Server will nicht in die Domain

A

Arris

Ich versuche gerade erfolglos einen Debian 6.0.3 in eine Win2k3 Domain zu heben.
Hier mein Umfeld:

ii libcrypt-smbhash-perl 0.12-3 generate LM/NT hash of a password for samba
ii samba 2:3.5.6~dfsg-3squeeze6 SMB/CIFS file, print, and login server for Unix
ii samba-common 2:3.5.6~dfsg-3squeeze6 common files used by both the Samba server and client
ii samba-common-bin 2:3.5.6~dfsg-3squeeze6 common files used by both the Samba server and client
ii samba-doc 2:3.5.6~dfsg-3squeeze6 Samba documentation
ii krb5-config 2.2 Configuration files for Kerberos Version 5
ii krb5-user 1.8.3+dfsg-4squeeze5 Basic programs to authenticate using MIT Kerberos
ii libgssapi-krb5-2 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - krb5 GSS-API Mechanism
ii libkrb5-3 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries
ii libkrb5support0 1.8.3+dfsg-4squeeze5 MIT Kerberos runtime libraries - Support library
ii libwbclient0 2:3.5.6~dfsg-3squeeze6 Samba winbind client library
ii winbind 2:3.5.6~dfsg-3squeeze6 Samba nameservice integration server

Debian 6.0.3 squeeze

smb.conf:
[global]

workgroup = DOMAIN
realm = DOMAIN.DE
server string = %L
security = ADS
allow trusted domains = No
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
ntlm auth = No
client NTLMv2 auth = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
name resolve order = wins bcast
printcap name = cups
os level = 0
lm announce = No
lm interval = 0
local master = No
domain master = No
browse list = No
enhanced browsing = No
dns proxy = No
ldap ssl = no
socket address =
panic action = /usr/share/samba/panic-action %d
host msdfs = No
idmap backend = rid:DOMAIN=1000-100000000
idmap uid = 1000-100000000
idmap gid = 1000-100000000
winbind use default domain = Yes
admin users = root, @DOMAIN\DC-Administratoren

krb5.conf:

[libdefaults]
default_realm = DOMAIN.DE
krb4_get_tickets = false

[realms]

DOMAIN.DE = {
kdc = dc.domain.de
#kdc = domain.de
default_domain = domain.de
admin_server = dc.domain.de
}

[domain_realm]

.domain.de = DOMAIN.DE
domain.de = DOMAIN.DE

[logging]

default = FILE:/var/log/samba/krb5.log
kdc = FILE:/var/log/samba/kdc.log

nsswitch.conf

passwd: files winbind
group: files winbind
shadow: compat
hosts: files dns
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis

ausgabe von net ads join -d 9 -U username:

