- Package:
- samba-common-bin
- Source:
- samba
- Description:
- Samba common files used by both the server and the client
- Submitter:
- Matyashov Andrey
- Date:
- 2013-08-17 18:30:08 UTC
- Severity:
- wishlist
Have you verified that out of sync times was actually the problem in this case? if you run with a higher debug level (-d5) what is the output you get? Jelmer
10.10.2012 16:17, Jelmer Vernooij пишет: root@sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Finding a writeable DC for domain 'testdomain.net' added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain testdomain.net finddcs: looking for SRV records for _ldap._tcp.testdomain.net ads_dns_lookup_srv: 3 records returned in the answer section. finddcs: DNS SRV response 0 at '192.168.12.1' finddcs: DNS SRV response 1 at '192.168.12.150' finddcs: DNS SRV response 2 at '192.168.12.150' finddcs: performing CLDAP query on 192.168.12.1 finddcs: Found matching DC 192.168.12.1 with server_type=0x000003fc Found DC sdc01.testdomain.net added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [TESTDOMAIN\administrator]: Received smb_krb5 packet of length 283 Received smb_krb5 packet of length 90 Received smb_krb5 packet of length 283 Failed to get kerberos credentials: kinit for administrator@TESTDOMAIN.NET failed (Looping detected inside krb5_get_in_tkt) Aquiring initiator credentials failed: kinit for administrator@TESTDOMAIN.NET failed (Looping detected inside krb5_get_in_tkt) SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x60898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH workgroup is TESTDOMAIN realm is testdomain.net checking sAMAccountName Adding CN=SDC,OU=Domain Controllers,DC=testdomain,DC=net Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <Failed to find primary group with RID 521!> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 190, in run machinepass=machinepass, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 932, in join_RODC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 870, in do_join ctx.join_add_objects() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 440, in join_add_objects ctx.samdb.add(rec) and root@sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Finding a writeable DC for domain 'testdomain.net' added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain testdomain.net finddcs: looking for SRV records for _ldap._tcp.testdomain.net ads_dns_lookup_srv: 3 records returned in the answer section. finddcs: DNS SRV response 0 at '192.168.12.150' finddcs: DNS SRV response 1 at '192.168.12.1' finddcs: DNS SRV response 2 at '192.168.12.150' finddcs: performing CLDAP query on 192.168.12.150 finddcs: Found matching DC 192.168.12.150 with server_type=0x000003fd Found DC testdomain-pdc.testdomain.net added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [TESTDOMAIN\administrator]: Received smb_krb5 packet of length 144 Received smb_krb5 packet of length 1343 Received smb_krb5 packet of length 98 Received smb_krb5 packet of length 1334 Received smb_krb5 packet of length 90 Received smb_krb5 packet of length 1318 gensec_gssapi: credentials were delegated GSSAPI Connection will be cryptographically sealed workgroup is TESTDOMAIN realm is testdomain.net ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 190, in run machinepass=machinepass, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 908, in join_RODC mysid = ctx.get_mysid() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 255, in get_mysid binsid = res[0]["tokenGroups"][0]
10.10.2012 16:17, Jelmer Vernooij пишет: root@sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Finding a writeable DC for domain 'testdomain.net' added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain testdomain.net finddcs: looking for SRV records for _ldap._tcp.testdomain.net ads_dns_lookup_srv: 3 records returned in the answer section. finddcs: DNS SRV response 0 at '192.168.12.1' finddcs: DNS SRV response 1 at '192.168.12.150' finddcs: DNS SRV response 2 at '192.168.12.150' finddcs: performing CLDAP query on 192.168.12.1 finddcs: Found matching DC 192.168.12.1 with server_type=0x000003fc Found DC sdc01.testdomain.net added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [TESTDOMAIN\administrator]: Received smb_krb5 packet of length 283 Received smb_krb5 packet of length 90 Received smb_krb5 packet of length 283 Failed to get kerberos credentials: kinit for administrator@TESTDOMAIN.NET failed (Looping detected inside krb5_get_in_tkt) Aquiring initiator credentials failed: kinit for administrator@TESTDOMAIN.NET failed (Looping detected inside krb5_get_in_tkt) SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x60898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH workgroup is TESTDOMAIN realm is testdomain.net checking sAMAccountName Adding CN=SDC,OU=Domain Controllers,DC=testdomain,DC=net Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <Failed to find primary group with RID 521!> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 190, in run machinepass=machinepass, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 932, in join_RODC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 870, in do_join ctx.join_add_objects() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 440, in join_add_objects ctx.samdb.add(rec) and root@sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Finding a writeable DC for domain 'testdomain.net' added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain testdomain.net finddcs: looking for SRV records for _ldap._tcp.testdomain.net ads_dns_lookup_srv: 3 records returned in the answer section. finddcs: DNS SRV response 0 at '192.168.12.150' finddcs: DNS SRV response 1 at '192.168.12.1' finddcs: DNS SRV response 2 at '192.168.12.150' finddcs: performing CLDAP query on 192.168.12.150 finddcs: Found matching DC 192.168.12.150 with server_type=0x000003fd Found DC testdomain-pdc.testdomain.net added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [TESTDOMAIN\administrator]: Received smb_krb5 packet of length 144 Received smb_krb5 packet of length 1343 Received smb_krb5 packet of length 98 Received smb_krb5 packet of length 1334 Received smb_krb5 packet of length 90 Received smb_krb5 packet of length 1318 gensec_gssapi: credentials were delegated GSSAPI Connection will be cryptographically sealed workgroup is TESTDOMAIN realm is testdomain.net ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 190, in run machinepass=machinepass, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 908, in join_RODC mysid = ctx.get_mysid() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 255, in get_mysid binsid = res[0]["tokenGroups"][0]
10.10.2012 16:17, Jelmer Vernooij пишет: root@sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Finding a writeable DC for domain 'testdomain.net' added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain testdomain.net finddcs: looking for SRV records for _ldap._tcp.testdomain.net ads_dns_lookup_srv: 3 records returned in the answer section. finddcs: DNS SRV response 0 at '192.168.12.1' finddcs: DNS SRV response 1 at '192.168.12.150' finddcs: DNS SRV response 2 at '192.168.12.150' finddcs: performing CLDAP query on 192.168.12.1 finddcs: Found matching DC 192.168.12.1 with server_type=0x000003fc Found DC sdc01.testdomain.net added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [TESTDOMAIN\administrator]: Received smb_krb5 packet of length 283 Received smb_krb5 packet of length 90 Received smb_krb5 packet of length 283 Failed to get kerberos credentials: kinit for administrator@TESTDOMAIN.NET failed (Looping detected inside krb5_get_in_tkt) Aquiring initiator credentials failed: kinit for administrator@TESTDOMAIN.NET failed (Looping detected inside krb5_get_in_tkt) SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x60898235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088235 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_SEAL NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_NTLM2 NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH workgroup is TESTDOMAIN realm is testdomain.net checking sAMAccountName Adding CN=SDC,OU=Domain Controllers,DC=testdomain,DC=net Join failed - cleaning up checking sAMAccountName ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM - <Failed to find primary group with RID 521!> <> File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 190, in run machinepass=machinepass, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 932, in join_RODC ctx.do_join() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 870, in do_join ctx.join_add_objects() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 440, in join_add_objects ctx.samdb.add(rec) and root@sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5 INFO: Current debug levels: all: 5 tdb: 5 printdrivers: 5 lanman: 5 smb: 5 rpc_parse: 5 rpc_srv: 5 rpc_cli: 5 passdb: 5 sam: 5 auth: 5 winbind: 5 vfs: 5 idmap: 5 quota: 5 acls: 5 locking: 5 msdfs: 5 dmapi: 5 registry: 5 lpcfg_load: refreshing parameters from /etc/samba/smb.conf params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" Processing section "[netlogon]" Processing section "[sysvol]" pm_process() returned Yes GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'schannel' registered GENSEC backend 'spnego' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Finding a writeable DC for domain 'testdomain.net' added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 finddcs: searching for a DC by DNS domain testdomain.net finddcs: looking for SRV records for _ldap._tcp.testdomain.net ads_dns_lookup_srv: 3 records returned in the answer section. finddcs: DNS SRV response 0 at '192.168.12.150' finddcs: DNS SRV response 1 at '192.168.12.1' finddcs: DNS SRV response 2 at '192.168.12.150' finddcs: performing CLDAP query on 192.168.12.150 finddcs: Found matching DC 192.168.12.150 with server_type=0x000003fd Found DC testdomain-pdc.testdomain.net added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 netmask=255.255.255.0 Starting GENSEC mechanism spnego Starting GENSEC submechanism gssapi_krb5 Password for [TESTDOMAIN\administrator]: Received smb_krb5 packet of length 144 Received smb_krb5 packet of length 1343 Received smb_krb5 packet of length 98 Received smb_krb5 packet of length 1334 Received smb_krb5 packet of length 90 Received smb_krb5 packet of length 1318 gensec_gssapi: credentials were delegated GSSAPI Connection will be cryptographically sealed workgroup is TESTDOMAIN realm is testdomain.net ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element' File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 160, in _run return self.run(*args, **kwargs) File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 190, in run machinepass=machinepass, use_ntvfs=use_ntvfs) File "/usr/lib/python2.7/dist-packages/samba/join.py", line 908, in join_RODC mysid = ctx.get_mysid() File "/usr/lib/python2.7/dist-packages/samba/join.py", line 255, in get_mysid binsid = res[0]["tokenGroups"][0]
Hi, Thanks for posting this. This doesn't look like an issue with time synchronisation to me. Can you explain the rationale behind the bug report (suggesting time problems) ? We seem to have trouble finding the domain. Can you manually find the SID for the domain in LDAP? Jelmer
12.10.2012 16:51, Jelmer Vernooij пишет: Hi! My PDC works on Win2k3, and it's no any troubles with resolving SIDs in names objects. These errors disappear, if I'm synchronize time on this server with clock on PDC.