Hi Robert; Its OK i have resolved the time problem between linux and Windows servers. But I have strange behavior when I join the AD server with ADS protocol : a Segmentation fault : # net ads join -S CINVW067 -U administrateur%XXX -d3 [2011/11/18 16:38:45, 3] param/loadparm.c:9180(lp_load_ex) lp_load_ex: refreshing parameters [2011/11/18 16:38:45, 3] param/loadparm.c:4948(init_globals) Initialising global parameters [2011/11/18 16:38:45, 2] param/loadparm.c:4807(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2011/11/18 16:38:45.611969, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2011/11/18 16:38:45.612040, 3] param/loadparm.c:7864(do_section) Processing section "[global]" [2011/11/18 16:38:45.613778, 2] lib/interface.c:340(add_interface) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2011/11/18 16:38:45.613832, 2] lib/interface.c:340(add_interface) added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2011/11/18 16:38:45.613891, 2] lib/interface.c:340(add_interface) added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0 [2011/11/18 16:38:45.614224, 1] libnet/libnet_join.c:1924(libnet_Join) libnet_Join: libnet_JoinCtx: struct libnet_JoinCtx in: struct libnet_JoinCtx dc_name : 'CINVW067' machine_name : 'CILVS049' domain_name : * domain_name : 'P9BIS.NEOPLUS.LAPOSTE.POC' account_ou : NULL admin_account : 'administrateur' admin_password : * machine_password : NULL join_flags : 0x00000023 (35) 0: WKSSVC_JOIN_FLAGS_IGNORE_UNSUPPORTED_FLAGS 0: WKSSVC_JOIN_FLAGS_JOIN_WITH_NEW_NAME 0: WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT 0: WKSSVC_JOIN_FLAGS_DEFER_SPN 0: WKSSVC_JOIN_FLAGS_MACHINE_PWD_PASSED 0: WKSSVC_JOIN_FLAGS_JOIN_UNSECURE 1: WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED 0: WKSSVC_JOIN_FLAGS_WIN9X_UPGRADE 0: WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE 1: WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE 1: WKSSVC_JOIN_FLAGS_JOIN_TYPE os_version : NULL os_name : NULL create_upn : 0x00 (0) upn : NULL modify_config : 0x00 (0) ads : NULL debug : 0x01 (1) use_kerberos : 0x00 (0) secure_channel_type : SEC_CHAN_WKSTA (2) [2011/11/18 16:38:45.614849, 3] libsmb/cliconnect.c:2212(cli_start_connection) Connecting to host=CINVW067 [2011/11/18 16:38:45.615392, 3] lib/util_sock.c:979(open_socket_out_send) Connecting to 187.0.17.104 at port 445 [2011/11/18 16:38:45.619155, 3] lib/util_sock.c:979(open_socket_out_send) Connecting to 187.0.17.104 at port 139 [2011/11/18 16:38:45.620528, 3] libsmb/cliconnect.c:991(cli_session_setup_spnego) Doing spnego session setup (blob length=136) [2011/11/18 16:38:45.620675, 3] libsmb/cliconnect.c:1020(cli_session_setup_spnego) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 [2011/11/18 16:38:45.620725, 3] libsmb/cliconnect.c:1030(cli_session_setup_spnego) got principal=not_defined_in_RFC4178@please_ignore [2011/11/18 16:38:45.621464, 3] libsmb/ntlmssp.c:1101(ntlmssp_client_challenge) Got challenge flags: [2011/11/18 16:38:45.621508, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x62898215 [2011/11/18 16:38:45.621526, 3] libsmb/ntlmssp.c:1123(ntlmssp_client_challenge) NTLMSSP: Set final flags: [2011/11/18 16:38:45.621537, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2011/11/18 16:38:45.621668, 3] libsmb/ntlmssp_sign.c:343(ntlmssp_sign_init) NTLMSSP Sign/Seal - Initialising with flags: [2011/11/18 16:38:45.621709, 3] libsmb/ntlmssp.c:65(debug_ntlmssp_flags) Got