[2012/02/10 21:05:01, 5] lib/debug.c:405(debug_dump_status)
INFO: Current debug levels:
all: True/9
tdb: False/0
printdrivers: False/0
lanman: False/0
smb: False/0
rpc_parse: False/0
rpc_srv: False/0
rpc_cli: False/0
passdb: False/0
sam: False/0
auth: False/0
winbind: False/0
vfs: False/0
idmap: False/0
quota: False/0
acls: False/0
locking: False/0
msdfs: False/0
dmapi: False/0
registry: False/0
[2012/02/10 21:05:01, 3] param/loadparm.c:9158(lp_load_ex)
lp_load_ex: refreshing parameters
[2012/02/10 21:05:01, 3] param/loadparm.c:4929(init_globals)
Initialising global parameters
[2012/02/10 21:05:01, 2] param/loadparm.c:4788(max_open_files)
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
[2012/02/10 21:05:01.700074, 3] ../lib/util/params.c:550(pm_process)
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
[2012/02/10 21:05:01.702052, 3] param/loadparm.c:7842(do_section)
Processing section "[global]"
doing parameter workgroup = domain
doing parameter realm = domain.de
doing parameter server string = %L
doing parameter security = ADS
doing parameter allow trusted domains = No
doing parameter passwd program = /usr/bin/passwd %u
doing parameter passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n .
doing parameter ntlm auth = No
doing parameter client NTLMv2 auth = Yes
doing parameter syslog = 0
doing parameter log file = /var/log/samba/log.%m
doing parameter max log size = 1000
doing parameter name resolve order = wins bcast
doing parameter printcap name = cups
doing parameter os level = 0
doing parameter lm announce = No
doing parameter lm interval = 0
doing parameter local master = No
doing parameter domain master = No
doing parameter browse list = No
doing parameter enhanced browsing = No
doing parameter dns proxy = No
doing parameter ldap ssl = no
doing parameter socket address =
doing parameter panic action = /usr/share/samba/panic-action %d
doing parameter host msdfs = No
doing parameter idmap backend = rid:domain=1000-100000000
doing parameter idmap uid = 1000-100000000
doing parameter idmap gid = 1000-100000000
doing parameter winbind use default domain = Yes
doing parameter admin users = root, @domain\Domain-Administratoren
[2012/02/10 21:05:01.717140, 4] param/loadparm.c:9193(lp_load_ex)
pm_process() returned Yes
[2012/02/10 21:05:01.717691, 7] param/loadparm.c:9399(lp_servicenumber)
lp_servicenumber: couldn't find homes
[2012/02/10 21:05:01.719653, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2LE
[2012/02/10 21:05:01.720186, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2LE
[2012/02/10 21:05:01.721919, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16LE
[2012/02/10 21:05:01.722475, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16LE
[2012/02/10 21:05:01.724269, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS-2BE
[2012/02/10 21:05:01.725966, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS-2BE
[2012/02/10 21:05:01.727345, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-16BE
[2012/02/10 21:05:01.728277, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-16BE
[2012/02/10 21:05:01.729974, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF8
[2012/02/10 21:05:01.730546, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF8
[2012/02/10 21:05:01.731067, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UTF-8
[2012/02/10 21:05:01.731604, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UTF-8
[2012/02/10 21:05:01.732123, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset ASCII
[2012/02/10 21:05:01.732650, 5] lib/iconv.c:112(smb_register_charset)
Registered charset ASCII
[2012/02/10 21:05:01.733440, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset 646
[2012/02/10 21:05:01.733966, 5] lib/iconv.c:112(smb_register_charset)
Registered charset 646
[2012/02/10 21:05:01.734499, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset ISO-8859-1
[2012/02/10 21:05:01.735026, 5] lib/iconv.c:112(smb_register_charset)
Registered charset ISO-8859-1
[2012/02/10 21:05:01.736884, 5] lib/iconv.c:104(smb_register_charset)
Attempting to register new charset UCS2-HEX
[2012/02/10 21:05:01.738246, 5] lib/iconv.c:112(smb_register_charset)
Registered charset UCS2-HEX
[2012/02/10 21:05:01.739204, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.740091, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.740687, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.741218, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.743185, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.743947, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.745593, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.746969, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.747888, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.749373, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.750203, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.750802, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.751379, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.751934, 5] lib/charcnv.c:98(charset_name)
Substituting charset 'UTF-8' for LOCALE
[2012/02/10 21:05:01.752562, 5] lib/util.c:276(init_names)
Netbios name list:-
my_netbios_names[0]="Servername"
[2012/02/10 21:05:01.753513, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=xxxxxxxxxxxxxeth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
[2012/02/10 21:05:01.754187, 2] lib/interface.c:340(add_interface)
added interface eth0 ip=1.1.44.148 bcast=1.1.44.255 netmask=255.255.255.0
[2012/02/10 21:05:05.600581, 1] libnet/libnet_join.c:1947(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
in: struct libnet_JoinCtx
dc_name : NULL
machine_name : 'Servername'
domain_name : *
domain_name : 'domain.de'
account_ou : NULL
admin_account : 'username'
admin_password : *
machine_password : NULL
join_flags : 0x00000023 (35)
0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS
0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME
0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT
0: WKSSVC_JOIN_FLAGS_DEFER_SPN
0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED
0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE
1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED
0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE
0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE
1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE
1: WKSSVC_JOIN_FLAGS_JOIN_TYPE
os_version : NULL
os_name : NULL
create_upn : 0x00 (0)
upn : NULL
modify_config : 0x00 (0)
ads : NULL
debug : 0x01 (1)
use_kerberos : 0x00 (0)
secure_channel_type : SEC_CHAN_WKSTA (2)
[2012/02/10 21:05:05.616299, 5] lib/gencache.c:65(gencache_init)
Opening cache file at /var/run/samba/gencache.tdb
[2012/02/10 21:05:05.616961, 5] lib/gencache.c:108(gencache_init)
Opening cache file at /var/run/samba/gencache_notrans.tdb
[2012/02/10 21:05:05.617704, 5] libads/dns.c:810(sitename_fetch)
sitename_fetch: Returning sitename for domain.de: "Domain"
[2012/02/10 21:05:05.619067, 4] libads/dns.c:432(ads_dns_lookup_srv)
ads_dns_lookup_srv: 2 records returned in the answer section.
[2012/02/10 21:05:05.707304, 3] libsmb/cliconnect.c:2209(cli_start_connection)
Connecting to host=DC03.domain.de
[2012/02/10 21:05:05.709756, 5] libads/dns.c:810(sitename_fetch)
sitename_fetch: Returning sitename for domain.de: "Domain"
[2012/02/10 21:05:05.710758, 5] libsmb/namecache.c:188(namecache_fetch)
no entry for DC03.domain.de#20 found.
[2012/02/10 21:05:05.711321, 3] libsmb/namequery.c:983(resolve_wins)
resolve_wins: Attempting wins lookup for name DC03.domain.de<0x20>
[2012/02/10 21:05:05.713086, 3] libsmb/namequery.c:987(resolve_wins)
resolve_wins: WINS server resolution selected and no WINS servers listed.
[2012/02/10 21:05:05.713693, 3] libsmb/namequery.c:910(name_resolve_bcast)
name_resolve_bcast: Attempting broadcast lookup for name DC03.domain.de<0x20>
[2012/02/10 21:05:05.714359, 5] lib/util_sock.c:304(print_socket_options)
Socket options:
SO_KEEPALIVE = 0
SO_REUSEADDR = 1
SO_BROADCAST = 1
Could not test socket option TCP_NODELAY.
Could not test socket option TCP_KEEPCNT.
Could not test socket option TCP_KEEPIDLE.
Could not test socket option TCP_KEEPINTVL.
IPTOS_LOWDELAY = 0
IPTOS_THROUGHPUT = 0
SO_SNDBUF = 112640
SO_RCVBUF = 112640
SO_SNDLOWAT = 1
SO_RCVLOWAT = 1
SO_SNDTIMEO = 0
SO_RCVTIMEO = 0
Could not test socket option TCP_QUICKACK.
[2012/02/10 21:05:05.721303, 5] libsmb/nmblib.c:824(send_udp)
Sending a packet of len 50 to (1.1.44.255) on port 137
[2012/02/10 21:05:05.992492, 5] libsmb/nmblib.c:824(send_udp)
Sending a packet of len 50 to (1.1.44.255) on port 137
[2012/02/10 21:05:06.263689, 5] libsmb/nmblib.c:824(send_udp)
Sending a packet of len 50 to (1.1.44.255) on port 137
[2012/02/10 21:05:06.534831, 1] libsmb/cliconnect.c:2216(cli_start_connection)
cli_start_connection: failed to connect to DC03.domain.<20> (0.0.0.0). Error NT_STATUS_BAD_NETWORK_NAME
[2012/02/10 21:05:06.535774, 1] libnet/libnet_join.c:1978(libnet_Join)
libnet_Join:
libnet_JoinCtx: struct libnet_JoinCtx
out: struct libnet_JoinCtx
account_name : NULL
netbios_domain_name : NULL
dns_domain_name : NULL
forest_name : NULL
dn : NULL
domain_sid : NULL
domain_sid : (NULL SID)
modified_config : 0x00 (0)
error_string : 'failed to lookup DC info for domain 'domain.de' over rpc: The network name cannot be found'
domain_is_ad : 0x00 (0)
result : WERR_NO_SUCH_SHARE
[2012/02/10 21:05:06.542404, 2] utils/net.c:916(main)
return code = -1

