TESTDOM.COM.TR ads_closest_dc: NBT_SERVER_CLOSEST flag set saf_store: domain = [TESTDOM], server = [RODC14.TESTDOM.COM.TR], expire = [1349957929] Adding cache entry with key = SAF/DOMAIN/TESTDOM and timeout = Thu Oct 11 15:18:49 2012 (900 seconds ahead) saf_store: domain = [TESTDOM.COM.TR], server = [RODC14.TESTDOM.COM.TR], expire = [1349957929] Adding cache entry with key = SAF/DOMAIN/TESTDOM.COM.TR and timeout = Thu Oct 11 15:18:49 2012 (900 seconds ahead) Substituting charset 'UTF-8' for LOCALE time offset is -3 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) ads_sasl_spnego_krb5_bind failed with: No credentials cache found, calling kinit kerberos_kinit_password: as [email protected] using [MEMORY:net_ads] as ccache and config [/var/lib/samba/smb_krb5/krb5.conf.TESTDOM] ads_krb5_mk_req: smb_krb5_get_credentials failed for ldap/[email protected] (Decrypt integrity check failed) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Decrypt integrity check failed ads_find_dc: (ldap) looking for realm 'TESTDOM.COM.TR' sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_dc_name: domain=TESTDOM sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_find_dc: (cldap) looking for realm 'TESTDOM.COM.TR' get_sorted_dc_list: attempting lookup for name TESTDOM.COM.TR (sitename TEST) using [ads] saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 ads_try_connect: sending CLDAP request to 10.10.25.4 (realm: TESTDOM.COM.TR) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000028fc (10492) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 0: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 1: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : c7ed3d57-928e-4c24-bccb-68d28cc2f56a forest : 'TESTDOM.COM.TR' dns_domain : 'TESTDOM.COM.TR' pdc_dns_name : 'RODC14.TESTDOM.COM.TR' domain_name : 'TESTDOM' pdc_name : 'RODC14' user_name : '' server_site : 'TEST' client_site : 'TEST' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) sitename_store: realm = [TESTDOM.COM.TR], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM.COM.TR and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) Successfully contacted LDAP server 10.10.25.4 sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" ads_closest_dc: NBT_SERVER_CLOSEST flag set create_local_private_krb5_conf_for_domain: fname = /var/lib/samba/smb_krb5/krb5.conf.TESTDOM, realm = TESTDOM.COM.TR, domain = TESTDOM saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 saf_fetch: Returning "RODC14.TESTDOM.COM.TR" for "TESTDOM.COM.TR" domain get_dc_list: preferred server list: "RODC14.TESTDOM.COM.TR, 10.10.25.4" sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 check_negative_conn_cache returning result 0 for domain TESTDOM.COM.TR server 10.10.25.4 remove_duplicate_addrs2: looking for duplicate address/port pairs get_dc_list: returning 1 ip addresses in an ordered list get_dc_list: 10.10.25.4:389 get_kdc_ip_string: Returning kdc = 10.10.25.4 create_local_private_krb5_conf_for_domain: wrote file /var/lib/samba/smb_krb5/krb5.conf.TESTDOM with realm TESTDOM.COM.TR KDC list = kdc = 10.10.25.4 ads_dc_name: using server='RODC14.TESTDOM.COM.TR' IP=10.10.25.4 sitename_fetch: Returning sitename for TESTDOM.COM.TR: "TEST" internal_resolve_name: looking up RODC14.TESTDOM.COM.TR#20 (sitename TEST) name RODC14.TESTDOM.COM.TR#20 found. remove_duplicate_addrs2: looking for duplicate address/port pairs ads_try_connect: sending CLDAP request to 10.10.25.4 (realm: TESTDOM.COM.TR) &response->data.nt5_ex: struct NETLOGON_SAM_LOGON_RESPONSE_EX command : LOGON_SAM_LOGON_RESPONSE_EX (23) sbz : 0x0000 (0) server_type : 0x000028fc (10492) 0: NBT_SERVER_PDC 1: NBT_SERVER_GC 1: NBT_SERVER_LDAP 1: NBT_SERVER_DS 1: NBT_SERVER_KDC 1: NBT_SERVER_TIMESERV 1: NBT_SERVER_CLOSEST 0: NBT_SERVER_WRITABLE 0: NBT_SERVER_GOOD_TIMESERV 0: NBT_SERVER_NDNC 1: NBT_SERVER_SELECT_SECRET_DOMAIN_6 0: NBT_SERVER_FULL_SECRET_DOMAIN_6 1: NBT_SERVER_ADS_WEB_SERVICE 0: NBT_SERVER_HAS_DNS_NAME 0: NBT_SERVER_IS_DEFAULT_NC 0: NBT_SERVER_FOREST_ROOT domain_uuid : c7ed3d57-928e-4c24-bccb-68d28cc2f56a forest : 'TESTDOM.COM.TR' dns_domain : 'TESTDOM.COM.TR' pdc_dns_name : 'RODC14.TESTDOM.COM.TR' domain_name : 'TESTDOM' pdc_name : 'RODC14' user_name : '' server_site : 'TEST' client_site : 'TEST' sockaddr_size : 0x00 (0) sockaddr: struct nbt_sockaddr sockaddr_family : 0x00000000 (0) pdc_ip : (null) remaining : DATA_BLOB length=0 next_closest_site : NULL nt_version : 0x00000005 (5) 1: NETLOGON_NT_VERSION_1 0: NETLOGON_NT_VERSION_5 1: NETLOGON_NT_VERSION_5EX 0: NETLOGON_NT_VERSION_5EX_WITH_IP 0: NETLOGON_NT_VERSION_WITH_CLOSEST_SITE 0: NETLOGON_NT_VERSION_AVOID_NT4EMUL 0: NETLOGON_NT_VERSION_PDC 0: NETLOGON_NT_VERSION_IP 0: NETLOGON_NT_VERSION_LOCAL 0: NETLOGON_NT_VERSION_GC lmnt_token : 0xffff (65535) lm20_token : 0xffff (65535) sitename_store: realm = [TESTDOM], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) sitename_store: realm = [TESTDOM.COM.TR], sitename = [TEST], expire = [2147483647] Adding cache entry with key = AD_SITENAME/DOMAIN/TESTDOM.COM.TR and timeout = Tue Jan 19 05:14:07 2038 (797526618 seconds ahead) Successfully contacted LDAP server 10.10.25.4 Opening connection to LDAP server 'RODC14.TESTDOM.COM.TR:389', timeout 2400 seconds Connected to LDAP server 'RODC14.TESTDOM.COM.TR:389' Connected to LDAP server RODC14.TESTDOM.COM.TR ads_closest_dc: NBT_SERVER_CLOSEST flag set saf_store: domain = [TESTDOM], server = [RODC14.TESTDOM.COM.TR], expire = [1349957929] Adding cache entry with key = SAF/DOMAIN/TESTDOM and timeout = Thu Oct 11 15:18:49 2012 (900 seconds ahead) saf_store: domain = [TESTDOM.COM.TR], server = [RODC14.TESTDOM.COM.TR], expire = [1349957929] Adding cache entry with key = SAF/DOMAIN/TESTDOM.COM.TR and timeout = Thu Oct 11 15:18:49 2012 (900 seconds ahead) time offset is -3 seconds Found SASL mechanism GSS-SPNEGO ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore ads_krb5_mk_req: smb_krb5_get_credentials failed for ldap/[email protected] (Decrypt integrity check failed) ads_sasl_spnego_krb5_bind failed with: Decrypt integrity check failed, calling kinit kerberos_kinit_password: as [email protected] using [MEMORY:net_ads] as ccache and config [/var/lib/samba/smb_krb5/krb5.conf.TESTDOM] kerberos_kinit_password [email protected] failed: A service is not available that is required to process the request Join to domain is not valid: Undetermined error return code = -1 -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