NTLMSSP neg_flags=0x60088215 [2011/11/18 16:38:45.704425, 3] libads/ldap.c:634(ads_connect) Successfully contacted LDAP server 187.0.17.104 [2011/11/18 16:38:45.706539, 3] libads/ldap.c:688(ads_connect) Connected to LDAP server CINVW067.p9bis.neoplus.laposte.poc [2011/11/18 16:38:45.708416, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.30 [2011/11/18 16:38:45.708459, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.48018.1.2.2 [2011/11/18 16:38:45.708475, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2 [2011/11/18 16:38:45.708488, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.2.840.113554.1.2.2.3 [2011/11/18 16:38:45.708501, 3] libads/sasl.c:784(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got OID=1.3.6.1.4.1.311.2.2.10 [2011/11/18 16:38:45.708514, 3] libads/sasl.c:793(ads_sasl_spnego_bind) ads_sasl_spnego_bind: got server principal name = not_defined_in_RFC4178@please_ignore [2011/11/18 16:38:45.709568, 3] libsmb/clikrb5.c:777(ads_krb5_mk_req) ads_krb5_mk_req: krb5_cc_get_principal failed (No credentials cache found) [2011/11/18 16:38:45.741849, 3] libsmb/clikrb5.c:622(ads_cleanup_expired_creds) ads_cleanup_expired_creds: Ticket in ccache[MEMORY:net_ads] expiration Fri, 18 Nov 2011 23:18:45 CET [2011/11/18 16:38:45.741987, 3] libsmb/clikrb5.c:830(ads_krb5_mk_req) ads_krb5_mk_req: server marked as OK to delegate to, building forwardable TGT [2011/11/18 16:38:45.748606, 3] libads/ldap.c:2910(ads_domain_func_level) ads_domain_func_level: 4 [2011/11/18 16:38:45.748700, 3] libads/kerberos.c:445(kerberos_secrets_store_des_salt) kerberos_secrets_store_des_salt: Storing salt "host/cilvs049.p9bis.neoplus.laposte.poc@xxxxxxxxxxxxxxxxxxxxxxxxx" [2011/11/18 16:38:45.751892, 3] libads/kerberos_keytab.c:64(smb_krb5_kt_add_entry_ext) smb_krb5_kt_add_entry_ext: Will try to delete old keytab entries Segmentation fault With RPC protocol it works but I have the error : "NT_STATUS_ACCESS_DENIED" ? # net rpc join -S CINVW067 -U administrateur%XXX -d3 [2011/11/18 16:36:08, 3] param/loadparm.c:9180(lp_load_ex) lp_load_ex: refreshing parameters [2011/11/18 16:36:08, 3] param/loadparm.c:4948(init_globals) Initialising global parameters [2011/11/18 16:36:08, 2] param/loadparm.c:4807(max_open_files) rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) [2011/11/18 16:36:08.913273, 3] ../lib/util/params.c:550(pm_process) params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" [2011/11/18 16:36:08.913340, 3] param/loadparm.c:7864(do_section) Processing section "[global]" [2011/11/18 16:36:08.915286, 2] lib/interface.c:340(add_interface) added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 [2011/11/18 16:36:08.915361, 2] lib/interface.c:340(add_interface) added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: [2011/11/18 16:36:08.915421, 2] lib/interface.c:340(add_interface) added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0 lp_load_ex: refreshing parameters params.c:pm_process() - Processing configuration file "/etc/samba/smb.conf" Processing section "[global]" added interface lo ip=127.0.0.1 bcast=127.255.255.255 netmask=255.0.0.0 added interface eth0 ip=fe80::250:56ff:fea4:39b6%eth0 bcast=fe80::ffff:ffff:ffff:ffff%eth0 netmask=ffff:ffff:ffff:ffff:: added interface eth0 ip=187.0.22.177 bcast=187.0.23.255 netmask=255.255.248.0 Connecting to host=CINVW067 Connecting to 187.0.17.104 at port 445 rpccli_netlogon_set_trust_password: unable to setup creds (NT_STATUS_ACCESS_DENIED)! rpc command function failed! (NT_STATUS_ACCESS_DENIED) Connecting to host=CINVW067 Connecting to 187.0.17.104 at port 445 Doing spnego session setup (blob length=136) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 Connecting to host=CINVW067 Connecting to 187.0.17.104 at port 445 Doing spnego session setup (blob length=136) got OID=1.3.6.1.4.1.311.2.2.30 got OID=1.2.840.48018.1.2.2 got OID=1.2.840.113554.1.2.2 got OID=1.2.840.113554.1.2.2.3 got OID=1.3.6.1.4.1.311.2.2.10 got principal=not_defined_in_RFC4178@please_ignore Got challenge flags: Got NTLMSSP neg_flags=0x62898215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60088215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60088215 Joined domain P9BIS. return code = 0 I don't know its OK or not ? Regards --- En date de : Ven 18.11.11, djamel boussebha <dboussebha@xxxxxxxx> a écrit : De: djamel boussebha <dboussebha@xxxxxxxx> Objet: Re: Re : Problem with Winbind À: samba@xxxxxxxxxxxxxxx, "Robert Freeman-Day" <presgas@xxxxxxxxx> Date: Vendredi 18 novembre 2011, 11h20 Hi; I have modify my /etc/hosts in adding a entry and "ads" works fine but when I try to join AD, I have the following error message : # net ads join -S 221.221.17.104 -U administrateur Enter administrateur's password: [2011/11/18 11:06:09.010144, 0] libads/sasl.c:823(ads_sasl_spnego_bind) kinit succeeded but ads_sasl_spnego_krb5_bind failed: Server not found in Kerberos database Failed to join domain: failed to connect to AD: Server not found in Kerberos database May be I use a old Kerberos version ? Any idea ? Regards; --- En date de : Ven 18.11.11, djamel boussebha <dboussebha@xxxxxxxx> a écrit : De: djamel boussebha <dboussebha@xxxxxxxx> Objet: Re: Re : Problem with Winbind À: samba@xxxxxxxxxxxxxxx, "Robert Freeman-Day" <presgas@xxxxxxxxx> Date: Vendredi 18 novembre 2011, 10h02 Hi Robert; Exactly my Suse Linux server it sync with a time server (221.128.17.234) : # /etc/init.d/ntp restart Shutting down network time protocol daemon (NTPD) done Try to get initial date and time via NTP from 221.128.17.234 done Starting network time protocol daemon (NTPD) When I execute the date/time are correct : # date Fri Nov 18 09:59:07 CET 2011 My Windows 2008 R2 server its also sync with the same time server (221.128.17.234) : #w32tm /query /configuration .... EventLogFlags: 1 (Locale) LargeSampleSkew: 3 (Locale) SpecialPollInterval: 3600 (Locale) Type: NTP (Locale) NtpServer: "221.128.17.234" (Locale) The time showing with "net" is the time on the windows server ? # net ads info - U administrateur ..> Server time: Thu, 01 Jan 1970 01:00:00 CET How resolve this time problem ? Regards --- En date de : Jeu 17.11.11, Robert Freeman-Day <presgas@xxxxxxxxx> a écrit : De: Robert Freeman-Day <presgas@xxxxxxxxx> Objet: Re: Re : Problem with Winbind À: samba@xxxxxxxxxxxxxxx Date: Jeudi 17 novembre 2011, 17h46 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/17/2011 06:09 AM, djamel boussebha wrote: > Hi; > > I would like to set the file /etc/krb5.keytab for apache : > > # net ads keytab add HTTP -U compte_admin_dom1 > Processing principals to add... > Enter administrateur's password: > # ktutil > ktutil: l > slot KVNO Principal > ---- ---- --------------------------------------------------------------------- > ktutil: > > The file is empty ? > May be that this problem is linked