Auffälig scheint mir diese Zeile:
cli_start_connection: failed to connect to DC03.domain.<20> (0.0.0.0). Error NT_STATUS_BAD_NETWORK_NAME
Unsere reale Domain hat mehrere sub's, also sub.sub.sub.domain.de, als Ausgabe kommt:
cli_start_connection: failed to connect to DC03.sub.<20> (0.0.0.0). Error NT_STATUS_BAD_NETWORK_NAME
Der Rest wird abgeschnitten...
dns läuft, hosts sind vorwärts und rückwärts abfragbar, kinit gibt brav ein ticket zurück.
Auftauchende Ungereimtheiten mit den servernamen gehen auf das anonymisieren zurück...
Da es vor kurzem mit den gleichen confs auf debian 6.0.1 oder 6.0.2 noch funktionierte, hab ich auch nen bug im verdacht der sich evtl. in das letzte größere debian-update eingeschlichen hat. Ich hab aber leider keine Maschine mit altem Releasestand um das zu testen. Evtl. bin ich momentan auch einfach zu blind um den Fehler zu erkennen.

besten Dank
Arris
 
Zuletzt bearbeitet von einem Moderator:

Ähnliche Themen

Samba Server funktioniert nach Installation von Nextcloud 26 nicht mehr

Zugriff Ubuntu 16.04. auf Freigabe 18.04. LTS nicht möglich

Problem mit Win-Zugriff auf SAMBA

X startet nichtmehr

Samba 4.1.3 auf falschen Netzwerkinterface

Zurück
Oben