[Pkg-samba-maint] Bug#688004: Was that the problem?

dronozavr sysadmin at gorod0k.ru
Fri Oct 12 09:08:49 UTC 2012


10.10.2012 16:17, Jelmer Vernooij пишет:
> Have you verified that out of sync times was actually the problem in
> this case? if you run with a higher debug level (-d5) what is the
> output you get?
>
> Jelmer

Hi, with debug level 5, I have this errors:

root at sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
Finding a writeable DC for domain 'testdomain.net'
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain testdomain.net
finddcs: looking for SRV records for _ldap._tcp.testdomain.net
ads_dns_lookup_srv: 3 records returned in the answer section.
finddcs: DNS SRV response 0 at '192.168.12.1'
finddcs: DNS SRV response 1 at '192.168.12.150'
finddcs: DNS SRV response 2 at '192.168.12.150'
finddcs: performing CLDAP query on 192.168.12.1
finddcs: Found matching DC 192.168.12.1 with server_type=0x000003fc
Found DC sdc01.testdomain.net
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [TESTDOMAIN\administrator]:
Received smb_krb5 packet of length 283
Received smb_krb5 packet of length 90
Received smb_krb5 packet of length 283
Failed to get kerberos credentials: kinit for 
administrator at TESTDOMAIN.NET failed (Looping detected inside 
krb5_get_in_tkt)

Aquiring initiator credentials failed: kinit for 
administrator at TESTDOMAIN.NET failed (Looping detected inside 
krb5_get_in_tkt)

SPNEGO(gssapi_krb5) creating NEG_TOKEN_INIT failed: NT_STATUS_UNSUCCESSFUL
Starting GENSEC submechanism ntlmssp
Got challenge flags:
Got NTLMSSP neg_flags=0x60898235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_TARGET_INFO
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP: Set final flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
NTLMSSP Sign/Seal - Initialising with flags:
Got NTLMSSP neg_flags=0x60088235
NTLMSSP_NEGOTIATE_UNICODE
NTLMSSP_REQUEST_TARGET
NTLMSSP_NEGOTIATE_SIGN
NTLMSSP_NEGOTIATE_SEAL
NTLMSSP_NEGOTIATE_NTLM
NTLMSSP_NEGOTIATE_ALWAYS_SIGN
NTLMSSP_NEGOTIATE_NTLM2
NTLMSSP_NEGOTIATE_128
NTLMSSP_NEGOTIATE_KEY_EXCH
workgroup is TESTDOMAIN
realm is testdomain.net
checking sAMAccountName
Adding CN=SDC,OU=Domain Controllers,DC=testdomain,DC=net
Join failed - cleaning up
checking sAMAccountName
ERROR(ldb): uncaught exception - LDAP error 53 LDAP_UNWILLING_TO_PERFORM 
- <Failed to find primary group with RID 521!> <>
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 
160, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
190, in run
machinepass=machinepass, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 932, in 
join_RODC
ctx.do_join()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 870, in do_join
ctx.join_add_objects()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 440, in 
join_add_objects
ctx.samdb.add(rec)


and



root at sdc:~# samba-tool domain join testdomain.net RODC -U administrator -d5
INFO: Current debug levels:
all: 5
tdb: 5
printdrivers: 5
lanman: 5
smb: 5
rpc_parse: 5
rpc_srv: 5
rpc_cli: 5
passdb: 5
sam: 5
auth: 5
winbind: 5
vfs: 5
idmap: 5
quota: 5
acls: 5
locking: 5
msdfs: 5
dmapi: 5
registry: 5
lpcfg_load: refreshing parameters from /etc/samba/smb.conf
params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"
Processing section "[global]"
Processing section "[netlogon]"
Processing section "[sysvol]"
pm_process() returned Yes
GENSEC backend 'gssapi_spnego' registered
GENSEC backend 'gssapi_krb5' registered
GENSEC backend 'gssapi_krb5_sasl' registered
GENSEC backend 'schannel' registered
GENSEC backend 'spnego' registered
GENSEC backend 'ntlmssp' registered
GENSEC backend 'krb5' registered
GENSEC backend 'fake_gssapi_krb5' registered
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
Finding a writeable DC for domain 'testdomain.net'
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
finddcs: searching for a DC by DNS domain testdomain.net
finddcs: looking for SRV records for _ldap._tcp.testdomain.net
ads_dns_lookup_srv: 3 records returned in the answer section.
finddcs: DNS SRV response 0 at '192.168.12.150'
finddcs: DNS SRV response 1 at '192.168.12.1'
finddcs: DNS SRV response 2 at '192.168.12.150'
finddcs: performing CLDAP query on 192.168.12.150
finddcs: Found matching DC 192.168.12.150 with server_type=0x000003fd
Found DC testdomain-pdc.testdomain.net
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
added interface eth0 ip=fe80::5054:ff:fe71:ff6e%eth0 
bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff::
added interface eth0 ip=192.168.12.145 bcast=192.168.12.255 
netmask=255.255.255.0
Starting GENSEC mechanism spnego
Starting GENSEC submechanism gssapi_krb5
Password for [TESTDOMAIN\administrator]:
Received smb_krb5 packet of length 144
Received smb_krb5 packet of length 1343
Received smb_krb5 packet of length 98
Received smb_krb5 packet of length 1334
Received smb_krb5 packet of length 90
Received smb_krb5 packet of length 1318
gensec_gssapi: credentials were delegated
GSSAPI Connection will be cryptographically sealed
workgroup is TESTDOMAIN
realm is testdomain.net
ERROR(<type 'exceptions.KeyError'>): uncaught exception - 'No such element'
File "/usr/lib/python2.7/dist-packages/samba/netcmd/__init__.py", line 
160, in _run
return self.run(*args, **kwargs)
File "/usr/lib/python2.7/dist-packages/samba/netcmd/domain.py", line 
190, in run
machinepass=machinepass, use_ntvfs=use_ntvfs)
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 908, in 
join_RODC
mysid = ctx.get_mysid()
File "/usr/lib/python2.7/dist-packages/samba/join.py", line 255, in 
get_mysid
binsid = res[0]["tokenGroups"][0]



More information about the Pkg-samba-maint mailing list