to the command "net ads" ? because when I try to join the AD : > # net ads join -U administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Enter administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx's password: > Failed to join domain: failed to find DC for domain P9BIS.NEOPLUS.LAPOSTE.POC > > But with "rpc" it works : > > # net rpc join -U administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Enter administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx's password: > Joined domain P9BIS. > > When I execute : # net ads info - U administrateur > Failed to get server's current time! > LDAP server: 187.0.17.104 > LDAP server name: CINVW067.p9bis.neoplus.laposte.poc > Realm: P9BIS.NEOPLUS.LAPOSTE.POC > Bind Path: dc=P9BIS,dc=NEOPLUS,dc=LAPOSTE,dc=POC > LDAP port: 389 > Server time: Thu, 01 Jan 1970 01:00:00 CET > KDC server: 187.0.17.104 > > And # net rpc info -U administrateur > Enter administrateur's password: > Domain Name: P9BIS > Domain SID: S-1-5-21-254703050-2859693384-3493432365 > Sequence number: 1 > Num users: 50 > Num domain groups: 0 > Num local groups: 12 > > The 2 commands # wbinfo -u and wbinfo -g no returns any values for users/groups ? > The kinit works fine : > # kinit administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Password for administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx: > # klist > Ticket cache: FILE:/tmp/krb5cc_0 > Default principal: administrateur@xxxxxxxxxxxxxxxxxxxxxxxxx > Valid starting Expires Service principal > 11/17/11 12:05:00 11/17/11 22:05:03 krbtgt/P9BIS.NEOPLUS.LAPOSTE.POC@xxxxxxxxxxxxxxxxxxxxxxxxx > renew until 11/18/11 12:05:00 > > Kerberos 4 ticket cache: /tmp/tkt0 > klist: You have no tickets cached > > Impossible to join the AD serveur with "ads" : > # net ads testjoin > Join to domain is not valid: Operations error > # net rpc testjoin > Join to 'P9BIS' is OK > > How make work correctly the "ads" and how get the list of users of the AD domain ? > > Any help would be very appreciated. > > Regards > > > > > > > > > > > --- En date de : Mer 16.11.11, djamel boussebha <dboussebha@xxxxxxxx> a écrit : > > > De: djamel boussebha <dboussebha@xxxxxxxx> > Objet: Problem with Winbind > À: "samba@xxxxxxxxxxxxxxx" <samba@xxxxxxxxxxxxxxx>, "foedisch@xxxxxxxxxx" <foedisch@xxxxxxxxxx>, "AndrewPhilipoff" <aphilipoff@xxxxxxxxxxxxxxxxx> > Date: Mercredi 16 novembre 2011, 17h24 > > > > > > > > Hi; > > wbinfo can not get the user names and group names of my AD domain (Windows 2008 SP2) > The result for "wbinfo -t" is ok : > "checking the trust secret for domain P9BIS via RPC calls succeeded" > But when i try to get wbinfo -n "USER1" or wbinfo -r "USER1" it shows this error message: "Could not lookup name USER1" > I use Samba version : 3.5.12. > > Any help would be very appreciated... thanks to anyone! > I noticed the server time has the year 1970. The ads methods use kerberos and that is time sensitive. Get the accurate date/time and things should start working for you. Perhaps have it sync with a time server. Robert - -- ________ Robert Freeman-Day https://launchpad.net/~presgas GPG Public Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0xBA9DF9ED3E4C7D36 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7FOnEACgkQup357T5MfTZ5IgCg0kqoEoWaDT2ayt2XjKW5RJs0 +LEAnAgyCHQw5JtlXHxrX6EuZ2VHaBbC =tSUp -----END PGP SIGNATURE----- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba