Discussion:
[Samba] net ads info can't find the ldap server.
(too old to reply)
Latrell Wang 王獻綱
2007-01-22 10:30:14 UTC
Permalink
Hi all:



After I upgraded to samba 3.0.23d, I can’t use net ads info to retrieve DC information.



In my previous version (3.0.21c), I can use net ads info and get the information:

LDAP server: 172.23.26.204

LDAP server name: nas-2003

Realm: NAS.LOCAL

Bind Path: dc=NAS,dc=LOCAL

LDAP port: 389

Server time: Mon, 22 Jan 2007 09:51:02 GMT

KDC server: 172.23.26.204

Server time offset: -60



After upgrade to 3.0.23d:

Didn't find the ldap server!



The detailed information is as follows:

It seem there’s some problem with protocol negotiation. My openldap version is 2.1.22. I also tried 2.3.32, but also fail.

Could someone help me out?



Thanks,

Latrell.





[2007/01/22 18:00:24, 3] param/loadparm.c:lp_load(4945)

lp_load: refreshing parameters

[2007/01/22 18:00:24, 3] param/loadparm.c:init_globals(1410)

Initialising global parameters

[2007/01/22 18:00:24, 3] param/params.c:pm_process(572)

params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf"

[2007/01/22 18:00:24, 3] param/loadparm.c:do_section(3687)

Processing section "[global]"

[2007/01/22 18:00:24, 3] lib/module.c:do_smb_load_module(49)

Error loading module '/usr/lib/charset/ANSI_X3.4-1968.so': /usr/lib/charset/ANSI_X3.4-1968.so: cannot open shared object file: No such file or directory

[2007/01/22 18:00:24, 2] lib/interface.c:add_interface(81)

added interface ip=172.23.26.152 bcast=172.23.26.255 nmask=255.255.255.0

[2007/01/22 18:00:24, 3] libsmb/namequery.c:get_dc_list(1426)

get_dc_list: preferred server list: "172.23.26.204, NAS.LOCAL *"

[2007/01/22 18:00:24, 1] libads/cldap.c:recv_cldap_netlogon(240)

Failed to parse cldap reply

[2007/01/22 18:00:24, 3] libads/ldap.c:ads_try_connect(136)

ads_try_connect: CLDAP request 172.23.26.204 failed.

Didn't find the ldap server!

[2007/01/22 18:00:24, 2] utils/net.c:main(988)

return code = -1



[smb.conf]

[global]

dos charset = UTF8

display charset = UTF8

unix charset = UTF8

server string = %h

netbios name = NSAF933

write ok = yes

guest account = smbguest

map to guest = bad user

encrypt passwords = yes

map archive = no

client use spnego = no

auth methods = guest sam_ignoredomain winbind:ntdomain

host msdfs = yes

winbind use default domain = yes



workgroup = NAS

security = ads

password server = NAS.LOCAL *

idmap uid = 100000-500000

idmap gid = 100000-500000

winbind cache time = 15

template homedir = /tmp/users/home/%D/%U

template shell = /bin/bash
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Gerald (Jerry) Carter
2007-01-22 14:10:15 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Latrell Wang 王獻綱
Failed to parse cldap reply
Can you send me a raw sniff from Wireshark? And a level 10
debug log from 'net ads info'?





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+
dsmGJx76nEC30nf7qX64tko=
=BHrj
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Latrell Wang 王獻綱
2007-01-24 01:30:13 UTC
Permalink
Hi Jerry:
I've sent you yesterday, but it seems something wrong. I send it again.

Thanks,
Latrell.

-----Original Message-----
From: samba-bounces+zorg=***@lists.samba.org [mailto:samba-bounces+zorg=***@lists.samba.org] On Behalf Of Gerald (Jerry) Carter
Sent: Monday, January 22, 2007 10:08 PM
To: Latrell Wang €ýÄmºõ
Cc: ***@lists.samba.org
Subject: Re: [Samba] net ads info can't find the ldap server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Latrell Wang 王獻綱
Failed to parse cldap reply
Can you send me a raw sniff from Wireshark? And a level 10
debug log from 'net ads info'?





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+
dsmGJx76nEC30nf7qX64tko=
=BHrj
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Latrell Wang 王獻綱
2007-01-26 08:30:14 UTC
Permalink
I looked into the source code, and have some observations:
1.
I don't wrote the realm in my smb.conf, because I get the realm form net ads info.
Once I set realm in the smb.conf, net ads info worked.
Does it mean the realm is needed in smb.conf?
In libads\Ldap.c, the ads_try connect() do not have the realm value (ads->server.realm). Is there anything wrong in my environment?
Or the realm must be in smb.conf?

2. When I try to join domain, using net ads join -Uadministrator%password, I got the following message:

Using short domain name -- NAS
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Disabled account for 'NSAF933' in realm 'NAS.LOCAL'

I found the problem is in util\net_ads.c. The function net_set_machine_spn() do
Line:1001 status = ads_gen_mod(ads_s, new_dn, mods). It returns 20 and let the ADS_ERROR_OK() check fail. Mark the line join domain will be successfully.

Please give me some advise.

Thanks,
Latrell


-----Original Message-----
From: Latrell Wang 王獻綱
Sent: Wednesday, January 24, 2007 9:26 AM
To: 'Gerald (Jerry) Carter'
Cc: ***@lists.samba.org
Subject: RE: [Samba] net ads info can't find the ldap server.

Hi Jerry:
I've sent you yesterday, but it seems something wrong. I send it again.

Thanks,
Latrell.

-----Original Message-----
From: samba-bounces+zorg=***@lists.samba.org [mailto:samba-bounces+zorg=***@lists.samba.org] On Behalf Of Gerald (Jerry) Carter
Sent: Monday, January 22, 2007 10:08 PM
To: Latrell Wang 王獻綱
Cc: ***@lists.samba.org
Subject: Re: [Samba] net ads info can't find the ldap server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Latrell Wang 王獻綱
Failed to parse cldap reply
Can you send me a raw sniff from Wireshark? And a level 10
debug log from 'net ads info'?





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFtMUtIR7qMdg1EfYRAuqlAKCrMRHnPTF0lkJWzFqV7ASApjMyNgCeP4A+
dsmGJx76nEC30nf7qX64tko=
=BHrj
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Gerald (Jerry) Carter
2007-01-27 03:00:11 UTC
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Post by Latrell Wang 王獻綱
1.
I don't wrote the realm in my smb.conf, because I get
the realm form net ads info.
Once I set realm in the smb.conf, net ads info worked
For any 'net ads' command you have to set the realm.
This has always been a requirement.
Post by Latrell Wang 王獻綱
2. When I try to join domain, using net ads join
Using short domain name -- NAS
Failed to set servicePrincipalNames. Please ensure that
the DNS domain of this server matches the AD domain,
Or rejoin with using Domain Admin credentials.
Disabled account for 'NSAF933' in realm 'NAS.LOCAL'
Make sure the fqdn of the Samba server is set correctly.





cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFukrxIR7qMdg1EfYRAul2AJ9FEG2nwts4vpgn8ots3768tVzLWQCgtHeB
FUduAvGAd0b7hjXAJLNe0AE=
=YQBY
-----END PGP SIGNATURE-----
--
To unsubscribe from this list go to the following URL and read the
instructions: https://lists.samba.org/mailman/listinfo/samba
Continue reading on narkive:
Loading...